Security Tips for e-Services

Security Tips for e-Services
Security Tips for e-Services

    Online security of our e-Services has always been CMB Wing Lung Bank (“the Bank”)’s prime concern. A safe and secure system does not only ensure confidentiality of customers' information but more importantly, prevent unauthorized operation of customers' bank account. Apart from the security measures implemented by the Bank, you are also responsible to play an equally important role in safeguarding your personal account information. As such, important guidelines are summarized in this section for your reference. You are highly recommended to incorporate these guidelines into your habit when handling your personal account information.

    If you suspect any unauthorized use or abnormal transactions related to your e-Services account, you should contact the Bank by calling our Customer Services Hotline at (852) 230 95555 or (86) 4008 822388 or CMB Wing Lung Credit Card Centre 24-hour Hotline at (852) 3711 7900 to request for suspension of related e-Services.

    (1) Important Security Information
    • Beware of phone scams and SMS messages pretending to be employees of the Hong Kong Secretariat, Security Bureau, Police Force, Mainland law enforcement officers, government agencies, etc. Please verify the identity of the caller.

    • Whenever receiving calls, SMS messages, emails, letters or communications through any other channels that claim to be from banks, even though your account is said to be at stake, transactions are said to have been conducted using your credit card or no matter how interested you are in the products being promoted, you should be cautious and:

      • Authenticate the identity of the caller or sender.
      • Avoid simply relying on the incoming call display to establish the true identity of the caller or directly calling the bank hotline numbers provided in the messages and following the given instructions.
      • Do not provide sensitive personal information easily, in order to safeguard your own interests.
    • Do not disclose your logon ID and/or password to anyone (CMB Wing Lung Bank staff and the Police would not ask your password for identity verification purposes), please change your password regularly.

    • Do not use easy-to-guess characters as your logon ID and password (e.g. your date of birth, phone number, email address and etc.)

    • Do not disclose your personal information (e.g. HKID/passport number, address, bank account/credit card number, date of birth and etc.) to other person or at any suspicious websites. CMB Wing Lung Bank staff would not ask any of your sensitive personal information via telephone or email.

    • Do not provide anyone with the One-Time Password (OTP) which would be sent to your mobile phone or email registered with the Bank, or password generated by the Security Token. Please safeguard your Security Token carefully.

    • Do not logon NET Banking Services of the Bank, CMB Wing Lung Bank Mobile App, U-BANK@CMBWLB Services and CMBWLB Custody App through any public computer or via public WiFi network.

    • Do not share with others or let anyone to know any access password of your device.

    • Please check and verify your transaction notification delivered by the Bank via SMS, Email and other communication mean timely. Please contact our Customer Services Hotline at (852) 230 95555 or (86) 4008 822388 immediately if you encounter any suspicious transaction.

    • Do not apply your login ID and/or password of NET Banking Services, CMB Wing Lung Bank Mobile App,U-BANK@CMBWLB Services, U-BANK@CMBWLB APP, CMBWLB Custody App and Host-to-Host Service on other financial or non-financial web-based services such as email, online shopping, digital identity and other online application services.

    (2) Using ATM/ATM Card and Protecting Your PIN
    • Before using an ATM, check if the keypad cover is abnormal (e.g. the keypad cover has been removed or installed with camera lens), and if there are any suspicious devices near the card slot and keypad. If you find anything suspicious, please notify the related bank immediately.

    • Cover the keypad with your hand when entering your PIN at ATM or Point-of-Sale devices and make sure your PIN and account information are not visible to third parties.

    • Retrieve your banknotes and ATM Card when you have completed your withdrawal transaction. Count the number of banknotes and keep the Customer Advice as record.

    • Do not take away any banknotes at the cash dispenser or ATM Card at the card insertion slot left behind by others. Let those banknotes or the ATM Card to be returned to the ATM automatically.

    • Keep your ATM card safe and set PIN which is different from other services and difficult to be guessed. Avoid writing down the PIN on the ATM Card or anything being kept with the ATM Card.

    • Change your PIN frequently (e.g. Change your password every 90 days). Promptly report to Customer Services Hotline of the Bank at (852) 230 95555 or (86) 4008 822388 if you are suspicious of any loss, stolen or believe there is an unauthorized access to your account by third parties with your ATM Card and/or PIN of the ATM Card.

    • Please activate and set your overseas ATM transaction function of ATM cards and/or credit cards in advance for cash withdrawal at overseas ATMs with effective dates.

    (3) Use of e-Services, including NET Banking Services,CMB Wing Lung Bank Mobile App, U-BANK@CMBWLB Services, U-BANK@CMBWLB APP, CMBWLB Custody App and Host-to-Host Service
    • Do not logon your bank account with e-Services of the Bank via website or application of third parties and hyperlink or QR code embedded in email or SMS.

    • If you receive SMS or email messages with embedded hyperlinks requesting you to input internet banking login credentials, these messages should not originate from banks. You should think twice before clicking any hyperlinks purportedly sent by banks. If you find the hyperlinks (or attachments) in the SMS or email messages suspicious, do not click the hyperlinks (or open the attachments). You should always access Internet banking by entering the bank’s website address directly, or using a bookmark or an Internet banking mobile application (app). When logging into online banking, make sure that no one else is looking over your shoulder to avoid disclosing your username and password.

    • Open a browser and type the website address of CMB Wing Lung Bank (www.cmbwinglungbank.com) by yourself in order to logon your bank account with e-Services of CMB Wing Lung Bank. You can also bookmark the website address in the browser for future use.

    • To ensure secure transactions, download CMB Wing Lung Bank Mobile App, U-BANK@CMBWLB APP or CMBWLB Custody App from official application stores (e.g. App Store/Google Play*) or CMB Wing Lung Bank website.

    • After using NET Banking Services of the Bank, CMB Wing Lung Bank Mobile App, U-BANK@CMBWLB Services, U-BANK@CMBWLB APP or CMBWLB Custody App, please remember to press the "Logoff” / “Logout” button to leave. When the system displays the logoff/ logout confirmation, close the browser or exit the mobile application. Please do not leave the related system by other means.

    • Please check the last logon and logoff details when you login your bank account with e-Services of the Bank. You can also check your account balances and transaction records regularly. In case of doubt, please contact our Customer Services Hotline at (852) 230 95555 or (86) 4008 822388.

    • Customers are reminded to stay vigilant to anything abnormal when logging into bank account with e-Services of the Bank (e.g. unusual pop-up screens, multiple requests for password and verification code input, unusually slow browser response). In case of doubt, you should terminate the operation immediately.

    • Please be aware of our SMS and email notification and check your banking transactions regularly for any unauthorized transactions and irregularities.

    • If you act fraudulently or with gross negligence such as failing to properly safeguard your devices, account information and etc., you will be responsible for any direct loss suffered by you as a result of unauthorized transactions conducted through your account.

    (4) Encryption Function & e-Certificate

    CMB Wing Lung Bank has implemented the latest encryption security measure with the adoption of EV TLS Certificate (Extended Verification TLS Certificate). When using web browser to logon your bank account with e-Services of CMB Wing Lung Bank, URL address bar will turn into green color and the name of the certificate owner will be displayed as CMB Wing Lung Bank Limited. This indicates the identity of the site is successfully verified. By pressing the URL address bar or secured lock icon, you can verify the Internet security certificate information including validity and information below while the display format varies for different browsers.

    NET Banking Services
    Issued to: www.cmbwinglungbank.com
    Issued by: DigiCert SHA2 Extended Validation Server CA

    NET Securities Services
    Issued to: www.cmbwinglungsec.com
    Issued by: DigiCert SHA2 Extended Validation Server CA

    (5) Two-Factor Authentication

    To enhance online security, e-Services of CMB Wing Lung Bank provide Two-Factor Authentication Services for customers. When you logon your bank account with e-Services of CMB Wing Lung Bank, you can choose to use the Security Token. After entering your logon ID and password, press the button on the Security Token, then enter the 6-digit OTP generated to complete the logon procedures. For certain transactions, customers are required to enter OTP or “Transaction Signing Verification Code” for transaction confirmation. With the Two-Factor Authentication, your financial information is securely protected.

    For steps on using the Security Token, please click here.

    (6) Other Preventive Measures
    • Operating System Configuration / Software Installation

      • Turn off remote access control features to prevent an unauthorized access to your computer.

      • Check mobile device anytime in the background mode and stop unnecessary applications for operation.

      • Do not use software from unknown sources and visit suspicious websites under any circumstances.

      • Do not use any jailbreak or rooted mobile device which may have security loopholes to login your bank account with e-Services of CMB Wing Lung Bank.

      • Update your anti-virus software frequently and security patches.

    • Browser Settings

      • Use the latest internet browser.

      • Do not use a browser in beta version.

      • Ensure other browser windows are closed when logging into your bank account with e-Services of CMB Wing Lung Bank to prevent any unauthorized access to your bank account, your personal and/or account information by third parties.

      • Check if the connection of browser is secure (TLS) under the “security lock” mode.

      • Do not save or keep your password in any browser while disabling the "Auto-Complete" feature to prevent any unauthorized access to your personal information by third parties.

    • Virus / Malicious Programs

      • Install & enable Anti-virus & Anti-spyware Software while keeping virus signatures and security patches up-to-date.

      • Install and update the security software timely, and use the latest virus scan and scan engine.

      • Regularly check the data and storage usage of each application in your device. Uninstall any software / applications immediately with unusual or suspicious data usage.

      • Regularly update your personal firewall, anti-virus and/or anti-spyware software programs.

      • Do not install software or run programs from unknown source.

    • Others

      • Do not forward the mobile phone number registered with the Bank for receiving OTP via SMS to another mobile phone number.
      • Install and update your security software promptly.
      • Do not download or open any suspicious files, browse any suspicious websites, or click hyperlinks and attachments with unknown sources (including emails, SMS, QR codes). Please download and upgrade application from official application stores or reliable sources only.
      • Use the latest versions of operating system, browser and mobile application. Do not jailbreak or root your mobile phone or tablet.
      • Disable any wireless network not being used (e.g. Wi-Fi, Bluetooth, NFC). Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection.
      • Set up auto-lock and passcode lock to prevent unauthorized access to your mobile device.
      • Internet banking login credentials, including usernames, login passwords and one-time passwords (OTPs), are as important in the digital world as the keys to their houses are in the physical one, and should be properly safeguarded.
      • Please update the Bank immediately if your personal information (especially mobile phone and contact numbers) is changed through any of the following channels:

        1. Visit any of our branches for updating the personal information.
        2. Click here to download the Customer Information Amendment Form and then return the completed form in person or by mail to any of our branches for processing.
        3. Contact our Customer Services Hotline at (852) 230 95555 and press 7>8>1 after language is selected, then enter your facsimile number to request for the Customer Information Amendment Form. Please return the completed form in person or by mail to any of our branches for processing.
      • Regular review and follow security tips announced by the Bank to keep yourself updated about the latest security issues.
    (7) More Security Information

    Please visit the following website for more security issues of e-Services:

    (8) Notice on Transferring Fund to Third Party

    When customers transfer fund to third party through branches or e-Channels (including but not limited to NET Banking Services, CMB Wing Lung Bank Mobile App, U-BANK@CMBWLB Services, U-BANK@CMBWLB APP, CMBWLB Custody App and Host-to-Host Service, Phone Banking Services, ATM and ITs YOUR PERSONAL TELLER – VTM Services) of the Bank, please ensure all inputted information (including but not limited to account number, mobile number, email address and FPS Identifiers, etc) are correct before confirming the transfer.

    In addition, when customers receive transferred fund from an unknown source, please check the information and report to the Bank as soon as possible, in order to confirm whether it is necessary to arrange for refund to any third party. If customers receive transferred fund from an unknown source and the transferred fund is later confirmed to be a mis-transferred fund, the customers may be criminally liable if they refuse to refund.

    Should you have any enquiries, please contact our Customer Services Hotlines at (852) 230 95555 or (86) 4008 822388.

    *Apple is a trademark of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.. Android and Google Play are trademarks of Google Inc.

    Search Results