Security Tips for e-Services

Security Tips for e-Services
Security Tips for e-Services

    Online security of our e-Services has always been CMB Wing Lung Bank (“the Bank”)’s prime concern. A safe and secure system does not only ensure confidentiality of customers' information but more importantly, prevent unauthorized operation of customers' bank account. Apart from the security measures implemented by the Bank, you are also responsible to play an equally important role in safeguarding your personal account information. As such, important guidelines are summarized in this section for your reference. You are highly recommended to incorporate these guidelines into your habit when handling your personal account information.

    If you suspect any unauthorized use or abnormal transactions related to your e-Services account, you should contact the Bank by calling our Customer Services Hotline at (852) 230 95555 or CMB Wing Lung Credit Card Centre 24-hour Hotline at (852) 3711 7900 to request for suspension of related e-Services.

    (1)Important Security Information
    • Do not disclose your logon ID or/and password to anyone (CMB Wing Lung Bank staff and the Police would not ask your password for identity verification purposes).

    • Do not disclose your personal information (e.g., HKID/passport number, address, bank account/credit card number) to other person or at any suspicious websites.

    • Do not provide anyone with the One-Time Password (OTP) which would be sent to your mobile phone registered with the Bank (CMB Wing Lung Bank staff would not ask your OTP for identity verification purposes).

    • Do not leave your security device to be kept under the control of other person. Please safeguard your security device carefully.

    • Do not save your logon ID and password at website browser, computer and mobile device.

    • Do not log into NET Banking Services of the Bank and CMB Wing Lung Bank Wintech mobile application through any public computer or via public WiFi network.

    • Please check and verify your transaction notification delivered by the Bank via SMS and other communication mean timely. Please contact our Customer Services Hotline at (852) 230 95555 immediately should you encounter any suspicious transaction.

    • CMB Wing Lung Bank staff would not ask you for any sensitive personal information (e.g., Logon ID or/ and password of NET Banking Services, One-Time Password, Verification Code, etc.,) through phone calls or emails.

    (2)Using ATM/ATM Card and Protecting Your PIN
    • Before using an ATM, check if the keypad cover is abnormal (e.g.: the keypad cover has been removed or installed with camera lens), and if there are any suspicious devices near the card slot and keypad. If you find anything suspicious, please notify the related bank immediately.

    • Cover the keypad with your hand when entering your PIN at ATM or Point-of-Sale devices and make sure your PIN and account information are not visible to third parties.

    • Retrieve your banknotes and ATM Card when you have completed your withdrawal transaction. Count the number of banknotes and keep the Customer Advice as record.

    • Do not take away any banknotes at the cash dispenser or ATM Card at the card insertion slot left behind by others. Let those banknotes or the ATM Card to be returned to the ATM automatically.

    • Keep your ATM card safe and set PIN which is different from other services and difficult to be guessed. Avoid writing down the PIN on the ATM Card or anything being kept with the ATM Card.

    • Change your PIN frequently (e.g., Change your password every 90 days). Promptly report to Customer Services Hotline of the Bank at (852) 230 95555 if you are suspicious of any loss, stolen or believe there is an unauthorized access to your account by third parties with your ATM Card and/or PIN of the ATM Card.

    (3)Use of e-Services, including NET Banking Services and CMB Wing Lung Bank Wintech mobile application
    • Do not log into bank account with e-Services of the Bank via website or application of third parties and hyperlink or QR code embedded in email or SMS.

    • Open a browser and type the website address of CMB Wing Lung Bank (www.cmbwinglungbank.com) by yourself in order to log into bank account with e-Services of CMB Wing Lung Bank. You can also bookmark the website address in the browser for future use; or follow the Bank’s official announcement for login.

    • To ensure secure transactions, download CMB Wing Lung Bank Wintech mobile application from official application stores (e.g.: Apple App Store/Google Play) or CMB Wing Lung Bank website.

    • Customers are reminded to stay vigilant to anything abnormal when logging into bank account with e-Services of the Bank (e.g., unusual pop-up screens, multiple requests for password and verification code input, unusually slow browser response). In case of doubt, you should terminate the operation immediately.

    • Please check the last logon and logoff details when you log into bank account with e-Services of the Bank. You can also check your account balances and transaction records regularly. In case of doubt, please contact our Customer Services Hotline at (852) 230 95555.

    • After using NET Banking Services of the Bank or CMB Wing Lung Bank Wintech mobile application, please remember to press the“Logoff” / “Logout” button to leave. When the system displays the logoff/ logout confirmation, close the browser or exit the mobile application. Please do not leave the related system by other means.

    (4)Encryption Function & e-Certificate

    CMB Wing Lung Bank has implemented the latest encryption security measure with the adoption of EV TLS Certificate (Extended Verification TLS Certificate). When using Microsoft Internet Explorer 7.0 or above to log into bank account with e-Services of CMB Wing Lung Bank, URL address bar will turn into green color and the name of the certificate owner will be displayed as CMB Wing Lung Bank Limited. This indicates the identity of the site is successfully verified. By pressing the URL address bar or secured lock icon, you can verify the Internet security certificate information including validity and information below while the display format varies for different browsers.

    NET Banking Services
    Issued to: www.cmbwinglungbank.com
    Issued by: DigiCert SHA2 Extended Validation Server CA

    NET Securities Services
    Issued to: www.cmbwinglungsec.com
    Issued by: DigiCert SHA2 Extended Validation Server CA

    (5)Two-Factor Authentication

    To enhance online security, e-Services of CMB Wing Lung Bank provide Two-Factor Authentication Services for customers. When logging into bank account with e-Services of CMB Wing Lung Bank, you can choose to use the Security Token. After entering your logon ID and password, press the button on the Security Token, then enter the 6-digit OTP generated to complete the logon procedures. For certain transactions, customers are required to enter OTP or “Transaction Signing Verification Code” for transaction confirmation. With the Two-Factor Authentication, your financial information is securely protected.

    For steps on using the Security Token, please click here.

    (6) Other Preventive Measures
    • Operating System Configuration / Software Installation

      • Turn off remote access control features to prevent an unauthorized access to your computer.

      • Disable file and print option sharing features to prevent an unauthorized access to your personal information.

      • Do not use software from unknown sources and visit suspicious websites under any circumstances.

      • Do not use any jailbreak or rooted mobile device which may have security loopholes to log into bank account with e-Services of CMB Wing Lung Bank.

      • Update your anti-virus software and Windows security patches.

    • Browser Setting

      • Use the latest internet browser.

      • Do not use a browser in beta version.

      • Ensure other browser windows are closed before logging into bank account with e-Services of the Bank. In addition, when using e-Services, do not surf other suspicious browsers and websites at the same time.

      • Use the browser that supports TLS or above.

      • Do not save or keep your password in any browser while disabling the "Auto-Complete" feature to prevent an unauthorized access to your personal information by third parties.

    • Virus / Malicious Programs

      • Install & enable Anti-virus & Anti-spyware Software while keeping virus signatures and security patches up-to-date.

      • Please terminate all activities on a computer if it is infected by malicious code. If you continue to use an infected computer may further spread the virus or malicious code.

      • Do not use the computer / mobile device if a virus is found until the virus is completely cleared.

      • Maintain a backup plan for your programs and data regularly. Recovery from a clean backup is the most secure way to restore the files after a virus attack.

      • Regularly check the data and storage usage of each application in your device. Uninstall any software / applications immediately with unusual or suspicious data usage.

    • Others

      • Do not forward the mobile phone number registered with the Bank for receiving OTP via SMS to another mobile phone number.
      • Install and update your security software promptly.
      • Do not download or open any suspicious files, browse any suspicious websites, or click hyperlinks and attachments with unknown sources (including emails, SMS, QR codes). Please download and upgrade application from official application stores or reliable sources only.
      • Set up auto-lock for your device and enable passcode lock to prevent an unauthorized access to your bank account with e-Services of the Bank.
      • Use the latest versions of operating system, browser and mobile application. Do not jailbreak or root your mobile phone or tablet.
      • Disable any wireless network not being used (e.g. Wi-Fi, Bluetooth, NFC). Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection.
      • Please update the Bank immediately if your personal information (especially mobile phone and contact numbers) is changed through any of the following channels:

        1. Visit any of our branches for updating the personal information.
        2. Click here to download the Customer Information Amendment Form and then return the completed form in person or by mail to any of our branches for processing.
        3. Contact our Customer Services Hotline at (852) 230 95555 and press 7>8>1 after language is selected, then enter your facsimile number to request for the Customer Information Amendment Form. Please return the completed form in person or by mail to any of our branches for processing.
      • Regular review and follow security tips announced by the Bank to keep yourself updated about the latest security issues.
    (7)More Security Information

    Please visit the following website for more security issues of e-Services:

    (8)Notice on Transferring Fund to Third Party

    When customers transfer fund to third party through branches or e-Channels (including but not limited to NET Banking Services, CMBWLB Wintech mobile banking services, Phone Banking Services, ATM and ITs YOUR PERSONAL TELLER – VTM Services) of the Bank, please ensure all inputted information (including but not limited to account number, mobile number, email address and FPS Identifiers, etc) are correct before confirming the transfer.

    In addition, when customers receive transferred fund from an unknown source, please check the information and report to the Bank as soon as possible, in order to confirm whether it is necessary to arrange for refund to any third party. If customers receive transferred fund from an unknown source and the transferred fund is later confirmed to be a mis-transferred fund, the customers may be criminally liable if they refuse to refund.

    Should you have any enquiries, please contact our Customer Services Hotlines at (852) 230 95555.

    Search Results