What is Two-Factor Authentication?
Two-Factor Authentication strengthens security by requiring a combination of two different types of authentication to login to an account. The first step of authentication is to provide the login ID and password followed by the second step, a one-time password obtained from SMS or "Security Device". Customers can choose to apply for the "Security Device" or "SMS One-Time Password" ("SMS OTP", effective on 18 Feb 2019) as a two-factor authentication tool.
Why do I need "SMS OTP" or "Security Device" for logging on Internet / Mobile Stock Trading Services?
In regard to the guideline from the Securities and Futures Commission (SFC) to strengthen security control related to internet trading services, all customers are required to use two-factor authentication for logging on internet trading accounts effective from 27 April 2018. The Bank adopts the "SMS OTP" or "Security Device" as two-factor authentication tool.
What is a "SMS OTP"?
"SMS OTP" is a security feature for verifying your online identity. When logging on Internet / Mobile Stock Trading Services, a password is sent through SMS to your registered mobile phone number and is only valid for short period of time.
Do I need to register for the "SMS OTP" Service in advance if I choose it as Two-Factor Authentication solution?
Registration is required for "SMS OTP" Service. You may visit any of our branches in person to apply for receiving “SMS OTP” starting from 18 Feb 2019.
If I do not register a mobile phone number to receive the "SMS OTP", can I continue using the Internet / Mobile Stock Trading Services?
If you do prefer not to receive the "SMS OTP", you need a "Security Device" which serves as a two-factor authentication tool to logon Internet / Mobile Stock Trading Services.
Are there any service charges for using the "SMS OTP" Service?
It is free if you receive a "SMS OTP" in Hong Kong. If you are in Mainland China or overseas, please consult your telecommunication service provider for details.
Will a "SMS OTP" expire or become invalid?
The "SMS OTP" is valid for 100 seconds. In addition, if the customer incorrectly enters the "SMS OTP" for 5 times, it will also become invalid.
The customer needs to press the "Resend" button to request a "SMS OTP" again. Customers can request 3 times for the resend of "SMS OTP" per each logon. If they still fail to logon successfully, the system will ask the customer to re-enter the user ID and password.
Do I need to use "Two-factor Authentication" for every transaction in Internet / Mobile Stock Trading Services?
No. Once you have successfully logon to Internet / Mobile Stock Trading Services, it will not be required to use "Two-factor Authentication" again for transactions. However, you will be requested to recomplete "Two-factor Authentication" if you try to logon to Internet / Mobile Stock Trading Services again after logging out.
What should I do if I receive an "SMS OTP" on my registered mobile phone number but am not logging on to my Internet / Mobile Stock Trading Services?
Please contact our Customer Service Hotline on (852) 2818 0282 immediately.
If I have enquiries about "SMS OTP" or have problem while using "SMS OTP" to access Internet / Mobile Stock Trading Services, to whom I can contact?
For enquiries or support, please call our Customer Service Hotline on (852) 2818 0282.
How can I apply for a Security Device for logging on Internet / Mobile Stock Trading Services?
Please visit any of our branches to arrange for application. If you wish to learn more about our Bank's Security Device, please click here
After I have applied for the Security Device as two-factor authentication to logon Internet/Mobile Stock Trading Services, when will it take effect?
If you already hold a valid and activated Security Device, the two-factor authentication to logon will be effective within 3 business days after the application. In addition, starting from 27 April 2018, apart from inputting the current user ID and password, you need to use the Security Code generated from the Security Device in order to logon to Internet / Mobile Stock Trading Services.
What are the important notes for Joint account or Corporate account to use the Security Device as a two-factor authentication tool to logon Internet / Mobile Stock Trading Services?
For Joint account or Corporate account, please assign one designated securities account holder of Joint account or authorized person of Corporate account to apply for and possess Security Device for Personal Internet Banking for logging on Internet / Mobile Stock Trading Services. Authorized person of Individual account or Joint account is not eligible to apply for and use the Security Device. In addition, Security Device for Corporate Internet Banking is not applicable to Internet / Mobile Stock Trading Services.
If I have applied to use the Security Device as a two-factor authentication tool for logging on to my Internet/Mobile Stock Trading Services, can I disable the service afterwards?
Yes. If you choose to disable the service, please visit any of our branches to complete the form. However, please note that, starting from 27 April 2018, all customers have to use the Security Device as a two-factor authentication tool for logging on to our Internet/Mobile Stock Trading Services. Thereafter, the service cannot be disabled.
How does your Internet/ mobile stock trading system protect my information ?
We provide an efficient system and network security which includes:
- Secure Socket Layer (SSL) with 128-bit encryption and Firewalls
- Identification of User ID and Password with compulsory change of password upon the first time login.
- Automatic logoff after the inactivity of your Internet and Mobile Stock Trading Account for 30 minutes and 15 minutes respectively (Stock quotation function is not accountable for inactivity. To avoid automatic logoff, you can use other enquiry functions apart from stock quotation during online, including order history, portfolio, e-message and etc.).
How do I protect my personal information?
In order to ensure that your personal information will not be disclosed, you can refer the following instructions:
(a) Must not disclose your User ID and password to anyone else.
(b) Destroy the original printed copy of your password.
(c) Avoid using easy-to-guess password such as your birthday or phone number.
(d) Change your password periodically.
(e) Check your account balances and statements regularly.
(f) Do not leave your computer unattended and promptly log off from service.
(g) Remove the temporary files stored in the memory or in the hard disks of the computer shared with others.
(h) Avoid any unauthorized capturing of your password by attackers by carefully handling doubtful e-mails received or accessing suspicious websites.
(i) Type the exact Website of our bank (www.shacomsecurities.com.hk
How do I know that I am performing transactions using the Internet Stock Trading Service of Shanghai Commercial Bank Ltd.?
Our bank has adopted the latest Internet security measure, EV SSL Certificate (Extended Validation SSL Certificate). If you are using the following browsers to access our Internet Stock Trading services, the colour of the browser address bar will be changed to green and the bank name displayed.
- Internet Explorer 7.0 or above
- Firefox 3.0 or above
If you are not using the above browsers, on the logon page you will see a small lock. If you double-click the lock, a server certificate issued by VeriSign will appear and the details and validity of the certificate will be shown.
Information contained herein has been obtained from sources believed to be reliable. Shanghai Commercial Bank Ltd. has not verified and does not warrant or represent that such information is accurate or complete and it should not be relied upon as such. Shanghai Commercial Bank Ltd. accepts no liability for any loss or damage arising from any inaccuracies or omission or otherwise by reliance on any such information.