SECURITY TIPS

• You are required to select a unique User ID and PIN once you login to Internet Banking Service / Mobile Banking Service for the first time. You must enter the correct User ID and PIN every time you login to Internet Banking Service / Mobile Banking Service.
• The Internet Banking user name and password, apply to Mobile Banking.
• Internet Banking Service / Mobile Banking Service will be automatically terminated if there is no activity for 10 minutes in order to protect against unauthorized access.
• Secure Socket Layer (SSL) and 128-bit encryption is employed to ensure confidentiality. All data and information transmitted between you and Internet Banking Service is encrypted by using 128-bit encryption.
• For Maximum protection, always exit the Service by using “logout” button.

• Change your User ID or PIN periodically. For example every 30 or 60 days.
• Use strong User ID and PIN. A good, strong User ID and PIN should meet all of these criteria:

1. The length of the PIN must be EIGHT and required to use a combination of letters and numeric characters.
2. Use THREE or more different characters, e.g. b2a22aa2.
3. Do not use the same character for SIX times or more, e.g. 1111ab11.
4. Do not use SIX or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. a123456t, fedcba11.
5. Dot not use your User ID as your PIN.
6. Do not use a word found in the dictionary.
7. Do not use a User ID and PIN that hard to memorize so that you have to written it down.
8. Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your User ID or PIN.

• Ensure nobody is watching you while input your User ID and PIN or any other sensitive personal information.
• Memorize your User ID and PIN and do NOT write them down.
• Keep your User ID and PIN private and NEVER disclose to anyone else including police and our staff.
• Use different User ID and PIN for bank and credit card sites. Do NOT use the same User ID and PIN of website.
• Check your last login record every time you use Internet Banking Service / Mobile Banking Service.

• Do not install unlicensed software which may contain bugs or viruses.
• Install anti-virus and anti-spyware software and update the software regularly to ensure you have the latest protection.
• Install a personal firewall to help you prevent unauthorized access and update the firewall regularly to ensure you are covered with the latest protection. For details, please refer to your software vendor.
• Install security updates and patches to your operating systems or browser when they are made available. They are designed to provide you with protection from known possible security problems.

• If you suspect that the website is not owned by the bank, leave it immediately and do not follow the instructions it provides.
• Logout the service and clear browser cache after a banking session.
• Do not leave your devices (e.g. personal computer, mobile phone or telecommunication equipment) unattended in the middle of a session.
• Do not browse other websites by opening a new session while you are using Internet Banking Services.
• Do not use "Auto Complete" function on browser or other software to remember your User ID and PIN.

• For protection, always exit Internet Banking by using "logout" button.
• Regularly check your account balances and statements. If any discrepancies or suspicious transactions are found, report to us without delay.
• Do not conduct Internet Banking transaction using personal computers / mobile devices which are available for public access.

In respect of Internet Banking

• Ensure the "File & Print sharing" is disable while online, especially if you are connecting Internet through broadband connection.
• You may verify the correctness of our website by clicking the 'Lock' icon at the browser's address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown.

In respect of Mobile Banking

• You may verify the correctness of our mobile banking login page by clicking the 'Lock' icon at the browser's address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown. (Setting will be subject to mobile phone model)

• The Bank will not ask for sensitive account and personal information such as User ID and passwords via e-mails.
• The Bank will not send e-mails with embedded hyperlinks to transactional websites to the customer.
• Do not open Email attachment from unknown, suspicious or unreliable sources and delete it immediately.
• Be aware of scam Emails which may pretend to be sent from your trusted business partners and friends. However, they were designed to trap you into downloading a virus or visiting a fraudulent website and disclosing your sensitive information including your User ID and PIN.
• Do not send your User ID and PIN or other sensitive personal or financial information via Email. We always use encrypted sites that are secure to receive the information.

• Fraudulent or spoof websites
  Disguised to be the bank's genuine website and customers are asked to input their personal information.

• Phishing
  Normally a spam e-mail containing a hyperlink to a log-on page is sent, which requests online banking passwords. The page appears to be an official website but is actually a spoof website.

• Trojan software
  A malicious code attached or embedded in software that is planted in a customer's PC by a fraudster to access the customer's personal information. A form of Trojan is "key-logger" which monitor and record the keystrokes when a person types on the keyboard(e.g. user ID and PIN). This information can be passed back to an unauthorized person.

• Spyware
  Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.