What is Mobile Security Token?
Mobile Security Token is a built-in function of "Shacom Business App". Once registered, you can log in Corporate Mobile Banking Services and approve designated transaction via Biometric Authentication and self-defined Security Passcode as two-factor authentication. You are no longer required to carry a Physical Security Device to enjoy convenient and secure banking service.
For more details, click here
for our Mobile Security Token webpage.
How can I register Mobile Security Token?
You must fulfil the following requirements:
- You have applied for Corporate Internet Banking service
- You have a registered mobile number with our Bank and are able to receive SMS One-Time Password (OTP)
Can I disable my Mobile Security Token anytime?
Yes. You may disable your Mobile Security Token anytime in "Settings" in Corporate Mobile Banking or call our Customer Service Hotline on 2818 0282 to disable Mobile Security Token.
Can I register Mobile Security Token on more than one mobile device at the same time?
No. You may only register Mobile Security Token on one mobile device at the same time. If you want to change the mobile device registered with Mobile Security Token, please use the new mobile device to register the service again. After you register Mobile Security Token on the new mobile device successfully, Mobile Security Token in the original mobile device will be disabled automatically and can no longer be used for Mobile Security Token.
Can someone else log in or authorize transaction if their fingerprint / facial recognition is stored on my device?
When you enable Fingerprint Authentication / Face ID Authentication in Corporate Mobile Banking, any fingerprint / facial recognition stored on your device can be used for login or transaction authorization. Hence, we strongly recommend you to only store your own fingerprints / facial recognition on your device. You can always add or remove fingerprints / facial recognition in "Settings" on your device.
If I change fingerprint or facial recognition record on my mobile device, can I continue to use "Biometric Authentication"?
After enabling Biometric Authentication, if you change the fingerprint or facial recognition record (e.g. add and/or delete biometric credential) on your mobile device, your Mobile Security Token will be disabled automatically. You are required to register Mobile Security Token and enable Biometric Authentication again in Corporate Mobile Banking.
Should I enable Biometric Authentication if my siblings and I look alike or I am an adolescent?
- You must not use facial recognition for authentication if you have reasonable belief that other people may share identical or very similar biometric credential of you or your biometric credential can be easily compromised. For instance, you have identical twin or triplet sibling(s).
- You must not use facial recognition for authentication if the relevant biometric credential of you are or will be undergoing rapid development or change. For instance, you are an adolescent with facial features undergoing rapid development.
If I register Mobile Security Token, will my fingerprint or facial recognition be stored in Shanghai Commercial Bank?
The Biometric Authentication is performed by interfacing with the biometric credential of the mobile device. The Bank is unable to retrieve and store your fingerprint or facial recognition. Please note that if you have registered Biometric Authentication, after disabling Mobile Security Token, your fingerprint or facial recognition will still be stored on your mobile device. You may consider deleting the data at your discretion.
After registering Mobile Security Token, can I still use Physical Security Device to authorize designated transaction in Corporate Internet Banking?
Once the customers registered Mobile Security Token, Corporate Internet Banking transactions will be authenticated by Mobile Security Token by default. However, customers can switch to use Physical Security Device to authorize designated transactions in Corporate Internet Banking.
Do I still need to keep my Physical Security Device?
If you have the Bank's Physical Security Device, please keep it safe as usual for the following:
- Once the customers registered Mobile Security Token, Corporate Internet Banking transactions will be authenticated by Mobile Security Token by default. However, customers can switch to use Physical Security Device to authorize designated transactions in Corporate Internet Banking.
Do I have to enable push notification to use Mobile Security Token?
You need to allow receiving push notifications to use Shacom Business App. When performing designated transactions via Corporate Internet Banking, you will receive push notification via your mobile device with the registered Mobile Security Token, so that you can directly enter the transaction authorisation page after clicking the push notification.
After receiving the notification, do I have to authorize designated transactions within a time limit?
Yes. The push notification will expire after a designated period of time and you must complete the transaction authorization before it expires.
If I fail to login using "Biometric Authentication" for multiple times, will my Corporate Internet Banking account be suspended?
Your Corporate Internet Banking account will not be suspended. However, Biometric Authentication function in Corporate Mobile Banking App will be disabled.
If I fail to login using "Security Passcode" for multiple times, will my Corporate Internet Banking account be suspended?
Your Corporate Internet Banking account will not be suspended. However, Mobile Security Token in Corporate Mobile Banking App will be disabled.