SECURITY TIPS
Despite the enormous efforts taken by the Bank. You are playing an important role to ensure the security of your system. The following security tips are highly recommended.
Basic Tips
Protect your User ID and PIN
Protect your computer
Internet
Internet Banking
Mobile Banking
Email
Types of Threats when using Internet
Basic Tips
- You are required to select a unique User ID and PIN once you login to Internet Banking Service / Mobile Banking Service for the first time. You must enter the correct User ID and PIN every time you login to Internet Banking Service / Mobile Banking Service.
- The Internet Banking user name and password, apply to Mobile Banking.
- Internet Banking Service / Mobile Banking Service will be automatically terminated if there is no activity for 10 minutes in order to protect against unauthorized access.
- Secure Socket Layer (SSL) and 128-bit encryption is employed to ensure confidentiality. All data and information transmitted between you and Internet Banking Service is encrypted by using 128-bit encryption.
- For Maximum protection, always exit the Service by using “logout” button.
Protect your User ID and PIN
- Change your User ID or PIN periodically. For example every 30 or 60 days.
- Use strong User ID and PIN. A good, strong User ID and PIN should meet all of these criteria:
- The length of the PIN must be EIGHT and required to use a combination of letters and numeric characters.
- Use THREE or more different characters, e.g. b2a22aa2.
- Do not use the same character for SIX times or more, e.g. 1111ab11.
- Do not use SIX or more consecutive characters (in alphabetical or reverse alphabetical order), e.g. a123456t, fedcba11.
- Dot not use your User ID as your PIN.
- Do not use a word found in the dictionary.
- Do not use a User ID and PIN that hard to memorize so that you have to written it down.
- Do not use easy accessible number or data such as your birthday, ID number or personal telephone number as your User ID or PIN.
- Ensure nobody is watching you while input your User ID and PIN or any other sensitive personal information.
- Memorize your User ID and PIN and do NOT write them down.
- Keep your User ID and PIN private and NEVER disclose to anyone else including police and our staff.
- Use different User ID and PIN for bank and credit card sites. Do NOT use the same User ID and PIN of website.
- Check your last login record every time you use Internet Banking Service / Mobile Banking Service.
Protect your computer
- Do not install unlicensed software which may contain bugs or viruses.
- Install anti-virus and anti-spyware software and update the software regularly to ensure you have the latest protection.
- Install a personal firewall to help you prevent unauthorized access and update the firewall regularly to ensure you are covered with the latest protection. For details, please refer to your software vendor.
- Install security updates and patches to your operating systems or browser when they are made available. They are designed to provide you with protection from known possible security problems.
Internet
- If you suspect that the website is not owned by the bank, leave it immediately and do not follow the instructions it provides.
- Logout the service and clear browser cache after a banking session.
- Do not leave your devices (e.g. personal computer, mobile phone or telecommunication equipment) unattended in the middle of a session.
- Do not browse other websites by opening a new session while you are using Internet Banking Services.
- Do not use "Auto Complete" function on browser or other software to remember your User ID and PIN.
Internet Banking
- For protection, always exit Internet Banking by using "logout" button.
- Regularly check your account balances and statements. If any discrepancies or suspicious transactions are found, report to us without delay.
- Do not conduct Internet Banking transaction using personal computers / mobile devices which are available for public access.
- Ensure the "File & Print sharing" is disable while online, especially if you are connecting Internet through broadband connection.
- You may verify the correctness of our website by clicking the 'Lock' icon at the browser's address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown.
Mobile Banking
- You may verify the correctness of our mobile banking login page by clicking the ‘Lock’ icon at the browser’s address bar, which a server certificate issued by VeriSign will appear and the details validity of the certificate will be shown. (Setting will be subject to mobile phone model)
- Please download our bank apps from official App Store or Google Play by searching "OCBC Bank".
- Do NOT save or store your login name, PIN or PIN of the Soft Token in mobile device.
- Please set a hard-to-guess password and enable auto-lock for your mobile device, and enable remote wiping to protect data.
- To avoid logging into Mobile Banking in a crowded area (e.g. train compartment).
- Prevent sharing with others the use of Mobile Banking on your mobile device.
- When you have adopted device binding, biometric authentication or Soft Token, your mobile device will serve as important elements for login or transaction authentication. To reduce the associated risks related to unauthorized activities or transactions, please safeguard your personal belongings, keep your mobile device, PIN and sensitive information properly and do not allow anyone else to use your authentication factors.
- Prevent accessing the public Wi-Fi when you are using Mobile Banking.
- Turn off wireless communication technologies (eg. Wi-Fi, Bluetooth, NFC) when they are not in use. If using Wi-Fi, please connect to a trusted and encrypted network and remove any unnecessary connection settings.
- Do NOT use any jailbroken or rooted mobile device to login Mobile Banking, which may contain security loopholes.
- Please install and update the latest anti-virus and anti-spyware software in mobile device regularly.
- Please logout the Mobile Banking properly after using it.
- Avoid clicking on suspicious links or downloading unknown apps.
- Please logout the Mobile Banking services when you are using other apps.
- Please properly install and update other mobile apps and operating system of mobile platforms. Avoid installing and updating any suspicious mobile apps or operating system of mobile platforms from unknown sources.
- Carefully review permissions before installing any apps and do not download any apps from unofficial source (i.e. side-loaded apps). To protect your banking login credentials from potential fraudsters exploiting side-loaded apps, please disable unnecessary or excessive device permissions (e.g. accessibility permissions) of those apps or remove them from your device. If your Android device contains side-loaded apps with excessive permissions (e.g. accessibility permissions or full control), you will be alerted while opening "OCBC" mobile app.
- In order to enhance the security of your banking transactions and protect you from potential malware scams, the screen capture and recording feature on Android devices for “OCBC Macau” mobile app has been disabled.
- Stay informed about malware scams and check for security alerts from your bank.
Email
- The Bank will not ask for sensitive account and personal information such as User ID and passwords via e-mails.
- The Bank will not send e-mails with embedded hyperlinks to transactional websites to the customer.
- Do not open Email attachment from unknown, suspicious or unreliable sources and delete it immediately.
- Be aware of scam Emails which may pretend to be sent from your trusted business partners and friends. However, they were designed to trap you into downloading a virus or visiting a fraudulent website and disclosing your sensitive information including your User ID and PIN.
- Do not send your User ID and PIN or other sensitive personal or financial information via Email. We always use encrypted sites that are secure to receive the information.
Types of Threat when using Internet
- Fraudulent or spoof websites
Disguised to be the bank's genuine website and customers are asked to input their personal information.
- Phishing
Normally a spam e-mail containing a hyperlink to a log-on page is sent, which requests online banking passwords. The page appears to be an official website but is actually a spoof website.
- Trojan software
A malicious code attached or embedded in software that is planted in a customer's PC by a fraudster to access the customer's personal information. A form of Trojan is "key-logger" which monitor and record the keystrokes when a person types on the keyboard(e.g. user ID and PIN). This information can be passed back to an unauthorized person.
- Spyware
Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.