保安信息

安全守则

请问贵行的网上银行服务如何保护我的数据?

  • 本行设有多种有效系统作保护,包括利用最新版本的TLS(Transport Layer Security,传输层安全协议)和点对点加密技术及使用各防火墙进行保护,将您于网上传送的数据加密,才传送至银行系统,确保了您交易的安全。
  • 本行亦采用公共密锁基建 (PKI) 技术确保网上交易及您个人数据得到保障。利用先进技术的电子密码器﹑电子核证服务有限公司的电子证书,包括公共及私人的密码锁,以认证独一无二的使用者身份,并将本行与客户之间的数据传送加密。本行现时接受电子密码器及由电子核证服务有限公司(Digi-Sign)发出的电子证书 (ID-Cert) 之工银亚洲U盾 (只适用于公司用户)作双重认证。请使用电子密码器或电子证书于网上银行办理各项交易,详细检阅交易数据准确无误后方可输入该一次性密码作授权。电子证书为您提供一个独有的身份及安全的授权模式。为加强保安,本行只接受使用储存于不可复制的安全媒体的电子证书于网上银行办理交易。
  • 除了可以使用电子证书外,您亦可以使用电子密码器,采用新一代动态密码技术作双重认证授权,于网上银行办理交易
  • 您于第一次登入系统时必须更改密码,系统在确认密码后才会运作。
  • 网上银行服务系统自动监察您的进行程序。如您于15分钟内未进行任何指示,系统即自动注销。
  • 网上银行服务系统会监察到如有连续3次错误输入密码,系统会立刻自动终止当日网上银行服务。

为保障阁下安全,请采取以下预防措施防止密码被欺诈性使用或未经许可之披露。

  • 安装最新的计算机防毒软件及个人防火墙,并经常更新病毒数据特征数据(Virus definition/signature),以确保您的计算机有适当安全措施作保护。
  • 切勿安装区域不明之软件或开启区域不明之电邮附件。
  • 切勿透过附于电邮之连结登入网上银行服务。
  • 通过数码证书认证以核实网上银行服务器之真确。
  • 当首次登入网上银行服务,请即更改初次发出之密码。
  • 定时更改私人密码。
  • 密码必须保密。不可向任何人包括本行员工透露您的密码。
  • 不要以任何可辨作密码之形式写下或记录密码。
  • 不要以电子邮件发送密码。
  • 不要以您的身份证号码、电话号码、出生日期或姓名的可辨认部份作为密码。
  • 不要使用相同之用户编号及密码作为操作网上银行账户及接驳其它服务(如连接互联网或其它网址)。
  • 使用数字及大小楷英文字母之组合作为密码。
  • 理财过程完成后,即从网上银行服务注销,并消除浏览器的内存快取记录。您不应不依循适当注销步骤而随便离开。
  • 确保在使用网上银行/手机银行服务过程中,不使该操作中之个人计算机/手机被闲置不理。
  • 确保使用适当之个人计算机及网上连接安全措施。切勿使用公用计算机登入及操作网上银行服务(例如网吧)。
  • 您须提供有效的流动电话及联络电话号码作联络通知用途,如相关电话号码已更新需实时通知银行作修改。
  • 定期留意和遵照香港银行公会、消费者委员会、香港警务处、香港金融管理局、证券及期货事务监察委员会、信息科技署等提供的保安提示。
  • 为了更安全地使用网上银行,您需要保护好您的工银亚洲U盾及密码,电子密码器及密码,确保登录网上银行的计算机安全可靠,定期更新杀毒软件,不打开来路不明的程序、链接、邮件,保持良好的上网习惯,工银亚洲U盾,以及保持电子密码器安全使用完毕后应及时从计算机上取回。
  • 为减轻木马程序影响我行客户计算机的风险,请考虑参考我行的安全提示以补充以下的安全控制讯息:    

    • 客户切勿从任何不明的网站上下载文件。
    • 客户切勿打开来历不明的电邮,亦不应开启这些电邮内的附件。
    • 客户切勿经电邮附上的超级链接、网上搜寻器、可疑的突现式窗口或其它可疑渠道登入网上服务(如网上银行),而应在浏览器上端的网址栏亲自输入银行的真实网址或将该网址记录在浏览器书签内,以连接到银行网站。
    • 客户应在使用前验证我行电子银行网站的身份和真实性。
    • 客户应在使用前验证我行电子银行网站的身份和真实性。

    使用Microsoft Internet Explorer 的客户请在使用前以按F11的方式来查看及验证我行电子银行网站的身份和真实性,主要步骤如下:

    1. 在工银亚洲网上银行的网页中按F11 。(若浏览窗口上方状态列显示关上的锁形图像,表示TLS(Transport Layer Security)功能已启动)。
    2. 按F11后,您在浏览网页的上部份可以找到一个‘锁形’图像,点选后一个认证窗口会出现告知您正在浏览的网页拥有者数据,您可以透过*证书信息认证正在浏览的网页属于中国工商银行(亚洲)所有。

    *注: 证书信息供客户作认证,包括:- 证书颁发网站: myebankasia.icbc.com.cn
    - 证书颁发者: Symantec Class 3 EV SSL SGC CA - G2 ;
    - 有效期:检查安全证书是否在有效期内。
       

    其它浏览器 (例如: Safari)的验证步骤与以上步骤相同,但并不需在工银亚洲网上银行的网页中按F11 。
    如果您怀疑有未经授权的账户交易,请即致电 (852) 218  95588 与本行客户服务部联络,或与分行接洽。

    注意:    

    为减低被非法入侵的风险, 请即更改路由器(Router)的预设登入密码。

    1.我该如何保管我的密码?
    答:您应注意下列各点并小心保管密码:

    - 不可向任何人透露您的密码或账号
    - 不可让其它人使用您的密码
    - 不要写下或记录密码
    - 不要以您的身份证号码,电话号码或出生日期等作为密码
    - 使用难以猜测的密码
    - 经常更改您的私人密码,正确密码可以是8至12个位的数字或英文字母
               

               
    2.我可否储存用户编号及密码以免每次输入?
    答:为确保您交易安全,用户编号及密码不能储存。

               
    3.我可否以关闭浏览器作为离开系统的方法?
    答:关闭浏览器并不代表离开系统,故必须执行正式离开系统的程序。

               
    4.数据加密技术是什么?
    答:加密技术将您于网上传送的数据利用密码技术改变表面意思,确保了您数据的安全。而加密与解密程序均按照非常复杂的数学原理编写而成。

               
    5.为甚么除了需要TLS系统功能外,还使用点对点加密技术?
    答:本行设有多种有效系统作保护,包括利用最新版本的TLS(Transport Layer Security,传输层安全协议)和点对点加密技术及使用各防火墙进行保护,将您于网上传送的数据加密,才传送至银行系统,确保了您交易的安全。

               
    6.我怎样知道我的浏览器已启动TLS功能?
    答:若浏览窗口下方状态列显示关上的锁形图像,表示TLS功能已启动
    您可以通过选择菜单栏“文件”,然后“属性”来验证连接加密状态」。

               
    7.我怎样才可以启动TLS功能?
    答:一般而言,您可于浏览器的安全性设定内选取使用TLS 1.0, TLS 1.1 和 TLS 1.2,以Microsoft Internet Explorer 8.0为例,您可依照下列的程序启动的TLS功能:
    1.在功能列选择 '工具'
    2.点选 'Internet选项'
    3.选择 '进阶'
    4.进入 '安全性' 项目内, 并点选 '使用 TLS 1.0' , '使用 TLS 1.1' 及 '使用 TLS 1.2' 的对话盒
    5.点选 '确定' 退出对话盒

               
    8.我怎样确保我正在浏览的网页是由贵行提供?
    答:为了安全,当您到达本行网上银行的登入网页并输入网上银行账户号码、用户编号﹙如适用﹚及密码前,您可以在浏览的网页底部找到一个‘锁形’图像,点选后一个认证窗口会出现告知您正在浏览的网页拥有者数据,您可以透过数据认证正在浏览的网页属于中国工商银行(亚洲)所有。

               
    9.当我使用网上银行服务时需警觉些甚么?
    答:在交易进行时切勿按'上一页'或'重新整理'。同时避免将浏览窗口进行缩放,以保持浏览器的稳定性,否则会引致服务终断。

               
    10.我要连接互联网时,我该如何保护我的个人计算机?
    答:建议安装最新的计算机防毒软件,并经常更新病毒数据特征数据(Virus definition/signature)。为保障个人计算机不会透过互联网被不法入侵,建议安装个人防火墙以作保护。您亦可与信誉良好的资料保安专业顾问或与软件分销商研究,以选取最适当之保安防护软件。

    不同品牌的保安软件,在不同的保护范畴均有其优点及缺点。因此必须对不同的安全性入侵提高警觉,同时留意各品牌保安软件商,对其产品所提供之修补数据程序之发放,并实时更新。

               
    11.如果我怀疑有未经授权的账户交易,应该怎办?
    答:请即致电 (852) 218 95588 与本行的客户服务部联络,或与分行接洽。

    保安信息

    注意: 如阁下怀疑网上银行户口被盗用或发现有不寻常交易,请实时联络本行。本行绝不会要求你透露密码或透过电邮索取有关资料
    如收到透露密码的要求,应立即联络我们: 客户服务热线(852) 218 95588 ;或 按此发出送查询。

    电子邮件 / 实时讯息

    • 在电邮服务中使用高强度密码;
    • 使用双重认证以加强你的电邮账号保安;
    • 监察及检视登入活动;
    • 切勿下载不明来历的档案、开启不明来历的电子邮件及其附件,应立即删除,并在邮箱之「资源回收筒」内删除该等电子邮件;
    • 开启或处理附加档案前,须用防计算机病毒软件彻底地把它扫描;
    • 取消电子邮件之"Scripting"功能,以免计算机自动开启及执行不明来历的档案;
    • 小心提防要求你提供登入信息的可疑电邮或网址;
    • 不同账号要使用不同的电邮地址。例如,勿使用相同电邮地址登记银行账号及游戏账号。另外,在不同的网上服务要使用不同的密码;
    • 切勿使用公众 Wi-Fi 来登入敏感服务。使用电讯网络会更安全;
    • 切勿开启不明来历的实时讯息中的连结。

    若对任何声称来自本行的电邮有怀疑,如说你中了抽奖或收到邀请让你轻易地赚取金钱而不须你有任何行动,应联络香港金融管理局 (热线电话:2878 8196)或警方(热线电话: 2860 5012-3);致电客户服务热线(852) 218 95588 ;或 分行

    诈骗活动

    欺诈电邮、预缴费用诈骗案或"419诈骗案"    

    这类诈骗涉及不知名的人士发出信件或电邮,声称收件人只需协助调动一笔巨款(通常是大笔美元),即可获得可观酬金。讹称涉及的款项可能是公司利润/积存贿款/未动用的政府经费,甚至是已故人士未领取的款项等。

    又例如发件人声称为银行职员,指其一名已去世的客户留下巨额定期存款,现无人认领,故邀请收件人合作,讹称为客户的亲属领取存款。如收件人同意合作,发件人便要求收件人预先缴付款项以支付文件费用。最终收件人被骗付款,其后即无法联系寄件人。

    骗徒的另一主要目的是套取银行资料。这类交易一般要求收件人先付一笔费用/税款/贿款,否则交易无法完成──亦即要求预缴费用。待受害人付出垫款,骗徒便会从此消失得无影无踪,款项也就永远无法追回。

    近期骗徒又有新手法,就是声称只需登入某个银行网站(实质是虚假网站),便可看到有关户口,显示存有数以百万元的结余,借此说服收件人确实有笔款项存在,但实际却并非如此。

    此外,收件人的个人数据亦通常会被利用来进行其它诈骗活动。

    网上博彩诈骗案    

    这类信件或电邮会假装通知收件人已中了彩池,但收件人要回复电邮才可领奖。骗徒接着会要求收件人提供银行数据,声称是为了安排转账。他/她们甚至会要求收件人缴付一笔手续费。待受害人付出款项,骗徒便会从此消失得无影无踪,款项也就永远无法追回。此外,收件人所提供的个人数据亦很可能会被利用来进行其它诈骗活动。

    恶作剧电邮    

    有些人总爱利用别人的忧虑来寻开心,这实是人性丑恶的一面。不少人发出电邮,声称是提醒收件人发现新病毒,但其实是恶作剧性质,纯粹为引起恐慌或企图制造混乱,令商业活动受阻。

    这类警告可能并非虚假,但我们千万不要掉以轻心,而应先到防毒软件供货商的网站,例如McAfee、Sophos或Symantec,查明是否真有其事才采取任何行动,包括把电邮转发给亲友和同事。

    如何核实电邮者身分 ,以揭穿骗徒真面目    

    于电邮骗案中,骗徒大多利用黑客技术入侵受害人电邮户口,查看受害人与商业伙伴的电邮,再以相同或类似的电邮户口向受害人发出电邮,声称付款银行户口已更改,并要求受害人将指定金额汇入骗徒指定的银行户口。按警方呼吁,市民若收到可疑电邮,应在汇款前主动以电话确认对方真正身份或该项要求的真确性,以防受骗。

    浏览器中间人攻击Man-In-The-Browser Attack(MITB)    

    请务必提高对近期一种名为「浏览器中间人攻击」Man-In-The-Browser Attack (MITB)的警觉。此类攻击者是入侵用户的联机及向用户显示假冒的画面并尝试取得及更改用户的数据。

    • 常见的MITB攻击情况是攻击者入侵用户的登入。攻击者在等侯其资料被核实时向用户显示与网上银行相似的画面并要求用户等候。攻击者亦会发出登记收款人或更改用户数据的指示。用户便会经手机短讯收到相关的一次有效密码。此时,攻击者会向用户显示更多假冒的网上银行画面并要求用户输入一次有效密码,以进行登记收款人及/或更改用户数据。
    • 如于登入网上银行后发现不正常的画面或讯息,请勿继续。
    • 如您经手机短讯收到您没有要求过的一次有效密码,请不要响应并查核您的收款人数据及没有未授权的登记。

    查察及报告不寻常 / 怀疑欺诈 / 欺诈之交易

    • 定期检查您的账户结余和月结单,立即将账户内不寻常之交易通知本行(请勿忽视不寻常的小额交易) ;
    • 定期检查您的个人资料,以免因被人盗用您的个人资料而造成不必要的损失;
    • 如联络资料有任何更改,应立即通知本行,以便本行发现不寻常之网上交易时可获及时通知;
    • 如怀疑任何关于网上银行交易的可疑事故时,您应立即经以下列任何方式联络我们并提供有关详细数据

    (您最后的登入时间;
    网上银行打印账户数据;或
    电子邮件;或
    撷取屏幕(如影像)。) :
    致电客户服务热线(852) 218  95588 ;或
    按此发出查询。;或 亲临本行任何一间分行

    更多保安信息

    如欲查询更多有关网上银行安全事宜,请参阅:
    由香港金融管理局及香港银行公会联合提供之「网上银行 - 方便又安全」资料
    https://www.hkma.gov.hk/chi/key-functions/banking-stability/internet-banking/two-factor-authentication.shtml                                

    个人网上银行保安小贴士

    (1) 双重认证 双倍保障

    双重认证是指利用两种不同性质的数据,用作核实用户的真正身份:

       

    利用双重认证的好处:    

    因骗徒无法在网上盗取您持有的实物工具(如:手提电话),因而可大幅提升安全程度;可保障高风险的交易,因为只有网上银行用户才持有实物工具,令所有高风险的网上银行交易(例如转账至未登记的第三者账户)都能得到双重保障;使用方法简单,只需依循简单的步骤便能完成高风险交易。

    (2) 网上安全您要知

    当完成网上交易后,必须点击「注销」确认离开系统,以防止个人数据外泄。请妥善保管您的电子证书,电子密码器和手机,它是重要的双重认证工具。请不要透过任何电子邮件提供的超级链接登入网上银行。我们也不会以电邮方式要求客户提供账户号码、密码或任何个人数据。为确保账户安全,如您连续3次输入错误的网上银行登入密码,您当日的网上银行服务将被临时暂停,如记起登入密码,可于第二天再行尝试登入。如多天后仍未能登入网上银行,服务有可能被暂停,请致电218 95588或直接前往分行查询。

    (3) 使用Java plugin要注意的事情

    1. 访问甲骨文官方网站,下载及安装于2013年1月15日或之后公布的最新Java软件,该软件需针对及解决他们于2013年1月13日的声明中的软件问题。
    2. 如要使用网银时,才开启有关Java软件。
    3. 直接输入本行门户网站www.icbcasia.com(不要使用书签的连结),再于工银亚洲门户网站开启及登入本行网上银行。
    4. 客户可参考“电子银行安全知识专区”中“加强保安 -- 您的角色与责任”的问题8,以确保正在浏览的网页是否由本行提供。
    5. 正常登入网银及使用,其间不另外使用其它需要Java的不知名网站。
    6. 正常注销网银。
    7. 如客户担心Java影响其计算机保安,可注销网银行后立即关闭停用Java,下次再使用网银时再开启Java及使用。

    (4) 评估已登记第三者账户

    登记第三者账户时,如该账户是高风险商户类别(如货币服务营运者、或能较容易将产品或服务转换为金钱者,如汇款服务商、外币兑换商、珠宝首饰公司、博彩业机构、财务类/借贷类服务者例如股票经纪行、信用卡商户),请慎重决定申请及浏览本行网页了解更多保安提示。请留意登记某些机构的账户作为第三者账户时,有可能会引起将资金提取或转账至其它未经指定受益人的潜在风险。

    手机保安信息小贴士

    1.如何保障手机银行使用安全?
    答:- 请客户经常保持警觉,注意任何试图冒充本公司手机银行的伪造网站或iPhone/Android 应用程序。在任何情况下,阁下均不应透过来历不明的电子邮件中的超链接,进入自己的手机银行银行交易账户。为确保阁下的个人数据安全,阁下应使用本行提供的官方网址m.icbcasia.com 或 https://.mobilehk.icbc.com.cn 或从 Apple App Store/Google Play 官方网站下载的手机银行应用程序登入本行手机银行。
    - 使用流动电话原先提供的浏览器,避免使用由其它来源下载的新安装浏览器,定时清除浏览器的暂存及历史数据。切勿在浏览器选择储存或保留密码,并关闭浏览器「自动完成」设定,防止第三者从浏览器盗取您的登入数据。
    -流动设备(流动电话或平板计算机)须安装和定期更新保安程序、防毒程序和防间谍程序。避免在装有盗版、破解版、伪造及/或未授权应用程序的流动设备或软件保护被破解或已获得流动设备的软件操作系统最高权限的流动设备上(包括但不限于已「越狱 (jailbroken)」或「刷机 (rooted)」的流动设备)使用手机银行。
    -确定所使用的流动设备操作系统及应用软件仍受供货商支持,并启动自动更新功能定期从可信赖的来源取得及为流动设备安装修补程序。切勿尝试安装来源不明的软件/应用程序。如发现任何可疑的程序,切勿尝试下载、登入及应实时停止操作。
    - 避免使用公众地方的Wi-Fi(无线网络)及欠缺密码保护的Wi-Fi登入手机银行。当使用Wi-Fi无线上网时,使用已加密及可信赖的Wi-Fi无线网络或服务提供者,并采用保安措施,例如尽可能使用保护无线计算器网络安全的系统 (Wi-Fi Protected Access),或移除不必要的Wi-Fi联机设定。
    -关闭无需使用的无线网络功能(如Wi-Fi、蓝芽、NFC)。
    -每次使用手机银行时,请先核对上一次登入及注销的记录;应定期检查账户结余及核对交易记录。如发现可疑情况,请即与我行联络。
    - 客户于收到密码函件后,请紧记私人密码并把该信销毁。为确保私人密码得以保密,本行建议首次使用时,更改私人密码,并且切勿以身份证号码、电话号码、出生日期、驾驶执照或容易被猜中的号码或文字作为密码,并避免使用阁下于其它网站登记的密码作为登入密码。
    - 切勿向任何人 (包括银行职员及警方) 透露 阁下的手机银行账户名称及密码(包括一次性密码),亦不应随便向任何人透露 阁下的个人数据,如身份证号码、出生日期等。
    - 切勿将密码写在任何手机银行所需的装置,或经常与此等装置放在一起的对象上,而应确保您紧记这密码。
    -切勿让第三者使用您的手机银行及密码。请设定难以猜测的锁机密码及自动上锁功能。
    - 避免于环境挤迫的地方登入手机银行,并留意个别手机在输入密码时,有关密码可能以明码的方式放大,间接让他人有机会偷取有关登入资料,阁下应格外小心。
    - 进行银行交易前,请先查看四周环境,确保没有人看见您的手机银行密码。
    - 为安全着想,请透过个人网上电子银行,定期更改您的手机银行密码。
    - 基于保安问题,客户不可同时使用三个不同平台(例:WAP、iPhone App及Android App)登入同一个网上理财账户。
    2.如果遗失手机银行密码或手机应如何处理?
    答:如阁下遗失手机银行密码或手机,或怀疑密码或手机遭盗用,或账户曾录得未经授权的交易,请即与手机服务供货商及本行联络。
    3.手机银行应用程序是免费的吗?
    答:我们不会从手机银行应用程序收取任何费用。但是,当您在访问或下载该应用程序时, 您的手机网络运营商可能会收取费用。您将对上述费用负责。
    4.于手机银行是否可应用双重认证?有什么好处?
    答:双重认证是指利用两种不同性质的数据,用作核实用户的真正身份:

    利用双重认证的好处:
    因骗徒无法在网上盗取您持有的实物工具(如:电子密码器),因而可大幅提升安全程度;可保障高风险的交易,因为只有网上银行用户才持有实物工具,令所有高风险的网上银行交易(例如转账至未登记的第三者账户)都能得到双重保障;使用方法简单,只需依循简单的步骤便能完成高风险交易。

    自动柜员机保安小贴士

    为使您可安全地使用工银亚洲自动柜员机服务, 请注意以下安全事项:        

    • 使用时观察自动柜员机附近有否加装任何可疑装置(如针孔镜头或磁带阅读器),此等装置可能是用以盗取您的提款卡磁带上的数据或密码。
    • 完成交易后记紧提取提款卡,切勿将提款卡遗留在柜员机。
    • 当输入私人密码时,请用手遮盖键盘,以免任何人士可从您背后或其它方向看到您的密码,同时避免接受陌生人的协助。
    • 切勿向任何人士,包括银行职员或警务人员披露您的私人密码。
    • 切勿外借您的提款卡与任何人士,包括银行职员或警务人员。
    • 收到提款卡后,请立即更改私人密码。
    • 切勿使用与登入其它服务(例如其它银行提款卡)相同的私人密码。
    • 请紧记您的提款卡私人密码,切勿将私人密码记录并与提款卡一同存放。
    • 切勿使用易于识别的提款卡私人密码(例如出生日期、身份证号码或电话号码)。
    • 请定期透过工银亚洲自动柜员机更新您的提款卡私人密码。
    • 如遗失提款卡或私人密码,请立即通知银行。


                               

保安資訊

安全守則

請問貴行的網上銀行服務如何保護我的資料?

  • 本行設有多種有效系統作保護,包括利用最新版本的TLS(Transport Layer Security,傳輸層安全協議)和點對點加密技術及使用各防火牆進行保護,將您於網上傳送的資料加密,才傳送至銀行系統,確保了您交易的安全。
  • 本行亦採用公共密鎖基建 (PKI) 技術確保網上交易及您個人資料得到保障。利用先進技術的電子密碼器﹑電子核證服務有限公司的電子證書,包括公共及私人的密碼鎖,以認證獨一無二的使用者身份,並將本行與客戶之間的資料傳送加密。本行現時接受電子密碼器及由電子核證服務有限公司(Digi-Sign)發出的電子證書 (ID-Cert) 之工銀亞洲U盾 (只適用於公司用戶)作雙重認證。請使用電子密碼器或電子證書於網上銀行辦理各項交易,詳細檢閱交易資料準確無誤後方可輸入該一次性密碼作授權。電子證書為您提供一個獨有的身份及安全的授權模式。為加強保安,本行只接受使用儲存於不可複製的安全媒體的電子證書於網上銀行辦理交易。
  • 除了可以使用電子證書外,您亦可以使用電子密碼器,採用新一代動態密碼技術作雙重認證授權,於網上銀行辦理交易
  • 您於第一次登入系統時必須更改密碼,系統在確認密碼後才會運作。
  • 網上銀行服務系統自動監察您的進行程序。如您於15分鐘內未進行任何指示,系統即自動登出。
  • 網上銀行服務系統會監察到如有連續3次錯誤輸入密碼,系統會立刻自動終止當日網上銀行服務。

為保障閣下安全,請採取以下預防措施防止密碼被欺詐性使用或未經許可之披露。

  • 安裝最新的電腦防毒軟件及個人防火牆,並經常更新病毒資料特徵數據(Virus definition/signature),以確保您的電腦有適當安全措施作保護。
  • 切勿安裝區域不明之軟件或開啟區域不明之電郵附件。
  • 切勿透過附於電郵之連結登入網上銀行服務。
  • 通過數碼證書認證以核實網上銀行伺服器之真確。
  • 當首次登入網上銀行服務,請即更改初次發出之密碼。
  • 定時更改私人密碼。
  • 密碼必須保密。不可向任何人包括本行員工透露您的密碼。
  • 不要以任何可辨作密碼之形式寫下或記錄密碼。
  • 不要以電子郵件發送密碼。
  • 不要以您的身份證號碼、電話號碼、出生日期或姓名的可辨認部份作為密碼。
  • 不要使用相同之用戶編號及密碼作為操作網上銀行賬戶及接駁其他服務(如連接互聯網或其他網址)。
  • 使用數字及大小楷英文字母之組合作為密碼。
  • 理財過程完成後,即從網上銀行服務登出,並消除瀏覽器的記憶體快取記錄。您不應不依循適當登出步驟而隨便離開。
  • 確保在使用網上銀行/手機銀行服務過程中,不使該操作中之個人電腦/手機被閒置不理。
  • 確保使用適當之個人電腦及網上連接安全措施。切勿使用公用電腦登入及操作網上銀行服務(例如網吧)。
  • 您須提供有效的流動電話及聯絡電話號碼作聯絡通知用途,如相關電話號碼已更新需即時通知銀行作修改。
  • 定期留意和遵照香港銀行公會、消費者委員會、香港警務處、香港金融管理局、證券及期貨事務監察委員會、資訊科技署等提供的保安提示。
  • 為了更安全地使用網上銀行,您需要保護好您的工銀亞洲U盾及密碼,電子密碼器及密碼,確保登錄網上銀行的電腦安全可靠,定期更新殺毒軟體,不打開來路不明的程式、鏈結、郵件,保持良好的上網習慣,工銀亞洲U盾,以及保持電子密碼器安全使用完畢後應及時從電腦上取回。
  • 為減輕木馬程式影響我行客戶電腦的風險,請考慮參考我行的安全提示以補充以下的安全控制訊息:    

    • 客戶切勿從任何不明的網站上下載文件。
    • 客戶切勿打開來歷不明的電郵,亦不應開啟這些電郵內的附件。
    • 客戶切勿經電郵附上的超連結、網上搜尋器、可疑的突現式視窗或其他可疑渠道登入網上服務(如網上銀行),而應在瀏覽器上端的網址欄親自輸入銀行的真實網址或將該網址記錄在瀏覽器書簽內,以連接到銀行網站。
    • 客戶應在使用前驗證我行電子銀行網站的身份和真實性。
    • 客戶應在使用前驗證我行電子銀行網站的身份和真實性。

    使用Microsoft Internet Explorer 的客戶請在使用前以按F11的方式來查看及驗證我行電子銀行網站的身份和真實性,主要步驟如下:

    1. 在工銀亞洲網上銀行的網頁中按F11 。(若瀏覽視窗上方狀態列顯示關上的鎖形圖像,表示TLS(Transport Layer Security)功能已啟動)。
    2. 按F11後,您在瀏覽網頁的上部份可以找到一個‘鎖形’圖像,點選後一個認證視窗會出現告知您正在瀏覽的網頁擁有者資料,您可以透過*證書信息認證正在瀏覽的網頁屬於中國工商銀行(亞洲)所有。

    *註: 證書信息供客戶作認證,包括:- 證書頒發網站: myebankasia.icbc.com.cn
    - 證書頒發者: Symantec Class 3 EV SSL SGC CA - G2 ;
    - 有效期:檢查安全證書是否在有效期內。
       

    其他瀏覽器 (例如: Safari)的驗證步驟與以上步驟相同,但並不需在工銀亞洲網上銀行的網頁中按F11 。
    如果您懷疑有未經授權的賬戶交易,請即致電 (852) 218  95588 與本行客戶服務部聯絡,或與分行接洽。

    注意:    

    為減低被非法入侵的風險, 請即更改路由器(Router)的預設登入密碼。

    1.我該如何保管我的密碼?
    答:您應注意下列各點並小心保管密碼:

    - 不可向任何人透露您的密碼或賬號
    - 不可讓其他人使用您的密碼
    - 不要寫下或記錄密碼
    - 不要以您的身份證號碼,電話號碼或出生日期等作為密碼
    - 使用難以猜測的密碼
    - 經常更改您的私人密碼,正確密碼可以是8至12個位的數字或英文字母
               

               
    2.我可否儲存用戶編號及密碼以免每次輸入?
    答:為確保您交易安全,用戶編號及密碼不能儲存。

               
    3.我可否以關閉瀏覽器作為離開系統的方法?
    答:關閉瀏覽器並不代表離開系統,故必須執行正式離開系統的程序。

               
    4.資料加密技術是什麼?
    答:加密技術將您於網上傳送的資料利用密碼技術改變表面意思,確保了您資料的安全。而加密與解密程序均按照非常複雜的數學原理編寫而成。

               
    5.為甚麼除了需要TLS系統功能外,還使用點對點加密技術?
    答:本行設有多種有效系統作保護,包括利用最新版本的TLS(Transport Layer Security,傳輸層安全協議)和點對點加密技術及使用各防火牆進行保護,將您於網上傳送的資料加密,才傳送至銀行系統,確保了您交易的安全。

               
    6.我怎樣知道我的瀏覽器已啟動TLS功能?
    答:若瀏覽視窗下方狀態列顯示關上的鎖形圖像,表示TLS功能已啟動
    您可以通過選擇菜單欄“文件”,然後“屬性”來驗證連接加密狀態」。

               
    7.我怎樣才可以啟動TLS功能?
    答:一般而言,您可於瀏覽器的安全性設定內選取使用TLS 1.0, TLS 1.1 和 TLS 1.2,以Microsoft Internet Explorer 8.0為例,您可依照下列的程序啟動的TLS功能:
    1.在功能列選擇 '工具'
    2.點選 'Internet選項'
    3.選擇 '進階'
    4.進入 '安全性' 項目內, 並點選 '使用 TLS 1.0' , '使用 TLS 1.1' 及 '使用 TLS 1.2' 的對話盒
    5.點選 '確定' 退出對話盒

               
    8.我怎樣確保我正在瀏覽的網頁是由貴行提供?
    答:為了安全,當您到達本行網上銀行的登入網頁並輸入網上銀行賬戶號碼、用戶編號﹙如適用﹚及密碼前,您可以在瀏覽的網頁底部找到一個‘鎖形’圖像,點選後一個認證視窗會出現告知您正在瀏覽的網頁擁有者資料,您可以透過資料認證正在瀏覽的網頁屬於中國工商銀行(亞洲)所有。

               
    9.當我使用網上銀行服務時需警覺些甚麼?
    答:在交易進行時切勿按'上一頁'或'重新整理'。同時避免將瀏覽視窗進行縮放,以保持瀏覽器的穩定性,否則會引致服務終斷。

               
    10.我要連接互聯網時,我該如何保護我的個人電腦?
    答:建議安裝最新的電腦防毒軟件,並經常更新病毒資料特徵數據(Virus definition/signature)。為保障個人電腦不會透過互聯網被不法入侵,建議安裝個人防火牆以作保護。您亦可與信譽良好的資料保安專業顧問或與軟件分銷商研究,以選取最適當之保安防護軟件。

    不同品牌的保安軟件,在不同的保護範疇均有其優點及缺點。因此必須對不同的安全性入侵提高警覺,同時留意各品牌保安軟件商,對其產品所提供之修補資料程式之發放,並即時更新。

               
    11.如果我懷疑有未經授權的賬戶交易,應該怎辦?
    答:請即致電 (852) 218 95588 與本行的客戶服務部聯絡,或與分行接洽。

    保安資訊

    注意: 如閣下懷疑網上銀行戶口被盜用或發現有不尋常交易,請即時聯絡本行。本行絕不會要求你透露密碼或透過電郵索取有關資料
    如收到透露密碼的要求,應立即聯絡我們: 客戶服務熱線(852) 218 95588 ;或 按此發出送查詢。

    電子郵件 / 即時訊息

    • 在電郵服務中使用高強度密碼;
    • 使用雙重認證以加強你的電郵帳號保安;
    • 監察及檢視登入活動;
    • 切勿下載不明來歷的檔案、開啟不明來歷的電子郵件及其附件,應立即刪除,並在郵箱之「資源回收筒」內刪除該等電子郵件;
    • 開啟或處理附加檔案前,須用防電腦病毒軟件徹底地把它掃描;
    • 取消電子郵件之"Scripting"功能,以免電腦自動開啟及執行不明來歷的檔案;
    • 小心提防要求你提供登入資訊的可疑電郵或網址;
    • 不同帳號要使用不同的電郵地址。例如,勿使用相同電郵地址登記銀行帳號及遊戲帳號。另外,在不同的網上服務要使用不同的密碼;
    • 切勿使用公眾 Wi-Fi 來登入敏感服務。使用電訊網絡會更安全;
    • 切勿開啟不明來歷的即時訊息中的連結。

    若對任何聲稱來自本行的電郵有懷疑,如說你中了抽獎或收到邀請讓你輕易地賺取金錢而不須你有任何行動,應聯絡香港金融管理局 (熱線電話:2878 8196)或警方(熱線電話: 2860 5012-3);致電客戶服務熱線(852) 218 95588 ;或 分行

    詐騙活動

    欺詐電郵、預繳費用詐騙案或"419詐騙案"    

    這類詐騙涉及不知名的人士發出信件或電郵,聲稱收件人只需協助調動一筆鉅款(通常是大筆美元),即可獲得可觀酬金。訛稱涉及的款項可能是公司利潤/積存賄款/未動用的政府經費,甚至是已故人士未領取的款項等。

    又例如發件人聲稱為銀行職員,指其一名已去世的客戶留下巨額定期存款,現無人認領,故邀請收件人合作,訛稱為客戶的親屬領取存款。如收件人同意合作,發件人便要求收件人預先繳付款項以支付文件費用。最終收件人被騙付款,其後即無法聯繫寄件人。

    騙徒的另一主要目的是套取銀行資料。這類交易一般要求收件人先付一筆費用/稅款/賄款,否則交易無法完成──亦即要求預繳費用。待受害人付出墊款,騙徒便會從此消失得無影無蹤,款項也就永遠無法追回。

    近期騙徒又有新手法,就是聲稱只需登入某個銀行網站(實質是虛假網站),便可看到有關戶口,顯示存有數以百萬元的結餘,借此說服收件人確實有筆款項存在,但實際卻並非如此。

    此外,收件人的個人資料亦通常會被利用來進行其他詐騙活動。

    網上博彩詐騙案    

    這類信件或電郵會假裝通知收件人已中了彩池,但收件人要回覆電郵才可領獎。騙徒接著會要求收件人提供銀行資料,聲稱是為了安排轉賬。他/她們甚至會要求收件人繳付一筆手續費。待受害人付出款項,騙徒便會從此消失得無影無蹤,款項也就永遠無法追回。此外,收件人所提供的個人資料亦很可能會被利用來進行其他詐騙活動。

    惡作劇電郵    

    有些人總愛利用別人的憂慮來尋開心,這實是人性醜惡的一面。不少人發出電郵,聲稱是提醒收件人發現新病毒,但其實是惡作劇性質,純粹為引起恐慌或企圖製造混亂,令商業活動受阻。

    這類警告可能並非虛假,但我們千萬不要掉以輕心,而應先到防毒軟件供應商的網站,例如McAfee、Sophos或Symantec,查明是否真有其事才採取任何行動,包括把電郵轉發給親友和同事。

    如何核實電郵者身分 ,以揭穿騙徒真面目    

    於電郵騙案中,騙徒大多利用駭客技術入侵受害人電郵戶口,查看受害人與商業伙伴的電郵,再以相同或類似的電郵戶口向受害人發出電郵,聲稱付款銀行戶口已更改,並要求受害人將指定金額匯入騙徒指定的銀行戶口。按警方呼籲,市民若收到可疑電郵,應在匯款前主動以電話確認對方真正身份或該項要求的真確性,以防受騙。

    瀏覽器中間人攻擊Man-In-The-Browser Attack(MITB)    

    請務必提高對近期一種名為「瀏覽器中間人攻擊」Man-In-The-Browser Attack (MITB)的警覺。此類攻擊者是入侵用戶的連線及向用戶顯示假冒的畫面並嘗試取得及更改用戶的資料。

    • 常見的MITB攻擊情況是攻擊者入侵用戶的登入。攻擊者在等侯其資料被核實時向用戶顯示與網上銀行相似的畫面並要求用戶等候。攻擊者亦會發出登記收款人或更改用戶資料的指示。用戶便會經手機短訊收到相關的一次有效密碼。此時,攻擊者會向用戶顯示更多假冒的網上銀行畫面並要求用戶輸入一次有效密碼,以進行登記收款人及/或更改用戶資料。
    • 如於登入網上銀行後發現不正常的畫面或訊息,請勿繼續。
    • 如您經手機短訊收到您沒有要求過的一次有效密碼,請不要回應並查核您的收款人資料及沒有未授權的登記。

    查察及報告不尋常 / 懷疑欺詐 / 欺詐之交易

    • 定期檢查您的賬戶結餘和月結單,立即將賬戶內不尋常之交易通知本行(請勿忽視不尋常的小額交易) ;
    • 定期檢查您的個人資料,以免因被人盜用您的個人資料而造成不必要的損失;
    • 如聯絡資料有任何更改,應立即通知本行,以便本行發現不尋常之網上交易時可獲及時通知;
    • 如懷疑任何關於網上銀行交易的可疑事故時,您應立即經以下列任何方式聯絡我們並提供有關詳細資料

    (您最後的登入時間;
    網上銀行列印賬戶資料;或
    電子郵件;或
    擷取螢幕(如影像)。) :
    致電客戶服務熱線(852) 218  95588 ;或
    按此發出查詢。;或 親臨本行任何一間分行

    更多保安資訊

    如欲查詢更多有關網上銀行安全事宜,請參閱:
    由香港金融管理局及香港銀行公會聯合提供之「網上銀行 - 方便又安全」資料
    https://www.hkma.gov.hk/chi/key-functions/banking-stability/internet-banking/two-factor-authentication.shtml                                

    個人網上銀行保安小貼士

    (1) 雙重認證 雙倍保障

    雙重認證是指利用兩種不同性質的資料,用作核實用戶的真正身份:

       

    利用雙重認證的好處:    

    因騙徒無法在網上盜取您持有的實物工具(如:手提電話),因而可大幅提升安全程度;可保障高風險的交易,因為只有網上銀行用戶才持有實物工具,令所有高風險的網上銀行交易(例如轉賬至未登記的第三者賬戶)都能得到雙重保障;使用方法簡單,只需依循簡單的步驟便能完成高風險交易。

    (2) 網上安全您要知

    當完成網上交易後,必須點擊「登出」確認離開系統,以防止個人資料外洩。請妥善保管您的電子証書,電子密碼器和手機,它是重要的雙重認證工具。請不要透過任何電子郵件提供的超連結登入網上銀行。我們也不會以電郵方式要求客戶提供賬戶號碼、密碼或任何個人資料。為確保賬戶安全,如您連續3次輸入錯誤的網上銀行登入密碼,您当日的網上銀行服務將被临时暫停,如記起登入密碼,可于第二天再行嘗試登入。如多天後仍未能登入網上銀行,服務有可能被暫停,請致電218 95588或直接前往分行查詢。

    (3) 使用Java plugin要注意的事情

    1. 訪問甲骨文官方網站,下載及安裝於2013年1月15日或之後公佈的最新Java軟件,該軟件需針對及解決他們於2013年1月13日的聲明中的軟件問題。
    2. 如要使用網銀時,才開啟有關Java軟件。
    3. 直接輸入本行門戶網站www.icbcasia.com(不要使用書籤的連結),再於工銀亞洲門戶網站開啟及登入本行網上銀行。
    4. 客戶可參考“電子銀行安全知識專區”中“加強保安 -- 您的角色與責任”的問題8,以確保正在瀏覽的網頁是否由本行提供。
    5. 正常登入網銀及使用,其間不另外使用其他需要Java的不知名網站。
    6. 正常登出網銀。
    7. 如客戶擔心Java影響其電腦保安,可登出網銀行後立即關閉停用Java,下次再使用網銀時再開啟Java及使用。

    (4) 評估已登記第三者賬戶

    登記第三者賬戶時,如該賬戶是高風險商戶類別(如貨幣服務營運者、或能較容易將產品或服務轉換為金錢者,如匯款服務商、外幣兌換商、珠寶首飾公司、博彩業機構、財務類/借貸類服務者例如股票經紀行、信用卡商戶),請慎重決定申請及瀏覽本行網頁了解更多保安提示。請留意登記某些機構的賬戶作為第三者賬戶時,有可能會引起將資金提取或轉賬至其他未經指定受益人的潛在風險。

    手機保安資訊小貼士

    1.如何保障手機銀行使用安全?
    答:- 請客戶經常保持警覺,注意任何試圖冒充本公司手機銀行的偽造網站或iPhone/Android 應用程序。在任何情況下,閣下均不應透過來歷不明的電子郵件中的超鏈接,進入自己的手機銀行銀行交易賬戶。為確保閣下的個人資料安全,閣下應使用本行提供的官方網址m.icbcasia.com 或 https://.mobilehk.icbc.com.cn 或從 Apple App Store/Google Play 官方網站下載的手機銀行應用程序登入本行手機銀行。
    - 使用流動電話原先提供的瀏覽器,避免使用由其它來源下載的新安裝瀏覽器,定時清除瀏覽器的暫存及歷史資料。切勿在瀏覽器選擇儲存或保留密碼,并關閉瀏覽器「自動完成」設定,防止第三者從瀏覽器盜取您的登入資料。
    -流動設備(流動電話或平板電腦)須安裝和定期更新保安程式、防毒程式和防間諜程式。避免在裝有盜版、破解版、偽造及/或未授權應用程序的流動設備或軟件保護被破解或已獲得流動設備的軟件作業系統最高權限的流動設備上(包括但不限於已「越獄 (jailbroken)」或「刷機 (rooted)」的流動設備)使用手機銀行。
    -確定所使用的流動設備操作系統及應用軟件仍受供應商支援,并啟動自動更新功能定期從可信賴的來源取得及為流動設備安裝修補程序。切勿嘗試安裝來源不明的軟體/應用程式。如發現任何可疑的程式,切勿嘗試下載、登入及應即時停止操作。
    - 避免使用公眾地方的Wi-Fi(無線網絡)及欠缺密碼保護的Wi-Fi登入手機銀行。當使用Wi-Fi無線上網時,使用已加密及可信賴的Wi-Fi無線網絡或服務提供者,並採用保安措施,例如盡可能使用保護無線計算機網絡安全的系統 (Wi-Fi Protected Access),或移除不必要的Wi-Fi連線設定。
    -關閉無需使用的無線網絡功能(如Wi-Fi、藍芽、NFC)。
    -每次使用手機銀行時,請先核對上一次登入及登出的記錄;應定期檢查賬戶結餘及核對交易記錄。如發現可疑情況,請即與我行聯絡。
    - 客戶於收到密碼函件後,請緊記私人密碼並把該信銷毀。為確保私人密碼得以保密,本行建議首次使用時,更改私人密碼,並且切勿以身份證號碼、電話號碼、出生日期、駕駛執照或容易被猜中的號碼或文字作為密碼,並避免使用閣下於其它網站登記的密碼作為登入密碼。
    - 切勿向任何人 (包括銀行職員及警方) 透露 閣下的手機銀行賬戶名稱及密碼(包括一次性密碼),亦不應隨便向任何人透露 閣下的個人資料,如身份證號碼、出生日期等。
    - 切勿將密碼寫在任何手機銀行所需的裝置,或經常與此等裝置放在一起的對象上,而應確保您緊記這密碼。
    -切勿讓第三者使用您的手機銀行及密碼。請設定難以猜測的鎖機密碼及自動上鎖功能。
    - 避免於環境擠迫的地方登入手機銀行,並留意個別手機在輸入密碼時,有關密碼可能以明碼的方式放大,間接讓他人有機會偷取有關登入資料,閣下應格外小心。
    - 進行銀行交易前,請先查看四周環境,確保沒有人看見您的手機銀行密碼。
    - 為安全著想,請透過個人網上電子銀行,定期更改您的手機銀行密碼。
    - 基於保安問題,客戶不可同時使用三個不同平台(例:WAP、iPhone App及Android App)登入同一個網上理財賬戶。
    2.如果遺失手機銀行密碼或手機應如何處理?
    答:如閣下遺失手機銀行密碼或手機,或懷疑密碼或手機遭盜用,或賬戶曾錄得未經授權的交易,請即與手機服務供應商及本行聯絡。
    3.手機銀行應用程式是免費的嗎?
    答:我們不會從手機銀行應用程式收取任何費用。但是,當您在訪問或下載該應用程式時, 您的手機網路運營商可能會收取費用。您將對上述費用負責。
    4.於手機銀行是否可應用雙重認證?有什麼好處?
    答:雙重認證是指利用兩種不同性質的資料,用作核實用戶的真正身份:

    利用雙重認證的好處:
    因騙徒無法在網上盜取您持有的實物工具(如:電子密碼器),因而可大幅提升安全程度;可保障高風險的交易,因為只有網上銀行用戶才持有實物工具,令所有高風險的網上銀行交易(例如轉賬至未登記的第三者賬戶)都能得到雙重保障;使用方法簡單,只需依循簡單的步驟便能完成高風險交易。

    自動櫃員機保安小貼士

    為使您可安全地使用工銀亞洲自動櫃員機服務, 請注意以下安全事項:        

    • 使用時觀察自動櫃員機附近有否加裝任何可疑裝置(如針孔鏡頭或磁帶閱讀器),此等裝置可能是用以盜取您的提款卡磁帶上的資料或密碼。
    • 完成交易後記緊提取提款卡,切勿將提款卡遺留在櫃員機。
    • 當輸入私人密碼時,請用手遮蓋鍵盤,以免任何人士可從您背後或其他方向看到您的密碼,同時避免接受陌生人的協助。
    • 切勿向任何人士,包括銀行職員或警務人員披露您的私人密碼。
    • 切勿外借您的提款卡與任何人士,包括銀行職員或警務人員。
    • 收到提款卡後,請立即更改私人密碼。
    • 切勿使用與登入其他服務(例如其他銀行提款卡)相同的私人密碼。
    • 請緊記您的提款卡私人密碼,切勿將私人密碼記錄並與提款卡一同存放。
    • 切勿使用易於識別的提款卡私人密碼(例如出生日期、身份證號碼或電話號碼)。
    • 請定期透過工銀亞洲自動櫃員機更新您的提款卡私人密碼。
    • 如遺失提款卡或私人密碼,請立即通知銀行。

eBanking Security Tips

1.Security

   How well is my information being protected with your Internet Banking Service?

  • The system is equipped with network security features. It includes TLS(Transport Layer Security) with end-to-end encryption and Firewalls protection. Your input is encrypted by the end-to-end encryption within your browser before it is sent to our bank through the SSL channel to ensure every transaction is safe.
  • Our Bank employs Public Key Infrastructure (PKI) technology to ensure security of Internet transactions and your personal data. Utilizes the advanced technology : the password token and Digi-Sign Certification Services Limited digital certificate (i.e. e-Cert), which includes a public key and private key to authenticate unique user. Our Bank currently accepts password token and digital certificate issued by Digi-Sign Certification Services Limited (for company customer only) as means of two-factor authentication for our Internet Banking. The e-Cert provides you with a unique identification and secure authentication. For your protection, you should use e-Cert with non-duplicable private key stored in a secure media for conducting transactions of Internet Banking.
  • Other than e-Cert, you can also use the password token, which adopts new generation of encryption technology as the two-factor authentication authorization for performing transactions via Internet Banking Services.
  • Identification of User ID and password with enforced change of password upon the first login.
  • The Internet banking Service will be suspended if the login password has been incorrectly entered for 3 consecutive times in the same day.

For your maximum protection, we would like to remind you to take the following precautionary measures to prevent the fraudulent use of the password or unauthorized disclosure.

  • Install up-to-date virus protection software and personal firewalls, keep the virus definition/signature up-to-date, to ensure you have adequate protection to your personal computers.
  • Do not install software or open email attachments from unknown sources.
  • Do not access the Bank's website through hyperlinks embedded in e-mails.
  • Verify the validity of digital certificate of Internet Banking server.
  • Change your initial password when you first access Internet Banking Service.
  • Change your password periodically.
  • Keep your password confidential at all times. Do not disclose your password to any other person, including Bank's employee.
  • Do not write down or record the password in any form recognizable as password.
  • Do not send the password via e-mail.
  • Do not use your identity card number, telephone number, birthday or recognizable part of the name as your password.
  • Do not use the same user name and password for your Internet bank accounts and for access to other services (for example, for connection to the internet or accessing other web sites).
  • Use combination of numbers and alphabets, upper and lower case for your password if possible.
  • Log out the Internet Banking Service and clear the browser cache after your have completed your banking activities. You should not leave a session unattended at any time.
  • Ensure the personal computer/mobile device is not left unattended whilst the service are in use.
  • Ensure proper physical access controls for your personal computer and Internet connections. Do not access the Internet Banking service from public personal computers (e.g. cyber cafes).
  • You should provide a valid mobile phone and contact numbers for notification purpose and notify the Bank timely if any of these numbers are changed.
  • Review regularly and follow security tips published by the Hong Kong Association of Banks, the Consumer Council, the Hong Kong Police Force, the Hong Kong Monetary Authority, the Securities and Futures Commission or the Information Technology Services Department.
  • For security sake, you should protect your ICBC (Asia) USB-Shield and its password, password token and its password and make sure the computer where you log on Internet Banking is reliable. You should update your antivirus software periodically. Do not open unsolicited procedures, links, and e-mails, and timely remove ICBC (Asia) USB-Shield from the computer and keep safe of the password after use.
  • Please consider to review our security tips and supplement the following security controls to mitigate the risks of trojan horse affecting your PC:

    • Customers should not download files from any unknown websites.
    • Customers should not open emails or its attachment from unknown senders.
    • Customers should never access your internet services such as internet banking through hyperlinks embedded in emails, internet search engines, suspicious pop-up windows or any other doubtful channels. (customers should connect to a bank website through typing the authentic website address in the address bar of the browser or by bookmarking the genuine website and using that for subsequent access).
    • Customers should not open emails or its attachment from unknown senders.
    • Customers should validate the identity and genuineness of our e-banking website before usage.

    For IE (internet explorer) users, please press F11 to validate the identity and genuineness of our e-banking website before usage, the steps are as followings:

    1. Press F11 during your visit in the ICBC (Asia)’s internet banking webpage. (If there is a "closed" lock showing on top of your browser, it is TLS-enable.)
    2. After pressing F11, you can find a small icon of a lock or a key in the top right corner of your browser. A *certificate window will be display and it will show you the owner of the web page which you are currently browsing, you can then verify if the current web page belongs to ICBC (Asia).

    *Note: The following messages in the certificate window will be display for customers to verify the trustiness of the website.
    - the website name which is certified (issued to): myebankasia.icbc.com.cn
    - the certifier of the website whom is issued by: Symantec Class 3 EV SSL SGC CA - G2
    - the valid date: to check whether the website is within the valid date

    For other browsers such as Safari, the verification steps are the same as above, but you not need to press F11 to access the top bar during visit in the online banking webpage.

    If you suspect there are unauthorized transactions in your account, immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.

           Important:        

    To minimize the risk of your Router being hacked by using default password, please change the password immediately.

    1.How should I take care of my password?
    A:You should note the following points in taking care of your password:

    - Do not disclose your password or account number to anyone.
    - Do not allow anybody else to use your password.
    - Do not write down or record the password without disguise.
    - Do not use your Hong Kong Identity Card number, telephone number or date of birth etc. as your password.
    - Use a password that is difficult to guess.
    - Change your password regularly, the length of password can be from 8 to 12 alphanumeric characters.
                           

               
    2.May I save my User ID and password so that I do not need to enter them every time I login?
    A:To ensure every transaction is safe, the User ID and password cannot be saved.

               
    3.May I save my User ID and password so that I do not need to enter them every time I login?
    A:To ensure every transaction is safe, the User ID and password cannot be saved.

               
    4.What is data encryption?
    A:Encryption refers to the scrambling of data to to protect the security of data. The encryption and decryption functions are based on complex mathematical theories.

               
    5.Why do we need end-to-end encryption in addition to TLS?
    A:TLS treats transaction data and password in the same way while end-to-end encryption can handle the password in different way so that your password can enjoy the highest protection. End-to-end encryption enables the encryption of information at its origin and decryption at its intended destination without any intermediate decryption.

               
    6.How can I know that my browser is TLS-enable?
    A:If there is a "closed" lock at the bottom of your browser, it is TLS-enable.
    You may verify connection encryption status by select menu bar "File" and then "Properties".

               
    7.How to enable TLS in my browser?
    A:Generally speaking, you can enable TLS 1.0, TLS 1.1 and TLS 1.2 in the security settings of internet browser. For example, in case of Microsoft Internet Explorer 8.0, you can follow the procedure below:
    1. Select "Tools" from the Menu bar
    2. Select "Internet Options"
    3. Click on the "Advanced" tab
    4. Choose "Security" and enable TLS 1.0, TLS 1.1 and TLS 1.2.
    5. Click "OK"
                           

               
    8.How can I make sure that the web pages of the Internet Banking I am currently browsing really come from your Bank?
    A:When you reach the login page that requires you to enter ICBC(Asia) Internet Banking Account Number, User ID where applicable and Password, for security purpose, you can click the small icons of a lock or a key at the bottom of your browser. A certificate windows will be displayed telling you the owner of the web page you are currently browsing, you can then verify if the current web page belongs to ICBC(Asia).
    • the website name which is certified (issued to): myebankasia.icbc.com.cn
    • the certifier of the website whom is issued by: Symantec Class 3 EV SSL SGC CA - G2
    • the valid date: to check whether the website is within the valid date
                           

               
    9.What should I be aware while using the Internet Banking Service?
    A:In order to protect your interest in enjoying our service, you are highly recommended not to use the "Back"/"Reload" button, minimize, maximize or resize the browser. If you do that, our security module might disconnect the session.

               
    10.How do I secure my personal computer if I have static internet connection?
    A:You are recommended to install the most up-to-date anti-virus software and update the software with virus signature regularly. For maximum protection, we also advise you to install personal firewall software to protect your personal computers against intrusion via the Internet. You are recommended to discuss with reputable information security professionals and software vendors to select the best suit security protection software.

    It is noted that different security software products might have different strength and weaknesses in different protection scenarios. You are always reminded to alert to different security vulnerabilities and exposures and patch the software promptly.

               
    11.What should I do if I suspect there are unauthorized transactions in my account?
    A:Immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.
     

    2.Security Information

    Important

    If you suspect any unauthorized use of your Internet Banking account or any abnormal transactions in the account, you should contact our us at once. Our bank will never ask you for your password or send you emails requesting that information.
    If you receive such a request, contact us immediately. Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry.

    Email / Instant Message

    • Use strong password in your email service;
    • Use two-factor authentication as far as possible to secure your email account;
    • Monitor and review login activity;
    • Do not download files from unknown sources, open emails or its attachment from unknown senders. Delete emails from unknown senders immediately after receipt. Such mails should also be deleted from the "Trash Bin" of your email box;
    • Scan executable files attached before you open or execute them;
    • Disable scripting features for emails applications to prevent auto-execution of the unknown files;
    • Be vigilant to suspicious email or website which asks you to provide your login credentials;
    • Use different email address for different account. For example, avoid using the same email address for banking and gaming services. Also use different passwords for different online services;
    • Do not use public Wi-Fi to access sensitive services. Using telecommunication network is more secure;
    • Do not click any hyperlink embedded in an unknown email / instant message.

    When an email claiming to originate from us looks suspicious to you, e.g. if it says you have won a prize draw or there is an offer for you to make some easy money without any action on your part, contact the HKMA hotline on 2878 8196 or the police hotline on 2860 5012-3 or Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry; or Contact any of our branches in person.

    Online attack

           Fraudulent emails, Advance fee or '419 Fraud'        

    This involves unsolicited letters and e-mail messages offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. These funds are said to be anything from corporate profits/accumulated bribes/unspent government funds to unclaimed money belonging to a deceased person.

    Or the email sender claimed to be a bank staff, inviting the recipient to pretend to be the next-of-kin of a deceased client who has left a huge sum of unclaimed fixed deposit. Upon receiving favourable reply, the fraudster requested the recipient to pay a fee in advance for preparing the necessary documents in order to claim that estate. Finally, the email recipient was cheated and could not reach the sender again.

    The fraudsters are after banking details. The transactions typically require the recipient of the letter or e-mail message to pay something like a fee/tax/bribe to complete the deal - this is the Advance fee. However, any fees paid will be lost.

           Lottery fraud        

    This involves letters or e-mail messages which advise the recipient that they have won a prize in a lottery. To obtain the funds they are asked to respond to the letter or e-mail message. A request will then be made for the recipient to provide his/her bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. If paid, this fee will be lost. Also, any details given will probably be used to commit further fraud.

           Virus hoax e-mail        

    Many e-mail warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses. Such warnings may be genuine, so don't take them lightly, but always check the story out by visiting an antivirus site such as McAfee, Sophos or Symantec before taking any action or forwarding them to friends and colleagues.

           Beware of Email Scam "Verify Suspicious E-mails Uncover Online Swindlers"        

    In cases of email scam, the fraudsters hacked into the victim's email account, checked the victim¡¯s business correspondence with business partners. They sent an email to the victim using the same or similar email account of his business partner and claimed that the payment bank account had been changed who further requested the victim to deposit the payment for goods into the fraudster¡¯s designated bank account. Police appeal that if you receive any suspicious emails, you should confirm the identity of the purported business partners or the authenticity of the requests by means of telephone before remittance so as to prevent from being deceived.

           Man-In-The-Browser Attack        

    Please be highly aware of a recent online threat known as a Man-In-The-Browser (MITB) attack, where an attacker takes control over a customer's connection and transmits counterfeit screens to the customer in attempt to capture and manipulate customer data.

    • A frequent MITB attack scenario involves the attacker taking control over a customer's login session. The attacker transmits screens similar to the online banking screens requesting the customer to wait while their details are being verified. During this, the attacker would initiate a request for adding payee or updating personal information while the customer's account is being compromised. An SMS containing a One-Time Password (OTP) is sent to the customer's mobile phone as part of the process. More counterfeit screens are transmitted to the customer to prompt the customer to key in the OTP in order for the attacker to proceed with payee addition and/or personal information update.
    • Please do not proceed if you notice an unusual screen or message during your online banking login session.
    • Do not act on an SMS containing an OTP that you have not requested for, review your existing payee list for any unauthorized additions.

    Detecting and Reporting Abnormal Activities / Suspected Frauds / Frauds

    • Check your account balance & statement regularly, contact us immediately should you encounter any abnormal transaction. (Don't ignore any unusual activity even if it is a minor one.)
    • Check your personal profile regularly to avoid loss caused by unauthorized usage of your personal information.
    • Notifying us of any change of your contact information immediately, so that we can contact you in case an abnormal online transaction is found.

    If you suspect any online transaction case, you should immediately submit the information (Your last logon time;
    Printouts of account information from Internet Banking; or
    Emails; or
    Screen captures (such as images) relating to the activities or suspected frauds.) to us via the following channels
    Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry; or Contact any of our branches in person.

    More Security Information

    To know more about the security issue of Internet Banking, please refer to below "Internet Banking - Convenient & Safe" jointly provided by HKMA & HKAB :
    https://www.hkma.gov.hk/eng/key-functions/banking-stability/internet-banking/two-factor-authentication.shtml    

    3.Internet Banking Security Tips

    (1)Two-factor Authentication to Strengthen Security

    The Two-factor authentication uses a combination of 2 different factors for verifying a user's identity:

       

           Advantage of Two-factor Authentication:        

    Your transaction is highly protected because the fraudsters cannot steal your physically possessed tools (such as your mobile phone) over the Internet. All of the high-risk Internet Banking transactions, such as fund transfers to non-designated accounts, are protected by this additional authentication tool physically held by yourself. By just a few simple steps, you can enjoy this enhanced security level of online transactions.

    (2) Security Tips

    After you have finished all online transactions, you must remember to click "Logout" to exit from the Internet Banking system to avoid any information leaking. Please safeguard your digital certificate, password token and mobile because it is an important tool for two-factor authentication. Do not access Internet Banking through hyperlinks embedded in e-mails. The Internet banking Service will be suspended if the login password has been incorrectly entered for 3 consecutive times in the same day .You may try to login again in the next day. If you are still unable to login to Internet Banking, your service may be suspended. Please call 218 95588 or visit the branch for assistance.

    (3) Note of using Java Plugin

    We recommend customers to perform the following actions if you are using Java to login our Internet Banking.

    1. Download and install the latest Java patch, which should fix the problem that Oracle officially announced on 13 January 3013, from official Oracle website announced on 15 January 2013 or thereafter.
    2. Open the related Java software only before using the Internet Banking Service.
    3. Enter our official website directly: www.icbcasia.com (Do not use the link in Bookmark), follow by logging in the Internet Banking from the ICBC (Asia) website.
    4. Customer can refer to the question 8 in the “More on Security- Your Roles and Responsibilties” in the "ebanking Security Tips", to ensure if the browsing wesbite is provided by ICBC (Asia).
    5. Login and use Internet Banking normally, do not get into other unknown website which uses Java simutanleously.
    6. Logout Internet Banking normally.
    7. If customers worry about Java on their computer security, they can stop using Java after logging out the Internet Banking and open Java when you login Internet Banking next time.

    (4) Review of Registered Third Party Accounts

    Before your registration of third party's account(s) which is of high risk categories (e.g. money service operator or agent that provides services or products that can be easily converted to money such as remittance agent, money changer, jewellery companies, casino, finance/loans related service such as stock agents, credit card merchants) for fund transfer, please consider carefully and read the Bank's online security tips. Please be aware of the potential risk of registering third-party accounts of some institutions which may be used for retrieving funds or transferring funds to another non-designated beneficiary.。

    4. Mobile Banking Security Tips

      How to increase the security level when using Mobile Banking Service?

    • A:Customers are reminded to be vigilant of any fraudulent websites or Mobile Banking app related to ICBC (Asia). It is always prudent to access to the official Mobile Banking websites through the address official"m.icbcaisa.com" / "https://mobilehk.icbc.com.cn", or through the official Mobile Banking app downloaded from official application stores.
      -Do not store your password in browser, and disable the “AutoComplete” feature to prevent any third party from accessing to your login credential via the browser.
      -Install or update the latest anti-virus and anti-spyware software regularly on your mobile devices (smartphones or tablets). Do not use any ‘jailbroken’ or ‘rooted’ mobile devices which may have security loopholes to logon to Mobile Banking.  
         
      -Make sure you are using compatible versions of operating systems of your mobile devices. Enable the auto-update feature to obtain and install security patches regularly from trusted sources. If you find an application is suspicious, please do not download, install, login and should stop operation immediately.    

      - Avoid access to the Mobile Banking via public Wi-Fi (wireless network) and Wi-Fi without password setting. Choose a reliable Telecom Service Provider.    

      -Disable any wireless networking functions (e. g. Wi-Fi, Bluetooth, NFC) when not in use.
      -Please verify your last login and logout records every time you use mobile banking service. You should also check your account balance and transaction records regularly. If there are any suspicious transactions, please contact us immediately.
      -After receiving the PIN notification letter, please memorize the PIN and destroy the notification letter immediately. To enhance the security level, we suggest you changing the PIN when you use it for the first time. Do not use your identity card number, telephone number, date of birth, driving license number, or easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.
      - Do not disclose your user name and password(including one-time password) of Mobile Banking to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as identity card number and date of birth to anyone.      

      - Do not store your mobile banking account name and password in the mobile.    

      -Do not write the password on any of the devices used for accessing Mobile Banking or anything nearby. You should memorize the password instead.

      -Do not allow anyone else to use your mobile banking or password. Set a passcode for your mobile device that is difficult to guess and activate the auto-lock function.    

      -Avoid using Mobile Banking in crowded area and take note of entering password via specific handsets. The format of password may be enlarged with clear display. It would let people nearby get your sensitive information indirectly.    

      - Check your surroundings before performing any banking transactions, and make sure that no one sees your Mobile Banking password.
      -For security purpose, change your Mobile Banking password regularly via our Internet Banking Services.
      -For security reason, you cannot logon the same "Internet Banking Account Number / Defined User Name" with three channels (e.g. WAP\ iPhone App\ Android App) simultaneously.
      • What should I do if I lose my password or mobile handset?

      • A:  If you lose your Mobile Banking password/mobile handset, or suspect that your password or security device is used by an unauthorized party, or find any unauthorized transaction(s) associated with your account, please contact your Telecom Service Provider and contact us immediately.
        • Any cost for using Mobile Banking Application?

        • A: We do not charge for using the Mobile Banking App. However, you are responsible for the charges incurred by your mobile network operator when you access or download the Application.
          • Is two-factor authentication available on Mobile Banking? What is the advantage?

          • A: The Two-factor authentication uses a combination of 2 different factors for verifying a users identity:    

            Advantage of Two-factor Authentication:
            Your transaction is highly secured because the fraudsters cannot steal your physically possessed tools (such as your Password Token) over the Internet. All of the high-risk Mobile Banking transactions, such as fund transfers to non-designated accounts, are protected by this additional authentication tool physically held by yourself. By just a few simple steps, you can enjoy this enhanced security level of online transactions
            • Beware of any suspicious device (eg, pin hole camera or magnetic card reader)attached to the ATM. That device may be a skimming device to compromise your ATM card data or PIN.
            • Get back your ATM card once completed the transactions. Do not leave your ATM card in the slot.
            • Do not allow anyone see your PIN and avoid anyone looking over your shoulder.
            • Never disclose your ATM Card PIN to anyone including bank staff or police.
            • Never lend your ATM card to anyone including bank staff or police.
            • Change your ATM card PIN immediately upon receiving it.
            • Do not use the same ATM card PIN for accessing more than one services(e.g. ATM service of other bank).
            • Memorize your ATM card PIN and do not write it down with your ATM card.
            • Never set ATM Card PIN same as birthday, ID number or telephone number which can be easily guessed.
            • Change your ATM Card PIN via ICBC(Asia) ATM regularly.
            • Report to ICBC(Asia) if your ATM card or PIN is lost or has been identified by any another person
          eBanking Security Tips

          1.Security

             How well is my information being protected with your Internet Banking Service?                        

          • The system is equipped with network security features. It includes TLS(Transport Layer Security) with end-to-end encryption and Firewalls protection. Your input is encrypted by the end-to-end encryption within your browser before it is sent to our bank through the SSL channel to ensure every transaction is safe.
          • Our Bank employs Public Key Infrastructure (PKI) technology to ensure security of Internet transactions and your personal data. Utilizes the advanced technology : the password token and Digi-Sign Certification Services Limited digital certificate (i.e. e-Cert), which includes a public key and private key to authenticate unique user. Our Bank currently accepts password token and digital certificate issued by Digi-Sign Certification Services Limited (for company customer only) as means of two-factor authentication for our Internet Banking. The e-Cert provides you with a unique identification and secure authentication. For your protection, you should use e-Cert with non-duplicable private key stored in a secure media for conducting transactions of Internet Banking.
          • Other than e-Cert, you can also use the password token, which adopts new generation of encryption technology as the two-factor authentication authorization for performing transactions via Internet Banking Services.
          • Identification of User ID and password with enforced change of password upon the first login.
          • The Internet banking Service will be suspended if the login password has been incorrectly entered for 3 consecutive times in the same day.

          For your maximum protection, we would like to remind you to take the following precautionary measures to prevent the fraudulent use of the password or unauthorized disclosure.                        

          • Install up-to-date virus protection software and personal firewalls, keep the virus definition/signature up-to-date, to ensure you have adequate protection to your personal computers.
          • Do not install software or open email attachments from unknown sources.
          • Do not access the Bank's website through hyperlinks embedded in e-mails.
          • Verify the validity of digital certificate of Internet Banking server.
          • Change your initial password when you first access Internet Banking Service.
          • Change your password periodically.
          • Keep your password confidential at all times. Do not disclose your password to any other person, including Bank's employee.
          • Do not write down or record the password in any form recognizable as password.
          • Do not send the password via e-mail.
          • Do not use your identity card number, telephone number, birthday or recognizable part of the name as your password.
          • Do not use the same user name and password for your Internet bank accounts and for access to other services (for example, for connection to the internet or accessing other web sites).
          • Use combination of numbers and alphabets, upper and lower case for your password if possible.
          • Log out the Internet Banking Service and clear the browser cache after your have completed your banking activities. You should not leave a session unattended at any time.
          • Ensure the personal computer/mobile device is not left unattended whilst the service are in use.
          • Ensure proper physical access controls for your personal computer and Internet connections. Do not access the Internet Banking service from public personal computers (e.g. cyber cafes).
          • You should provide a valid mobile phone and contact numbers for notification purpose and notify the Bank timely if any of these numbers are changed.
          • Review regularly and follow security tips published by the Hong Kong Association of Banks, the Consumer Council, the Hong Kong Police Force, the Hong Kong Monetary Authority, the Securities and Futures Commission or the Information Technology Services Department.
          • For security sake, you should protect your ICBC (Asia) USB-Shield and its password, password token and its password and make sure the computer where you log on Internet Banking is reliable. You should update your antivirus software periodically. Do not open unsolicited procedures, links, and e-mails, and timely remove ICBC (Asia) USB-Shield from the computer and keep safe of the password after use.
          • Please consider to review our security tips and supplement the following security controls to mitigate the risks of trojan horse affecting your PC:

            • Customers should not download files from any unknown websites.
            • Customers should not open emails or its attachment from unknown senders.
            • Customers should never access your internet services such as internet banking through hyperlinks embedded in emails, internet search engines, suspicious pop-up windows or any other doubtful channels. (customers should connect to a bank website through typing the authentic website address in the address bar of the browser or by bookmarking the genuine website and using that for subsequent access).
            • Customers should not open emails or its attachment from unknown senders.
            • Customers should validate the identity and genuineness of our e-banking website before usage.

            For IE (internet explorer) users, please press F11 to validate the identity and genuineness of our e-banking website before usage, the steps are as followings:

            1. Press F11 during your visit in the ICBC (Asia)’s internet banking webpage. (If there is a "closed" lock showing on top of your browser, it is TLS-enable.)
            2. After pressing F11, you can find a small icon of a lock or a key in the top right corner of your browser. A *certificate window will be display and it will show you the owner of the web page which you are currently browsing, you can then verify if the current web page belongs to ICBC (Asia).

            *Note: The following messages in the certificate window will be display for customers to verify the trustiness of the website.
            - the website name which is certified (issued to): myebankasia.icbc.com.cn
            - the certifier of the website whom is issued by: Symantec Class 3 EV SSL SGC CA - G2
            - the valid date: to check whether the website is within the valid date

            For other browsers such as Safari, the verification steps are the same as above, but you not need to press F11 to access the top bar during visit in the online banking webpage.

            If you suspect there are unauthorized transactions in your account, immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.

                   Important:        

            To minimize the risk of your Router being hacked by using default password, please change the password immediately.

            1.How should I take care of my password?
            A:You should note the following points in taking care of your password:

            - Do not disclose your password or account number to anyone.
            - Do not allow anybody else to use your password.
            - Do not write down or record the password without disguise.
            - Do not use your Hong Kong Identity Card number, telephone number or date of birth etc. as your password.
            - Use a password that is difficult to guess.
            - Change your password regularly, the length of password can be from 8 to 12 alphanumeric characters.
                                   

                       
            2.May I save my User ID and password so that I do not need to enter them every time I login?
            A:To ensure every transaction is safe, the User ID and password cannot be saved.

                       
            3.May I save my User ID and password so that I do not need to enter them every time I login?
            A:To ensure every transaction is safe, the User ID and password cannot be saved.

                       
            4.What is data encryption?
            A:Encryption refers to the scrambling of data to to protect the security of data. The encryption and decryption functions are based on complex mathematical theories.

                       
            5.Why do we need end-to-end encryption in addition to TLS?
            A:TLS treats transaction data and password in the same way while end-to-end encryption can handle the password in different way so that your password can enjoy the highest protection. End-to-end encryption enables the encryption of information at its origin and decryption at its intended destination without any intermediate decryption.

                       
            6.How can I know that my browser is TLS-enable?
            A:If there is a "closed" lock at the bottom of your browser, it is TLS-enable.
            You may verify connection encryption status by select menu bar "File" and then "Properties".

                       
            7.How to enable TLS in my browser?
            A:Generally speaking, you can enable TLS 1.0, TLS 1.1 and TLS 1.2 in the security settings of internet browser. For example, in case of Microsoft Internet Explorer 8.0, you can follow the procedure below:
            1. Select "Tools" from the Menu bar
            2. Select "Internet Options"
            3. Click on the "Advanced" tab
            4. Choose "Security" and enable TLS 1.0, TLS 1.1 and TLS 1.2.
            5. Click "OK"
                                   

                       
            8.How can I make sure that the web pages of the Internet Banking I am currently browsing really come from your Bank?
            A:When you reach the login page that requires you to enter ICBC(Asia) Internet Banking Account Number, User ID where applicable and Password, for security purpose, you can click the small icons of a lock or a key at the bottom of your browser. A certificate windows will be displayed telling you the owner of the web page you are currently browsing, you can then verify if the current web page belongs to ICBC(Asia).
            • the website name which is certified (issued to): myebankasia.icbc.com.cn
            • the certifier of the website whom is issued by: Symantec Class 3 EV SSL SGC CA - G2
            • the valid date: to check whether the website is within the valid date
                                   

                       
            9.What should I be aware while using the Internet Banking Service?
            A:In order to protect your interest in enjoying our service, you are highly recommended not to use the "Back"/"Reload" button, minimize, maximize or resize the browser. If you do that, our security module might disconnect the session.

                       
            10.How do I secure my personal computer if I have static internet connection?
            A:You are recommended to install the most up-to-date anti-virus software and update the software with virus signature regularly. For maximum protection, we also advise you to install personal firewall software to protect your personal computers against intrusion via the Internet. You are recommended to discuss with reputable information security professionals and software vendors to select the best suit security protection software.

            It is noted that different security software products might have different strength and weaknesses in different protection scenarios. You are always reminded to alert to different security vulnerabilities and exposures and patch the software promptly.

                       
            11.What should I do if I suspect there are unauthorized transactions in my account?
            A:Immediately contact our Bank via the Customer Service Hotline on (852) 218 95588 or any of our branches.
             

            2.Security Information

            Important

            If you suspect any unauthorized use of your Internet Banking account or any abnormal transactions in the account, you should contact our us at once. Our bank will never ask you for your password or send you emails requesting that information.
            If you receive such a request, contact us immediately. Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry.

            Email / Instant Message

            • Use strong password in your email service;
            • Use two-factor authentication as far as possible to secure your email account;
            • Monitor and review login activity;
            • Do not download files from unknown sources, open emails or its attachment from unknown senders. Delete emails from unknown senders immediately after receipt. Such mails should also be deleted from the "Trash Bin" of your email box;
            • Scan executable files attached before you open or execute them;
            • Disable scripting features for emails applications to prevent auto-execution of the unknown files;
            • Be vigilant to suspicious email or website which asks you to provide your login credentials;
            • Use different email address for different account. For example, avoid using the same email address for banking and gaming services. Also use different passwords for different online services;
            • Do not use public Wi-Fi to access sensitive services. Using telecommunication network is more secure;
            • Do not click any hyperlink embedded in an unknown email / instant message.

            When an email claiming to originate from us looks suspicious to you, e.g. if it says you have won a prize draw or there is an offer for you to make some easy money without any action on your part, contact the HKMA hotline on 2878 8196 or the police hotline on 2860 5012-3 or Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry; or Contact any of our branches in person.

            Online attack

                   Fraudulent emails, Advance fee or '419 Fraud'        

            This involves unsolicited letters and e-mail messages offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. These funds are said to be anything from corporate profits/accumulated bribes/unspent government funds to unclaimed money belonging to a deceased person.

            Or the email sender claimed to be a bank staff, inviting the recipient to pretend to be the next-of-kin of a deceased client who has left a huge sum of unclaimed fixed deposit. Upon receiving favourable reply, the fraudster requested the recipient to pay a fee in advance for preparing the necessary documents in order to claim that estate. Finally, the email recipient was cheated and could not reach the sender again.

            The fraudsters are after banking details. The transactions typically require the recipient of the letter or e-mail message to pay something like a fee/tax/bribe to complete the deal - this is the Advance fee. However, any fees paid will be lost.

                   Lottery fraud        

            This involves letters or e-mail messages which advise the recipient that they have won a prize in a lottery. To obtain the funds they are asked to respond to the letter or e-mail message. A request will then be made for the recipient to provide his/her bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. If paid, this fee will be lost. Also, any details given will probably be used to commit further fraud.

                   Virus hoax e-mail        

            Many e-mail warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses. Such warnings may be genuine, so don't take them lightly, but always check the story out by visiting an antivirus site such as McAfee, Sophos or Symantec before taking any action or forwarding them to friends and colleagues.

                   Beware of Email Scam "Verify Suspicious E-mails Uncover Online Swindlers"        

            In cases of email scam, the fraudsters hacked into the victim's email account, checked the victim¡¯s business correspondence with business partners. They sent an email to the victim using the same or similar email account of his business partner and claimed that the payment bank account had been changed who further requested the victim to deposit the payment for goods into the fraudster¡¯s designated bank account. Police appeal that if you receive any suspicious emails, you should confirm the identity of the purported business partners or the authenticity of the requests by means of telephone before remittance so as to prevent from being deceived.

                   Man-In-The-Browser Attack        

            Please be highly aware of a recent online threat known as a Man-In-The-Browser (MITB) attack, where an attacker takes control over a customer's connection and transmits counterfeit screens to the customer in attempt to capture and manipulate customer data.

            • A frequent MITB attack scenario involves the attacker taking control over a customer's login session. The attacker transmits screens similar to the online banking screens requesting the customer to wait while their details are being verified. During this, the attacker would initiate a request for adding payee or updating personal information while the customer's account is being compromised. An SMS containing a One-Time Password (OTP) is sent to the customer's mobile phone as part of the process. More counterfeit screens are transmitted to the customer to prompt the customer to key in the OTP in order for the attacker to proceed with payee addition and/or personal information update.
            • Please do not proceed if you notice an unusual screen or message during your online banking login session.
            • Do not act on an SMS containing an OTP that you have not requested for, review your existing payee list for any unauthorized additions.

            Detecting and Reporting Abnormal Activities / Suspected Frauds / Frauds

            • Check your account balance & statement regularly, contact us immediately should you encounter any abnormal transaction. (Don't ignore any unusual activity even if it is a minor one.)
            • Check your personal profile regularly to avoid loss caused by unauthorized usage of your personal information.
            • Notifying us of any change of your contact information immediately, so that we can contact you in case an abnormal online transaction is found.

            If you suspect any online transaction case, you should immediately submit the information (Your last logon time;
            Printouts of account information from Internet Banking; or
            Emails; or
            Screen captures (such as images) relating to the activities or suspected frauds.) to us via the following channels
            Call our Customer Service Hotline (852) 218 95588; or click here to send your enquiry; or Contact any of our branches in person.

            More Security Information

            To know more about the security issue of Internet Banking, please refer to below "Internet Banking - Convenient & Safe" jointly provided by HKMA & HKAB :
            https://www.hkma.gov.hk/eng/key-functions/banking-stability/internet-banking/two-factor-authentication.shtml    

            3.Internet Banking Security Tips

            (1)Two-factor Authentication to Strengthen Security

            The Two-factor authentication uses a combination of 2 different factors for verifying a user's identity:

               

                   Advantage of Two-factor Authentication:        

            Your transaction is highly protected because the fraudsters cannot steal your physically possessed tools (such as your mobile phone) over the Internet. All of the high-risk Internet Banking transactions, such as fund transfers to non-designated accounts, are protected by this additional authentication tool physically held by yourself. By just a few simple steps, you can enjoy this enhanced security level of online transactions.

            (2) Security Tips

            After you have finished all online transactions, you must remember to click "Logout" to exit from the Internet Banking system to avoid any information leaking. Please safeguard your digital certificate, password token and mobile because it is an important tool for two-factor authentication. Do not access Internet Banking through hyperlinks embedded in e-mails. The Internet banking Service will be suspended if the login password has been incorrectly entered for 3 consecutive times in the same day .You may try to login again in the next day. If you are still unable to login to Internet Banking, your service may be suspended. Please call 218 95588 or visit the branch for assistance.

            (3) Note of using Java Plugin

            We recommend customers to perform the following actions if you are using Java to login our Internet Banking.

            1. Download and install the latest Java patch, which should fix the problem that Oracle officially announced on 13 January 3013, from official Oracle website announced on 15 January 2013 or thereafter.
            2. Open the related Java software only before using the Internet Banking Service.
            3. Enter our official website directly: www.icbcasia.com (Do not use the link in Bookmark), follow by logging in the Internet Banking from the ICBC (Asia) website.
            4. Customer can refer to the question 8 in the “More on Security- Your Roles and Responsibilties” in the "ebanking Security Tips", to ensure if the browsing wesbite is provided by ICBC (Asia).
            5. Login and use Internet Banking normally, do not get into other unknown website which uses Java simutanleously.
            6. Logout Internet Banking normally.
            7. If customers worry about Java on their computer security, they can stop using Java after logging out the Internet Banking and open Java when you login Internet Banking next time.

            (4) Review of Registered Third Party Accounts

            Before your registration of third party's account(s) which is of high risk categories (e.g. money service operator or agent that provides services or products that can be easily converted to money such as remittance agent, money changer, jewellery companies, casino, finance/loans related service such as stock agents, credit card merchants) for fund transfer, please consider carefully and read the Bank's online security tips. Please be aware of the potential risk of registering third-party accounts of some institutions which may be used for retrieving funds or transferring funds to another non-designated beneficiary.。

            4. Mobile Banking Security Tips

            1.How to increase the security level when using Mobile Banking Service?
            A:Customers are reminded to be vigilant of any fraudulent websites or Mobile Banking app related to ICBC (Asia). .
            It is always prudent to access to the official Mobile Banking websites through the address official.
            m.icbcaisa.com
            https://mobilehk.icbc.com.cn .
            or through the official Mobile Banking app downloaded from official application stores.
            -Do not store your password in browser, and disable the “AutoComplete” feature to prevent any third party from accessing to your login credential via the browser.
            -Install or update the latest anti-virus and anti-spyware software regularly on your mobile devices (smartphones or tablets).
            Do not use any ‘jailbroken’ or ‘rooted’ mobile devices which may have security loopholes to logon to Mobile Banking.
            -Make sure you are using compatible versions of operating systems of your mobile devices. .
            Enable the auto-update feature to obtain and install security patches regularly from trusted sources. If you find an application is suspicious, please do not download, install, login and should stop operation immediately.
            - Avoid access to the Mobile Banking via public Wi-Fi (wireless network) and Wi-Fi without password setting. .
            -Choose a reliable Telecom Service Provider.
            -Disable any wireless networking functions (e. g. Wi-Fi, Bluetooth, NFC) when not in use.
            -Please verify your last login and logout records every time you use mobile banking service. .
            -You should also check your account balance and transaction records regularly. If there are any suspicious transactions, please contact us immediately.
            -After receiving the PIN notification letter, please memorize the PIN and destroy the notification letter immediately. .
            -To enhance the security level, we suggest you changing the PIN when you use it for the first time. Do not use your identity card number, telephone number, date of birth, driving license number, or easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.
            - Do not disclose your user name and password(including one-time password) of Mobile Banking to anyone (including bank staff and the police). You should also avoid disclosing your personal information such as identity card number and date of birth to anyone.
            - Do not store your mobile banking account name and password in the mobile.
            -Do not write the password on any of the devices used for accessing Mobile Banking or anything nearby. You should memorize the password instead.
            -Do not allow anyone else to use your mobile banking or password. Set a passcode for your mobile device that is difficult to guess and activate the auto-lock function.
            -Avoid using Mobile Banking in crowded area and take note of entering password via specific handsets. The format of password may be enlarged with clear display. It would let people nearby get your sensitive information indirectly.
            - Check your surroundings before performing any banking transactions, and make sure that no one sees your Mobile Banking password.
            -For security purpose, change your Mobile Banking password regularly via our Internet Banking Services.
            -For security reason, you cannot logon the same "Internet Banking Account Number / Defined User Name" with three channels (e.g. WAP\ iPhone App\ Android App) simultaneously.
            2.What should I do if I lose my password or mobile handset?
            A:If you lose your Mobile Banking password/mobile handset, or suspect that your password or security device is used by an unauthorized party, or find any unauthorized transaction(s) associated with your account, please contact your Telecom Service Provider and contact us immediately.
            3.Any cost for using Mobile Banking Application?
            A:We do not charge for using the Mobile Banking App. However, you are responsible for the charges incurred by your mobile network operator when you access or download the Application.
            4.Is two-factor authentication available on Mobile Banking? What is the advantage?
            A:The Two-factor authentication uses a combination of 2 different factors for verifying a user identity:

            Advantage of Two-factor Authentication:
            Your transaction is highly secured because the fraudsters cannot steal your physically possessed tools (such as your Password Token) over the Internet. All of the high-risk Mobile Banking transactions, such as fund transfers to non-designated accounts, are protected by this additional authentication tool physically held by yourself. By just a few simple steps, you can enjoy this enhanced security level of online transactions

            5. ATM Security Tips

            To ensure your ATM banking sessions are secure via using ICBC(Asia) ATM, please follow below security tips:

            • Beware of any suspicious device (eg, pin hole camera or magnetic card reader)attached to the ATM. That device may be a skimming device to compromise your ATM card data or PIN.
            • Get back your ATM card once completed the transactions. Do not leave your ATM card in the slot.
            • Do not allow anyone see your PIN and avoid anyone looking over your shoulder.
            • Never disclose your ATM Card PIN to anyone including bank staff or police.
            • Never lend your ATM card to anyone including bank staff or police.
            • Change your ATM card PIN immediately upon receiving it.
            • Do not use the same ATM card PIN for accessing more than one services(e.g. ATM service of other bank).
            • Memorize your ATM card PIN and do not write it down with your ATM card.
            • Never set ATM Card PIN same as birthday, ID number or telephone number which can be easily guessed.
            • Change your ATM Card PIN via ICBC(Asia) ATM regularly.
            • Report to ICBC(Asia) if your ATM card or PIN is lost or has been identified by any another person

条款及条件    |    桌面版

條款及條件    |    桌面版

Terms and Conditions    |    Desktop

© 中国工商银行(亚洲)有限公司版权所有

© 中國工商銀行(亞洲)有限公司版權所有

Copyright © Industrial and Commercial Bank of China
( Asia ) Limited. All rights reserved.

私隐声明及责任声明

私隱聲明及責任聲明

Privacy Statement & Disclaimer