|
|
Hang Seng e-Banking
Frequently Asked Question |
|
|
|
Q: |
How can I be sure
that my information and account data are securely sent through Hang Seng
e-Banking Services? |
A: |
Confidentiality
of customers' account information is our utmost concern. To ensure confidentiality,
the following security measures are used to protect our customers:
1. |
Hang Seng e-Banking Services
are under a secure site with 128-bit encryption, the highest level
of encryption commercially available. All data sent to and from
Hang Seng Bank is encrypted to protect your personal / company's
financial information. |
2. |
User name and password(s) must be entered to authenticate your identity every time you logon to our e-Banking Services. Your password(s) will be temporarily suspended if you incorrectly key in a password for three consecutive times. |
3. |
If the machine is left idle
for 20 minutes, system will prompt and you are required to click 'OK' if you wish to continue using e-Banking. Otherwise, the system will automatically logoff itself
to prevent any unauthorised access. |
|
|
|
Q: |
How can I check
if 128-bit encryption is being used? |
A:
|
In the Chrome, right-click any text on a page (not on a graphic object) and select 'Inspect' (or press F12 key), and then select "Security" in the upper navigation bar (using the" <<" or " >>" to search via the navigation bar). Under the "Connection", you will find the status as "TLS 1.2, ECDHE_RSA with P-256, and AES_256 GCM".
|
|
|
Q: |
Must I have Cookies
enabled on my browser? |
A: |
Yes, otherwise you will not be able to use e-Banking. You may choose to cancel e-Banking service if necessary.
For Chrome browser,
- Click on the More ""at the top right hand side of browser window
- Click on "Settings"
- Scroll downward to the bottom and click "Advanced"
- Identify the "Privacy and security" section, and enable or disable Cookie by clicking on the "Cookies" section.
|
|
|
Q: |
What kind of information is collected via cookies? |
A: |
Two random identifiers will be assigned to you and stored in cookies:
- A session identifier is assigned to you at every logon, so as to enable our server to maintain dialogue and verify the genuineness of the request sent from your web browser. It will be cleared from your computer upon logoff.
- A statistics identifier is assigned to mark your browser as an anonymous individual. This identifier will be used to track your e-Banking usage pattern for analysis on the website usage. It will be stored in your computer until you delete cookies of your browser, then a different identifier will be assigned to your browser at your next logon.
|
|
|
Q: |
How can I check that the digital certificate belongs to Hang Seng Bank? |
A: |
In order to assure our customers that they are dealing with Hang Seng Bank, we provide a certificate at the beginning of the session. At the upper right corner of the browser window, there will be an icon telling you if the page has been encrypted. Don't type your password on a page that isn't encrypted. Simply click on the Encrypted Icon and you will see the security certificate of Hang Seng Bank Limited.
For Chrome browser,
you may check the validity of the certificate as below:
- Click the "security lock icon" at the upper left corner of the URL address box
- Find the "certificate: valid" section
- Click on the "certificate: valid" and the certificate information is displayed as below
|
|
|
Issued to: www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com |
|
Issued by: DigiCert SHA2 Extended Validation Server CA |
|
Valid from: .... to .... |
Check the certificate information is displayed with:
Subject
www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
HANG SENG BANK LTD Issuer
DigiCert SHA2 Extended Validation Server CA
www.digicert.com
DigiCert Inc.
Check the certificate is within the valid period
|
|
|
|
|
|
|
Q: |
What precautions
should I take to avoid unauthorised access to my accounts online? |
A: |
To avoid unauthorised
access to your account(s), you should avoid conducting any transactions
or checking your account balances in an area where Internet service is available
to the public. You should also note the following points in taking care
of your password(s): |
|
- Take reasonable steps to keep your password(s) secret to prevent fraud
- Do not disclose your password(s) to anyone.
- Do not allow anyone else to use your password(s).
- Do not write down or record the password(s) without disguising it.
- Do not use easily accessible personal information such as your birthday, name, Hong Kong Identity Card number, telephone number or similar numbers as your password(s).
- Do not use password(s) from other Internet sites.
- Do not write down the password(s) on any device for accessing our e-Banking Services or on anything usually kept with or near it.
- Occasionally change your password(s) via our e-Banking Services.
- Do not use the password(s) for accessing other services(for example, connection to the Internet or accessing other websites).
|
|
|
Q: |
What if I forget my password(s)? |
A: |
If you forget your password(s), input your user name on the logon page as usual and then click the "Forgot Password(s)?". Then please follow the screen instructions to reset your password(s).
|
|
|
Q: |
What is User name? |
A: |
- User name is for identification when you access
our e-Banking Services. You set up your User name when register our
e-Banking and each User name must be unique.
- Your User ID should be something you can easily
remember, yet cannot be easily guessed by anyone else. If you wish
to use your name (or something equally familiar), we suggest using
a mixture of alphabets and/or numbers.
- The auto-complete function on your browser
should be disabled to avoid the automatic completion of your ID when
you type in User ID.
The auto-complete feature saves previous
entries you have made for Web addresses, forms, and passwords. Then,
when you type information in one of these fields, auto-complete suggests
possible matches. These matches can include folder and programme names
you type in the Address bar, and search queries, stock quotes, or
information for just about any other field you fill in on a Web page.
While you use the Internet banking service, it will automatically
prompt your User ID which you have used in the system. For security
protection, the auto-complete function of your browser should be disabled
to avoid the automatic completion of your ID when you start to type
the User ID.
Turn auto-complete on or off in Chrome browser by clicking the menu icon "" at the upper right hand side of browser window, then select the "Autofill" section under "Settings" and click the "Passwords". Toggle the setting ON or OFF.
|
|
|
Q: |
Can I change my User name and
Password(s)? |
A: |
Once you've selected your User
name, it cannot be changed. Password(s) can be altered any time. Your
new password(s) should contain eight letters and/or numbers (with no spaces
or symbols in between), and must not be the same as your User name
and your old password(s). |
|
|
|
|
Q: |
What should I
do if I suspect there are unauthorised transactions in my account? |
A: |
Please contact our Customer Services Representatives as soon as reasonably
practicable on the following hotlines:
|
Private Banking customers: |
2121-1188 / Corresponding Relationship Manager |
|
Prestige Banking customers: |
2998-9188 |
|
Preferred Banking
customers: |
2822-8228 |
|
Integrated Account customers |
2912-3456 |
|
Other customers: |
2822-0228 |
|
|
|
Q: |
What is your Internet privacy
policy? |
A: |
You can refer to our privacy policy by clicking
here.
|
|
|
|
|
Q: |
My company uses
a proxy server to speed up Internet access and increase security. What
will this mean for my use of the Interactive Journal? |
A: |
It is possible you may have
difficulties in accessing some parts of our site. For example, we have
seen some users coming into the Interactive Edition from a proxy server
who are unable to successfully use phrase-search feature available in
the Search Archive. And some proxy server configurations have made it
difficult for other users to access the site. If you experience access
or search problems and you know your company has integrated a proxy server,
check with your system administrator. We found that, with the administrator's
assistance, most situations can be resolved. |
|
|
Q: |
Can I exit Hang
Seng e-Banking Services by clicking the browser-closing button at top
right? |
A: |
You should click the Logoff
button below the navigation bar at the left section of the screen or click
the Logoff utility icon on the top right section of the screen. This will
ensure that your session is properly logged off. |
|
|
Q: |
What other security
tips do I need to take note of? |
A: |
You should:
- Implement adequate physical security control over your PCs.
- Install virus detection software on your computer to protect from
known viruses such as Trojan Horses. The software should be updated
regularly to ensure that you have the latest protection.
- Install a personal firewall on your computer to help prevent unauthorised
access and update the firewall regularly to ensure you are covered
with the latest protection. Please refer to your PC or software vendor
to identify a firewall that best suits your PC environment.
- Ensure you download and apply security updates and patches to your
PC/browser when they are made available. They are designed to provide
you with protection from known possible security problems.
- To prevent viruses or other unwanted problems, do not open attachments
from unknown or untrustworthy sources.
- Not install pirated software or software from unknown sources.
- Beware of keystroke loggers (ie. hardware or software installed
in your PC without your knowledge to record all keystroke entered),
hacker tools and other computer crime risks.
- Know everyone who uses your computer and limit unauthorised access.
- Always disconnect from the Internet when you have finished to avoid
leaving your computer online when you are not using the service.
- Never write down your Internet banking details in a format that
can be recognized by others. If you store any personal information
in an electronic device, please ensure that there will be reasonable
care and protection so that you are the only authorised person who
can access the stored information.
- Take reasonable steps to keep the security device safe to prevent fraud.
- Not access Hang Seng e-Banking from computer terminals which are
shared with other users (e.g. cyber cafes), as it is difficult to
ensure these PCs are free of hacker programmes (someone might be able
to access your personal/account information).
- Ensure all other Internet sessions are closed before you log on
to Internet banking. While you have an Internet banking session open,
we recommend that you do not open other Internet browser sessions
and access other sites. This can help to ensure your financial information
is protected and blocked from unauthorised access via another website.
- Verify that the Internet address is the genuine Hang Seng Bank website
by double clicking the 'lock' icon at the bottom bar of the screen
to check the security certificate of Hang Seng Bank.
- Always remember to log off properly using the "Logoff"
button when you have completed your banking activities.
- Review your account regularly and always keep good records of your
personal finances.
- Refer to the security advice from time to time.
- You may want to print a hardcopy of this security FAQ page for reading
offline.
- Please refer to this security FAQ from time to time
|
|
|
Q: |
How can I be sure that my personal information in Hang Seng Bank is kept in security? |
A: |
To change your personal information, you have to input Security Code by your Security Device to verify your identity for online submission; or complete a request form under Customer Services and return it to us in person or by mail. Authentication on your identity is required before updating your personal information, so as to avoid cases of manipulation. Any address and contact phone number provided within Hang Seng e-Banking Services will be used solely for contact or other purpose as specified, and will not be updated into our bank's record. |
|
|
|
|
|