Yes. Online security is a joint effort. Customers have an equally important responsibility to ensure that the use of our NET Banking services is proper and secure. As an end user, you are advised to adopt and get familiar with the recommended guidelines in "Internet Security" published in our website for your own protection.

Tips on maximizing your online security, such as user name and password maintenance, logon and logoff procedures, system configuration, etc, are published in our site.

You may visit our "Internet Security" section for more details.

Please visit our "How We Maximize Our Online Security" section for more details.

While you are connecting or have connected to NET Banking, you have to ensurethat the "lock" icon at the bottom of browser is always in secure mode.

You may also visit the "Internet Security" Section for sample screens and more details.

You can verify the e-certificate of the website you have entered by opening the e-Certificate on the NET Banking logon page to check the information on the e-Certificate.

You may also visit the "Internet Security" Section for sample screens and more details.

You should:

• Suspend your NET Banking services immediately via the following channels:
  You can
  • Use the "NET Banking Service Suspension" under the "General Services" section in our NET Banking; or
  • Call our 24-hour Emergency Hotline (852) 3711 7900; or
  • Contact any of our branches in person.
• Prepare the following information relating to the abnormal activities or suspected frauds.
  • Printouts of account information from NET Banking; or
  • Emails; or
  • Screen captures (such as images) relating to the activities or suspected frauds.
• Submit the information to us by:
  • Calling our 24-hour Emergency Hotline (852) 3711 7900; or
  • Contact any of our branches in person.

No. Our bank staff will never ask you for your password for whatever reasons. Therefore, you should NOT disclose your password to third party at all times.

No. Online security precautions are continuous practices.  You have to internalize those recommendations into your daily lives. In addition, you should visit our "Internet Security" Section periodically to obtain our latest information in this area.

As part of our on-going commitment to enhance online security, CMB Wing Lung Bank is delighted to present you with two-factor authentication technology - Security Token, aiming at providing a higher level protection for our customers.

The Security Token offers a higher level of protection from a large variety of online threats, including phishing, keylogging/Trojans, shoulder surfing and screen capturing.

Security Token is selected by our Bank because it best meets our customers' need for flexibility and portability. It also meets the Hong Kong Monetary Authority's requirements for Two-Factor Authentication, while providing the following benefits to our customers:

• Security Token generates one-time password (OTP) independently. Customers do not need to rely on another party's service standard to access internet Banking.
• The generation of OTP is not restricted by capacity issues, signal availability or the geographical location of our customers.
• The Security Token is small, light and users-friendly. It can be used on any internet-enabled PC. It does not require downloads, set-ups, system adjustments, etc.

You have to logon to NET Banking and activate your Security Token.

Each one-time password (OTP) will be valid for a short time interval. When the time permited for the entry of the OTP expires, your attempt to complete your logon or transaction will be rejected. An error message will appear. In that case, you simply press your Security Token to generate another OTP and enter the new OTP. 

If the error message stil appears, please call our Customer Services Hotline (852) 230 95555 for assistance. 

If your Security Token is lost, not functioning or battery is running low, you may change to use Mobile Token which is more convenient and safe. Otherwise, you will need to visit any of our branches to request for a replacement.

Customer has to return the Security Token to any one of our branch upon termination of NET Banking Service, or otherwise, the Bank has the right to collect a handling fee from the customer.

If you suspect any unauthorized use of your NET Banking account or any abnormal transactions in the account, you should contact our Head Office or any one of our branches or call our 24-hour Emergency Hotline (852) 3711 7900 at once to request for suspension of NET Banking Service. Precautionary guidelines are published on Internet Security Section to let you know more about the NET Banking security measures that you should take.

A computer virus is an executable program which may damage computer hardware or disrupt computer normal operation.

A malicious program can hide in your computer and contol it after detecting the password. "Trojans Horse" is a typical type of malicious program.

A spyware is a software which secretly sends information in your computer and your surfing history to unauthorised parties. It can detect your email addresses, visited web sites, credit card numbers and even your passwords.

To avoid loss caused by virus, malicious program and spyware, you should:

• Install anti-virus software as well as personal firewall to protect your computer.
• Always turn on the anti-virus software's real-time protection whenever possible.
• Scan your computer periodically at least once every 30 days (including all local disks and all files).
• Scan portable disks before using them for copying files to or from your computer.
• Clear the infected files once they are discovered.
• Remember to update your anti-virus software regularly.
• Not download files or install programs from unknown sources.
• Not use a computer infected by virus until the virus is completely cleared.
• Keep yourself updated on the latest information of virus and take necessary precaution.

Emails from unknown senders may contain virus or malicious programs that can damage your system files, personal document and other software.  You are advised not to open any emails from unknown senders but to delete them immediately.

No. Attachments are not 100% virus-free. You should scan the attachment before opening it.

For Internet Explorer,

• Locate your mouse over the "lock" icon () at the right-hand bottom of browser;
• Verify if the pop-up tip is, "SSL secured (128-bit)".

Steps to disable the "auto complete" function in Internet Explorer :

1. Open Internet Explorer
2. Choose Tools -> Internet Options
3. Select Content -> Auto-complete
4. Disable user names and passwords on forms

Cache is normally used to store web page locally in your computer. Although our system is set to prevent the saving of your personal and account information in cache, the setting may be affected by the type of browsers used and their configuration.

To protect against unauthorized access to your personal and account information by opening last visited page via the cache, you should clear the cache after logoff.

You may also visit the "Internet Security" Section for sample screens and more details.

For Internet Explorer,

1. Open Internet Options
2. Select Advanced tab
3. Enable the checkbox "Use SSL3.0".

An ActiveX control is a type of program that can take complete control of your computer.  Downloading an ActiveX control from a web site without ensuring its details and source may destroy data in your computer system.

You may also visit the "Internet Security" Section for the steps to disable ActiveX Control in Internet Explorer.

We are currently supporting the following browsers:

• Internet Explorer 6.0  or above
• FireFox 3.0 or above

Cookie is a small amount of textual data sent from a web server to a browser for recording some useful information, such as the time you last visit.

In our NET Banking and website, we make use of the Cookies to count the number of access for online valuation as well as to record your personal information.

However, none of your personal data will be sent to your computer to prevent disclosure of your personal information.

You may visit Hong Kong Computer Emergency Team (HKCERT)