An executive of e-banking operations of ICBC said that, in response to the recent frauds by criminals through its precious metal accrual business, the Bank had discovered key clues and reported them to the police authorities, and would fully cooperate with the police in investigating into the case to bring the criminals to justice as soon as possible.

According to this executive, no outward payment is effected for precious metal accrual products purchased from the Bank and the assets still stay in customers’ accounts. If it is verified that the accounts are hacked by criminals, and that subscriptions and redemptions of precious metal accrual products are not carried out in person, the Bank will refund in full the fee and price differences incurred and firmly safeguard the rights and interests of customers. In the case that the customer ignores the warning in the verification code message sent by the Bank, tells the code and other key information to the criminals on the phone and results in the theft of funds in his (or her) account. The Bank is now in contact with the customer in order to properly resolve the issue.

The bank executive further points out that according to the feedback from the police and the Bank’s analysis of relevant clues, criminals obtain the customer’s password and other key information by illegal means, and ICBC’s business system is stable and safe. The common approaches used by criminals include: sending messages containing virus links to customers' mobile phones so that Trojan horse viruses will get implanted and information leaked after customers click such messages; stealing customers’ account names and passwords through phishing sites; illegally obtaining customers’ registration information and mobile numbers from other websites, and using them for login attempts at customers’ e-banking accounts as some customers have the habit of using the same username and password for e-banking accounts and accounts on other sites.

At present, criminal activities of all sorts targeting online payments are rampant, and have formed a dark industry chain of a certain scale. As banks irreversibly encrypt customers’ passwords and other key information for storage, criminals cannot steal such information simply by hacking. But some non-banking websites and mobile APPs of relatively low security levels store login usernames and passwords in plaintext at the back office, which runs high risk hazards. Some criminals hack into these websites, illegally obtain users’ information and turn it into commercialized databases for sales. Other criminals use such databases to attempt logins to the websites of various financial institutions, and commit frauds if the passwords they steal work.

Some customers point out that purchases of investment products like precious metal accrual via ICBC's e-banking require no USB-shield verification; the executive explains that such a design is not a security loophole, but is intended to ensure more convenient services when outbound transfers of customers' funds are not involved. Given the high incidence of telecom frauds and financial frauds at the moment, the Bank decides to conduct verification of this type of transactions on a provisional basis, which can completely block these types of frauds, but also affect the convenience of verification operations by customers to a certain degree. So customers' understanding will be greatly appreciated. ICBC is now developing and launching new security measures, to prevent frauds and enhance the convenience of business operations.

This bank executive further states that given the various tricks against bank customers, the Bank will continue to strengthen security safeguards to ensure the safety of customers' funds; and stresses that the fraud about the precious metal accrual business is an individual case and there are no problems about the Banks' system security. He also adds that the Bank will promote knowledge intensively about preventing financial and telecom frauds to customers via various service channels, and call for stepped-up publicity in society to jointly raise the anti-fraud awareness of the general public.

Finally, he repeatedly reminds customers to set special e-banking passwords which are different from other purposes (such as membership passwords and email passwords), and refrain from using obviously personal information (such as name, birthday, common phone number and ID card number) as passwords. Customers are also recommended to properly keep the SMS verification codes sent by the Bank, check the content of SMS and ensure it relates to the ongoing transaction before entering the verification codes in the transaction page. Staff of the Bank will not request these codes on any ground; so customers shall not provide the codes received to anyone else.