Home
banner

Security Tips

Internet Banking Security Tips

PIN

  • Do not disclose your User ID and password to anyone, including someone claims to be the Bank's staff or the Police. Under no circumstances will our staff ask for such information from customers through whatever channels, such as telephone, e-mail, etc.
  • After you have memorized your password, destroy the original printed copy of it immediately.
  • Do not allow anyone to use your password.
  • Create a password with a combination of letters and numbers. Avoid using easy-to-guess password such as your birthday, phone number, repeated numeric combination or the same user ID and password that you use to access other systems or online services.
  • Change your password from time to time.

 

Web Browsing Best Practice

  • Do not leave your computer and mobile communication device (eg. mobile handset, tablet etc.) unattended and promptly exit by clicking "Logoff" button and disconnecting from on-line services. Set up auto-lock and enable passcode lock to prevent unauthorized access of your handsets/notebook/tablet PC.
  • Remove the temporary files stored in the memory or in the hard disks of the computer shared with others.
  • Memorise your User ID and password and do not write it down. Do not store password in your computer/mobile communication device or the browser or re-use passwords, and disable auto-complete function.
  • Do not install document sharing software in your computer.
  • Check your account balances and statements regularly. Report to the Bank as soon as possible if you spot any unusual transactions.
  • Avoid using public or shared computer/shared mobile communication device or public Wi-Fi network or Wi-Fi without password setting to access our i-Banking services and ensure that your screen or input cannot be viewed by any other person.
  • Ensure proper physical access controls for your personal computer/mobile communication device and Internet connections.

 

About Anti-Virus Protection

  • Install Firewall with appropriate safety level or access control set-up and regularly update PC security softwares (eg. Anti-Spyware, Anti-Virus etc.) to protect from Spyware and virus such as Trojan Horses. Also, scan your computer from time to time with anti-virus software and anti-spyware software.
  • Download and apply security updates and patches to the computer and mobile communication device/browser when they are made available to ensure you have the latest protection against any security vulnerabilities.
  • To prevent the Spyware installation without your knowledge and virus attack, avoid visiting or downloading software from suspicious websites, never install freewares, programs and smartphone applications from unreliable sources or pirated softwares or use jailbroken/rooted devices or open e-mails and attachments from unknown or doubtful sources. If any unusual screens pop-up and/or the computer responds unusually slowly, log off from the Internet Banking and scan the computer with virus protection software.
  • To prevent unauthorized access by third party to your data through network, please disable the "File and Printer Sharing" function and set up the proper access rights of your computer.
  • Make sure that you backup your files regularly so that you can recover them after a virus attack.

Security Alert - Hong Kong Computer Emergency Response Team Coordination Center (HKCERT)

 

When using Internet Banking

  • Verify last logon date and time.
  • Ensure all other Internet sessions are closed before and during logging on to our i-Banking services.
  • Avoid accessing our i-Banking services through hyperlinks embedded in e-mails or suspicious pop-up windows or third party websites. Do not enter any information (user ID, password etc.) to the screen pop-up or suspicious websites.
  • Access to the i-Banking's web site via the web browsers' bookmarks menu which has previously been identified genuine or typing the exact URL: http://www.shacombank.com.hk. The bank has adopted the latest Internet Security measure, EV SSL Certificate (Extended Validation SSL Certificate). If you are using the following browsers to access our i-Banking services, the colour of the browser address bar will be changed to green and the bank name will be displayed on the address bar (Internet Explorer 7.0 / Firefox 3.0 / Chrome / Safari 4.0 or above). If you are not using the above browsers, on the logon page you will see a small lock. If you double-click the lock, a server certificate issued by VeriSign will appear and the details and validity of the certificate will be shown to authenticate you are accessing the genuine website of the bank.
  • Ensure any device (for example, smart card, i-Key, that store digital certificate) and/or password used for accessing i-Banking services is secure and kept safe. Remove the storage media of the digital certificate from your PC after use.
  • Do not install the digital certificate on your web browser or store the digital certificate in a hard disk.
  • Notify the Bank of any changes in your personal details as soon as possible (e.g. telephone number, email and correspondence address).
  • Login passwords - Set a password that is difficult to guess and different from the ones for other services.  The login password should be changed regularly and should never be stored on computers, mobile phones or placed in plain sight. Keep the security token (if any) provided by the Bank at a safe place.
  • Computers and mobile phones - Protect your computer and mobile phone used for logging into Internet banking.  Avoid using public computers or public Wi-Fi to access Internet banking services.
  • Bank websites and Apps – Internet banking should be accessed by entering the Bank’s website address directly, or using a bookmark or an Internet banking mobile application (App). Never access the Bank website or provide your personal information (including your password) through any hyperlinks or attachments embedded in emails or from websites.
  • Login process – Beware of any unusual login screen or process (e.g. a suspicious pop-up window, unusually slow browser response, multiple requests for password input or request for providing additional personal information) and whether anyone is trying to peek at your password. Log out immediately after use.
  • Check the Bank's SMS messages and other messages in a timely manner and verify your transaction records. Inform the Bank immediately in case of any suspicious situations. The Bank would not ask for any sensitive personal information through emails, SMS messages or pre-recorded vice message phone calls. The Bank would never require customers to provide user names and passwords through emails, SMS messages or phone calls.

 

If you suspect any unusual account activities, including discrepancy details found on the last logon time and, certificate information, please change your i-Banking password immediately and contact our 24-hour hotline on (852)2818 0282 or visit any of our branches for immediate assistance. You are highly recommended to call the Anti-Deception Coordination Centre (ADCC)'s "Anti-Scam" consultation hotline on 18222 to help combat suspected fraud cases.

Previous pageBack to top