ICBC(Asia)-About Us > Online Security
ICBC Ltd. | Contact Us | Sitemap
>> English | 繁體 | 简体
Home
Profile
Press Releases
Award & Ratings
Community
Career Opportunities
Contact Us
Personal / Securities
Business
Private Banking
 

 

About Security

Security

How well is my information being protected with your Internet Banking Service?

  
The system is equipped with network security features. It includes SSL (Secure Sockets Layer) with end-to-end encryption and Firewalls protection. Your input is encrypted by the end-to-end encryption within your browser before it is sent to our bank through the SSL channel to prevent unauthorized parties to read it.
  
Our Bank employs Public Key Infrastructure (PKI) technology to ensure security of Internet transactions and your personal data. The advanced technology utilizes the Hong Kong Post/Digi-Sign Certification Services Limited digital certificate (i.e. e-Cert), which includes a public key and private key to authenticate unique user. Or Bank currently accepts both digital certificates issued by Hong Kong Post (for personal and company customers) and Digi-Sign Certification Services Limited (for company customer only). The e-Cert provides you with a unique identification and secure authentication. For your protection, you should use e-Cert with non-duplicable private key stored in a secure media for conducting transactions of Internet Banking.
  
Other than e-Cert, you can also use the SMS password as the two-factor authentication authorization for performing transactions via Internet Banking Services. (SMS password authentication is not applicable for Joint Account and Company customers).
  
Identification of User ID and password with enforced change of password upon the first login.
  
Automatic logoff after 15 minutes of inactivity of your Internet Banking Services.
  
Service is suspended if 4 consecutive invalid password is entered.
 
For your maximum protection, we would like to remind you to take the following precautionary measures to prevent the fraudulent use of the password or unauthorized disclosure.

  
Install up-to-date virus protection software and personal firewalls to ensure you have adequate protection to your personal computers.

  
Do not install software or open email attachments from unknown sources.

  
Do not access the Bank's website through hyperlinks embedded in e-mails.

  
Verify the validity of digital certificate of Internet Banking server.

  
Change your initial password when you first access Internet Banking Service.

  
Change your password periodically.

  
Keep your password confidential at all times. Do not disclose your password to any other person, including Bank's employee.

  
Do not write down or record the password in any form recognizable as password. If you must write it down, make sure your password record is kept in a secure place, which is separated from your personal computers and bank account related materials.

  

 Do not send the password via e-mail.

  
Do not use your identity card number, telephone number, birthday or recognizable part of the name as your password.

  
Do not use the same user name and password for your Internet bank accounts and for access to other services (for example, for connection to the internet or accessing other web sites).

  
Use combination of numbers and alphabets, upper and lower case for your password if possible.

  

 Log out the Internet Banking Service and clear the browser cache after your have completed your banking activities. You should not leave a session unattended at any time.

  
Ensure the personal computer is not left unattended whilst the service are in use.

  
Ensure proper physical access controls for your personal computer and Internet connections. Do not access the Internet Banking service from public personal computers (e.g. cyber cafes).

  
When you use the SMS for authorization of unregistered funds transfer, you are reminded to review the accuracy of the transaction details shown on the SMS message you received prior to entering the one-time-password.

  
You should provide a valid mobile phone and contact numbers for notification purpose and notify the Bank timely if any of these numbers are changed.

  
Review regularly and follow security tips published by the Hong Kong Association of Banks, the Consumer Council, the Hong Kong Police Force, the Hong Kong Monetary Authority, the Securities and Futures Commission or the Information Technology Services Department.

If you suspect there are unauthorized transactions in your account, immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.

 
 
More on Security -- Your Roles and Responsibilities
 
Q1. How should I take care of my password?
A: You should note the following points in taking care of your password:
 

  

 Do not disclose your password or account number to anyone.
 

  

 Do not allow anybody else to use your password.
 

  

 Do not write down or record the password without disguise.
 

  
Do not use your Hong Kong Identity Card number, telephone number or date of birth etc. as your password.
 

  
Use a password that is difficult to guess.
 

  

 Change your password regularly, the length of password can be from 8 to 12 alphanumeric characters.
 
Q2.
May I save my User ID and password so that I do not need to enter them every time I login?
A: To provide you with better protection, this service is not allowed.
 
Q3. Can I exit by closing the browser window?
A:
We suggest that you logout properly. It is because the service is still available if it is not logged off properly.
 
Q4.
Do we need encryption?
A:
Encryption refers to the scrambling of data to prevent unauthorized parties reading the original text message. Authorized parties can however unscramble (decrypt) the message and restore it into the original text message. The encryption and decryption functions are based on complex mathematical theories.
 
Q5. Why do we need end-to-end encryption in addition to SSL?
A:
SSL treats transaction data and password in the same way while end-to-end encryption can handle the password in different way so that your password can enjoy the highest protection. End-to-end encryption enables the encryption of information at its origin and decryption at its intended destination without any intermediate decryption.
 
Q6. How can I know that my browser is SSL-enable?
A:
If there is a "closed" lock at the bottom of your browser, it is SSL-enable.
 
Q7. How to enable SSL in my browser?
A:
Steps for Netscape Communicator 4.73 users. To enable SSL:
 
  1. Select "Communicator" from the Menu bar.
  2. Select "Tools".
  3. Select "Security Information"
  4. Select "Navigator"
  5. Go to "Advanced Security (SSL) Configuration" section. Click "Enable SSL (Secure Sockets Layer) v2" and "Enable SSL (Secure Sockets Layer) v3" check box.
  6. Click "OK"
 
  Steps for Microsoft Internet Explorer 5.0 users. To enable SSL:
 
  1. Select "Tools" from the Menu bar
  2. Select "Internet Options"
  3. Click on the "Advanced" tab
  4. Choose "Security" and enable SSL 2.0 and SSL 3.0.
  5. Click "OK"
 
Q8.
How can I make sure that the web pages of the Internet Banking I am currently browsing really come from your Bank?
A:
When you reach the login page that requires you to enter ICBC (Asia) Internet Banking Account Number, User ID where applicable and Password, for security purpose, you can click the small icons of a lock or a key at the bottom of your browser. A certificate windows will be displayed telling you the owner of the web page you are currently browsing, you can then verify if the current page on the current web page belongs to ICBC (Asia).
 
Q9. What should I be aware while using the Internet Banking Service?
A:
In order to protect your interest in enjoying our service, you are highly recommended not to use the "Back"/"Reload" button, minimize, maximize or resize the browser. If you do that, our security module might disconnect the session.
 
Q10. How do I secure my personal computer if I have static internet connection?
A:

You are recommended to install the most up-to-date anti-virus software and update the software with virus signature regularly. For maximum protection, we also advise you to install personal firewall software to protect your personal computers against intrusion via the Internet. You are recommended to discuss with reputable information security professionals and software vendors to select the best suit security protection software.
 
 
For your general reference purpose only, you may like to consider the following anti-virus and personal firewall software:
 

  

 Symantec Corporation
 

  

 McAfee
 

  

 Trend Micro Inc.
 

  

 F-Secure Corp.
 

  

 LockDown by Harbor Telco Security Corp.
 

  

 Zone Alarm by Zone Labs., Inc
 

  

 BlackIce PC Protection by Internet Security Systems, Inc
 
 
It is noted that different security software products might have different strength and weaknesses in different protection scenarios. You are always reminded to alert to different security vulnerabilities and exposures and patch the software promptly.
 
Q11. What should I do if I suspect there are unauthorized transactions in my account?
A:
Immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.
   
 
December 2009
Terms & Conditions | Privacy Statement & Disclaimer | Services Charges
Copyright(c) Industrial and Commercial Bank of China (Asia) Limited. All rights reserved.

This site is best viewed at 800x600 screen resolution with
Internet Explorer 5.5 SP2 or above