ICBC(Asia)-About Us > Online Security
ICBC Ltd. | Contact Us | Sitemap
>> English | 繁體 | 简体
Home
Profile
Press Releases
Award & Ratings
Corporate News
Community
Career Opportunities
Contact Us
Personal / Securities
Business
Private Banking
 

1. Security

2. Internet Banking Security Tips

3. Mobile Banking Security Tips

4. ATM Security Tips
 

1. Security

How well is my information being protected with your Internet Banking Service?

  
The system is equipped with network security features. It includes SSL (Secure Sockets Layer) with end-to-end encryption and Firewalls protection. Your input is encrypted by the end-to-end encryption within your browser before it is sent to our bank through the SSL channel to prevent unauthorized parties to read it.
  
Our Bank employs Public Key Infrastructure (PKI) technology to ensure security of Internet transactions and your personal data. The advanced technology utilizes the Hong Kong Post/Digi-Sign Certification Services Limited digital certificate (i.e. e-Cert), which includes a public key and private key to authenticate unique user. Or Bank currently accepts both digital certificates issued by Hong Kong Post (for personal and company customers) and Digi-Sign Certification Services Limited (for company customer only). The e-Cert provides you with a unique identification and secure authentication. For your protection, you should use e-Cert with non-duplicable private key stored in a secure media for conducting transactions of Internet Banking.
  
Other than e-Cert, you can also use the SMS password as the two-factor authentication authorization for performing transactions via Internet Banking Services. (SMS password authentication is not applicable for Joint Account and Company customers).
  
Identification of User ID and password with enforced change of password upon the first login.
  
Automatic logoff after 15 minutes of inactivity of your Internet Banking Services.
  
Service is suspended if 4 consecutive invalid password is entered.
 
For your maximum protection, we would like to remind you to take the following precautionary measures to prevent the fraudulent use of the password or unauthorized disclosure.

  
Install up-to-date virus protection software and personal firewalls, keep the virus definition/signature up-to-date, to ensure you have adequate protection to your personal computers.

  
Do not install software or open email attachments from unknown sources.

  
Do not access the Bank's website through hyperlinks embedded in e-mails.

  
Verify the validity of digital certificate of Internet Banking server.

  
Change your initial password when you first access Internet Banking Service.

  
Change your password periodically.

  
Keep your password confidential at all times. Do not disclose your password to any other person, including Bank's employee.

  
Do not write down or record the password in any form recognizable as password.

  

 Do not send the password via e-mail.

  
Do not use your identity card number, telephone number, birthday or recognizable part of the name as your password.

  
Do not use the same user name and password for your Internet bank accounts and for access to other services (for example, for connection to the internet or accessing other web sites).

  
Use combination of numbers and alphabets, upper and lower case for your password if possible.

  

 Log out the Internet Banking Service and clear the browser cache after your have completed your banking activities. You should not leave a session unattended at any time.

  
Ensure the personal computer is not left unattended whilst the service are in use.

  
Ensure proper physical access controls for your personal computer and Internet connections. Do not access the Internet Banking service from public personal computers (e.g. cyber cafes).

  
When you use the SMS for authorization of unregistered funds transfer, you are reminded to review the accuracy of the transaction details shown on the SMS message you received prior to entering the one-time-password.

  
You should provide a valid mobile phone and contact numbers for notification purpose and notify the Bank timely if any of these numbers are changed.

  
Review regularly and follow security tips published by the Hong Kong Association of Banks, the Consumer Council, the Hong Kong Police Force, the Hong Kong Monetary Authority, the Securities and Futures Commission or the Information Technology Services Department.

If you suspect there are unauthorized transactions in your account, immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.

 
More on Security -- Your Roles and Responsibilities
 
Q1. How should I take care of my password?
A: You should note the following points in taking care of your password:
 

  

 Do not disclose your password or account number to anyone.
 

  

 Do not allow anybody else to use your password.
 

  

 Do not write down or record the password without disguise.
 

  
Do not use your Hong Kong Identity Card number, telephone number or date of birth etc. as your password.
 

  
Use a password that is difficult to guess.
 

  

 Change your password regularly, the length of password can be from 8 to 12 alphanumeric characters.
 
Q2.
May I save my User ID and password so that I do not need to enter them every time I login?
A: To provide you with better protection, this service is not allowed.
 
Q3. Can I exit by closing the browser window?
A:
We suggest that you logout properly. It is because the service is still available if it is not logged off properly.
 
Q4.
Do we need encryption?
A:
Encryption refers to the scrambling of data to prevent unauthorized parties reading the original text message. Authorized parties can however unscramble (decrypt) the message and restore it into the original text message. The encryption and decryption functions are based on complex mathematical theories.
 
Q5. Why do we need end-to-end encryption in addition to SSL?
A:
SSL treats transaction data and password in the same way while end-to-end encryption can handle the password in different way so that your password can enjoy the highest protection. End-to-end encryption enables the encryption of information at its origin and decryption at its intended destination without any intermediate decryption.
 
Q6. How can I know that my browser is SSL-enable?
A:
If there is a "closed" lock at the bottom of your browser, it is SSL-enable.
 
Q7. How to enable SSL in my browser?
A:
Generally speaking, you can enable SSL 2.0 and 3.0 in the security settings of internet browser. For example, in case of Microsoft Internet Explorer 8.0, you can follow the procedure below:
 
  1. Select "Tools" from the Menu bar
  2. Select "Internet Options"
  3. Click on the "Advanced" tab
  4. Choose "Security" and enable SSL 2.0 and SSL 3.0.
  5. Click "OK"
 
Q8.
How can I make sure that the web pages of the Internet Banking I am currently browsing really come from your Bank?
A:
When you reach the login page that requires you to enter ICBC (Asia) Internet Banking Account Number, User ID where applicable and Password, for security purpose, you can click the small icons of a lock or a key at the bottom of your browser. A certificate windows will be displayed telling you the owner of the web page you are currently browsing, you can then verify if the current web page belongs to ICBC (Asia).
 
Q9. What should I be aware while using the Internet Banking Service?
A:
In order to protect your interest in enjoying our service, you are highly recommended not to use the "Back"/"Reload" button, minimize, maximize or resize the browser. If you do that, our security module might disconnect the session.
 
Q10. How do I secure my personal computer if I have static internet connection?
A:

You are recommended to install the most up-to-date anti-virus software and update the software with virus signature regularly. For maximum protection, we also advise you to install personal firewall software to protect your personal computers against intrusion via the Internet. You are recommended to discuss with reputable information security professionals and software vendors to select the best suit security protection software.
 
 
For your general reference purpose only, you may like to consider the following anti-virus and personal firewall software:
 

  

 Symantec Corporation
 

  

 McAfee
 

  

 Trend Micro Inc.
 

  

 F-Secure Corp.
 
 
It is noted that different security software products might have different strength and weaknesses in different protection scenarios. You are always reminded to alert to different security vulnerabilities and exposures and patch the software promptly.
 
Q11. What should I do if I suspect there are unauthorized transactions in my account?
A:
Immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.
 
   

2.Internet Banking Security Tips

(1) Two-factor Authentication to Strengthen Security
The Two-factor authentication uses a combination of 2 different factors for verifying a user¡¦s identity:
Advantage of Two-factor Authentication:
Your transaction is highly protected because the fraudsters cannot steal your physically possessed tools (such as your mobile phone) over the Internet. All of the high-risk Internet Banking transactions, such as fund transfers to non-designated accounts, are protected by this additional authentication tool physically held by yourself. By just a few simple steps, you can enjoy this enhanced security level of online transactions.
Back to top

(2) How to use Two-factor Authentication?

An SMS one-time password will be generated by Internet Banking and sent to your mobile for additional identity authentication. Each SMS one-time password is used only once and will expire within a short period of time. When you conduct a high risk transaction, you will receive an SMS one-time password on your mobile. Then you can type the one-time password to confirm your transaction:
Back to top

(3) How to use Second Password?

To further enhance our online banking security, ICBC (Asia) Personal Internet banking has launched the Second Password security measure. When you perform the high-risk Internet Banking transactions, you will be required to enter your valid SMS one-time password or the e-Cert password as two-factor authentication, followed by entering the “Second Password” to complete the transaction, as below:

Back to top
(4) Security Tips
After you have finished all online transactions, you must remember to click "Logout" to exit from the Internet Banking system to avoid any information leaking. Please safeguard your mobile because it is an important tool for two-factor authentication. Do not access Internet Banking through hyperlinks embedded in e-mails. Please be aware that we will never request or ask you for account number, PIN or any personal information through e-mails. To enhance your Internet Banking account safety, the Internet Banking service will be suspended immediately if it is attempted with invalid PIN for 4 times consecutively. In this case, you can visit any of our branches for regeneration of new password.
Back to top
 

3. Mobile Banking Security Tips

To ensure your Mobile banking sessions are secure via using ICBC(Asia) ATM, please follow below security tips:

  1. Do not tell your account number and password to others in any case.
  2. Do not respond to any request for account number or password through emails, short messages or telephones.

  3. Choose password that cannot be easily guessed to avoid being guessed by others.

  4. Do not keep your password on a mobile phone. Do not write the password on a piece of paper or a card. Regularly change your password.

  5. Check "the last login time" on the welcome page against the actual login time so that you can find abnormal situations if there is any.

  6. Avoid sharing your mobile phone with others.

  7. Always log off your online session . do not just close your mobile phone browser. Follow the logoff instructions to ensure your protection.

  8. Set password for your mobile phone to prevent others from accessing to your materials.

  9. Set up password and don't leave your device unattended.

  10. Install security software and latest software update in your mobile phone.

  11. Delete sensitive SMS or message and clear the browsing history regularly.
Back to top
 

4. ATM Security Tips

To ensure your ATM banking sessions are secure via using ICBC(Asia) ATM, please follow below security tips:

  1. Beware of any suspicious device (eg, pin hole camera or magnetic card reader)attached to the ATM. That device may be a skimming device to compromise your ATM card data or PIN.
  2. Get back your ATM card once completed the transactions. Do not leave your ATM card in the slot.
  3. Do not allow anyone see your PIN and avoid anyone looking over your shoulder.
  4. Never disclose your ATM Card PIN to anyone including bank staff or police.
  5. Never lend your ATM card to anyone including bank staff or police.
  6. Change your ATM card PIN immediately upon receiving it.
  7. Do not use the same ATM card PIN for accessing more than one services.(e.g. ATM service of other bank)
  8. Memorize your ATM card PIN and do not write it down with your ATM card.
  9. Never use ATM Card PIN as same as birthday, ID number or telephone number which can be easily guessed.
  10. Change your ATM Card PIN via ICBC(Asia) ATM regularly.
  11. Report to ICBC(Asia) if your ATM card or PIN is lost or has been identified by any another person
Back to top
 
Terms & Conditions | Privacy Statement & Disclaimer | Services Charges
Copyright(c) Industrial and Commercial Bank of China (Asia) Limited. All rights reserved.

This site is best viewed at 800x600 screen resolution with
Internet Explorer 5.5 SP2 or above