Home
banner

Security Tips

Peace of mind with 2-Factor Authentication

2-Factor Authentication uses a combination of two different factors for verifying a user's identity. It provides a safer Internet banking services and protects you from Internet banking fraud.
 
img01 img02 img03
Something you know
i.e. User ID & Password
  Something you have
i.e. e-Cert or Security Device etc.


Security Device

A Security Device is any smartcard, token, electronic device, hardware or any other equipment issued by the Bank from time to time for generating Security Code(s) to verify your online identity and authenticate designated online transactions.

For Personal Banking Customers, please click here for more details.
For Commercial Banking Customers, please click here for more details.


The Bank advises customers of the need to take reasonable steps to keep the device safe and the authentication factors (for example, password) secret to prevent fraud. In particular, customer should advise its staffs to:
(1) destroy the original printed copy of the password immediately after its usage;
(2) do not allow anyone else to use their authentication factors;
(3) never to write down the passwords on any device for accessing e-banking services or on anything usually kept with or near it;
(4) do not write down or record the passwords without disguising them; and
(5) do not use combinations that are readily accessible/deducible such as your identity card number, telephone number, date of birth, driver's licence number or any popular number sequence (eg. 123456) for your PIN. Avoid using the same digit consecutively or the same sequence of numbers more than twice (eg.112233) as a PIN.
 

Mobile Security Token

Mobile Security Token is an authentication tool of "Shacom Bank" and "Shacom Business" App. You can log in and confirm designated transactions via Biometric Authentication or self-defined Security Passcode.

Please click here for more details of Mobile Security Token in "Shacom Bank" App.

Please click here for more details of Mobile Security Token in "Shacom Business" App.

Security Tips on using Mobile Security Token

  • The Bank staff would never require customers to provide personal information through emails, SMS messages, or pre-recorded voice message phone calls. The Bank staff would never require customers to provide Internet Banking User ID, password and Security Passcode through emails, SMS messages or phone calls.
  • Avoid using easy-to-guess Security Passcode and Internet Banking password such as your birthday, phone number, repeated numeric combination or the same user name and password that you use to access other systems or online services.
  • Change your Security Passcode and Internet Banking password from time to time.
  • Memorise your Security Passcode, Internet Banking User ID and password. Do NOT keep any written copy or save this information on your mobile device.
  • Do NOT allow anyone to use your Security Passcode and Internet Banking password.
  • Pay attention to your surroundings before conducting any banking transactions, and ensure that no one can see your Security Passcode and Internet Banking password. Cover the keypad of your mobile device when you enter your Security Passcode and Internet Banking password on it.
  • Ensure that Fingerprint / Touch ID / Face ID function is enabled on your mobile device first, under device settings. Otherwise, you will not be able to use biometric authentication to log in and confirm transactions.
  • If your device is capable of biometric authentication (e.g. fingerprint or facial recognition), do not let any other person register his/her biometric information on it.
  • You should NOT use facial recognition for authentication if you have identical siblings or siblings that look like you, or if you are an adolescent with rapidly developing facial features.
  • You must NOT take any action to disable any function provided by, and/or agree to any settings of, your mobile device that would otherwise compromise the security of the use of your biometric credentials for Biometric authentication purposes (e.g. disabling "attention-aware" for facial recognition).
  • Do NOT forward SMS from our Bank, including One-Time Password (OTP) and push notification to anyone.
  • Be aware of the risks associated with the adoption of biometric, mobile security token or device binding as one of the authentication factors used for initiating relevant transactions.
Previous pageBack to top