PFS Logon
Hang Seng Bank
Chinese Chinese Contact Us T&C  
Hang Seng e-Banking
Frequently Asked Question
5. Privacy and Security
Q: How can I be sure that my information and account data are securely sent through Hang Seng e-Banking Services?
A: Confidentiality of customers' account information is our utmost concern. To ensure confidentiality, the following security measures are used to protect our customers:
1. Hang Seng e-Banking Services are under a secure site with 128-bit encryption, the highest level of encryption commercially available. All data sent to and from Hang Seng Bank is encrypted to protect your personal / company's financial information.
2. User name and password(s) must be entered to authenticate your identity every time you logon to our e-Banking Services. Your password(s) will be temporarily suspended if you incorrectly key in a password for three consecutive times.
3. If the machine is left idle for 20 minutes, system will prompt and you are required to click 'OK' if you wish to continue using e-Banking. Otherwise, the system will automatically logoff itself to prevent any unauthorised access.
   
Q: How can I check if 128-bit encryption is being used?
A: For Microsoft Internet Explorer,right-click any text on a page (not on a graphics object) and select 'Properties'. 'Connection' with 'TLS 1.0, RC4 with 128 bit encryption (High); RSA with 2048 bit exchange' is shown.
 
Q: Must I have Cookies enabled on my browser?
A:

Yes, otherwise you will not be able to use e-Banking. You may choose to cancel e-Banking service if necessary.

For Microsoft Internet Explorer:

  • Click on 'Tools' on the browser toolbar and select 'Internet Options'
  • Click the 'Privacy' tab
  • Move the slider under 'Settings' to the level of privacy that you want to set. As you move the slider, there will be a description of the types of cookies that are blocked or allowed at that privacy level.
  • Click 'OK'
   
Q: What kind of information is collected via cookies?
A: Two random identifiers will be assigned to you and stored in cookies:
  • A session identifier is assigned to you at every logon, so as to enable our server to maintain dialogue and verify the genuineness of the request sent from your web browser. It will be cleared from your computer upon logoff.
  • A statistics identifier is assigned to mark your browser as an anonymous individual. This identifier will be used to track your e-Banking usage pattern for analysis on the website usage. It will be stored in your computer until you delete cookies of your browser, then a different identifier will be assigned to your browser at your next logon.
   
Q: How can I check that the digital certificate belongs to Hang Seng Bank?
A: In order to assure our customers that they are dealing with Hang Seng Bank, we provide a certificate at the beginning of the session. At the upper right corner of the browser window, there will be an icon telling you if the page has been encrypted. Don't type your password on a page that isn't encrypted. Simply click on the Encrypted Icon and you will see the security certificate of Hang Seng Bank Limited.

For Microsoft Internet Explorer,

you may check the validity of the certificate as follows:
  • Click the 'security lock icon' at the upper right corner (enable status bar if it cannot be seen)
  • Check that the certificate information is displayed with:

Issued to : e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
  Issued by : VeriSign Class 3 Extended Validation SSL SGC CA
  Valid from = '....' is a valid date.

 
Check that the certificate information is displayed with:

    Subject
    e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
    HANG SENG BANK LTD
    ebanking hase 2011 or ebanking1 hase 2011 or ebanking2 hase 2011

    Issuer
    VeriSign Class 3 Extended Validation SSL SGC CA
    VeriSign, Inc.
    VeriSign Trust Network

    Check if the certificate is within a valid date.

   
Q: What precautions should I take to avoid unauthorised access to my accounts online?
A: To avoid unauthorised access to your account(s), you should avoid conducting any transactions or checking your account balances in an area where Internet service is available to the public. You should also note the following points in taking care of your password(s):
 
  • Take reasonable steps to keep your password(s) secret to prevent fraud
  • Do not disclose your password(s) to anyone.
  • Do not allow anyone else to use your password(s).
  • Do not write down or record the password(s) without disguising it.
  • Do not use easily accessible personal information such as your birthday, name, Hong Kong Identity Card number, telephone number or similar numbers as your password(s).
  • Do not use password(s) from other Internet sites.
  • Do not write down the password(s) on any device for accessing our e-Banking Services or on anything usually kept with or near it.
  • Occasionally change your password(s) via our e-Banking Services.
  • Do not use the password(s) for accessing other services(for example, connection to the Internet or accessing other websites).
   
Q: What if I forget my password(s)?
A:

If you forget your password(s), input your user name on the logon page as usual and then click the "Forgot Password(s)?". Then please follow the screen instructions to reset your password(s).

   
Q: What is User name?
A:
  • User name is for identification when you access our e-Banking Services. You set up your User name when register our e-Banking and each User name must be unique.
  • Your User ID should be something you can easily remember, yet cannot be easily guessed by anyone else. If you wish to use your name (or something equally familiar), we suggest using a mixture of alphabets and/or numbers.
  • The auto-complete function on your browser should be disabled to avoid the automatic completion of your ID when you type in User ID.
    In Internet Explorer browser, the auto-complete feature saves previous entries you have made for Web addresses, forms, and passwords. Then, when you type information in one of these fields, auto-complete suggests possible matches. These matches can include folder and programme names you type in the Address bar, and search queries, stock quotes, or information for just about any other field you fill in on a Web page.
    While you use the Internet banking service, it will automatically prompt your User ID which you have used in the system. For security protection, the auto-complete function of your browser should be disabled to avoid the automatic completion of your ID when you start to type the User ID.
    To turn auto-complete on or off in MS Internet Explorer browser, first click the 'Tools' menu, then click 'Internet Options', the 'Content' tab, and the 'setting' button of 'AutoComplete' section. Finally uncheck the 'User names and passwords on forms'.
 

 

Q: Can I change my User name and Password(s)?
A: Once you've selected your User name, it cannot be changed. Password(s) can be altered any time. Your new password(s) should contain eight letters and/or numbers (with no spaces or symbols in between), and must not be the same as your User name and your old password(s).
   
Q: What should I do if I suspect there are unauthorised transactions in my account?
A:

Please contact our Customer Services Representatives as soon as reasonably practicable on the following hotlines:

Prestige Banking customers: 2998-9188
  Preferred Banking customers: 2822-8228
  Integrated Account customers 2912-3456
  Other customers: 2822-0228
   
Q: What is your Internet privacy policy?
A:

You can refer to our privacy policy by clicking here.

   
Q: My company uses a proxy server to speed up Internet access and increase security. What will this mean for my use of the Interactive Journal?
A: It is possible you may have difficulties in accessing some parts of our site. For example, we have seen some users coming into the Interactive Edition from a proxy server who are unable to successfully use phrase-search feature available in the Search Archive. And some proxy server configurations have made it difficult for other users to access the site. If you experience access or search problems and you know your company has integrated a proxy server, check with your system administrator. We found that, with the administrator's assistance, most situations can be resolved.
   
Q: Can I exit Hang Seng e-Banking Services by clicking the browser-closing button at top right?
A: You should click the Logoff button below the navigation bar at the left section of the screen or click the Logoff utility icon on the top right section of the screen. This will ensure that your session is properly logged off.
   
Q: What other security tips do I need to take note of?
A:

You should:

  • Implement adequate physical security control over your PCs.
  • Install virus detection software on your computer to protect from known viruses such as Trojan Horses. The software should be updated regularly to ensure that you have the latest protection.
  • Install a personal firewall on your computer to help prevent unauthorised access and update the firewall regularly to ensure you are covered with the latest protection. Please refer to your PC or software vendor to identify a firewall that best suits your PC environment.
  • Ensure you download and apply security updates and patches to your PC/browser when they are made available. They are designed to provide you with protection from known possible security problems.
  • To prevent viruses or other unwanted problems, do not open attachments from unknown or untrustworthy sources.
  • Not install pirated software or software from unknown sources.
  • Beware of keystroke loggers (ie. hardware or software installed in your PC without your knowledge to record all keystroke entered), hacker tools and other computer crime risks.
  • Know everyone who uses your computer and limit unauthorised access.
  • Always disconnect from the Internet when you have finished to avoid leaving your computer online when you are not using the service.
  • Never write down your Internet banking details in a format that can be recognized by others. If you store any personal information in an electronic device, please ensure that there will be reasonable care and protection so that you are the only authorised person who can access the stored information.
  • Take reasonable steps to keep the security device safe to prevent fraud.
  • Not access Hang Seng e-Banking from computer terminals which are shared with other users (e.g. cyber cafes), as it is difficult to ensure these PCs are free of hacker programmes (someone might be able to access your personal/account information).
  • Ensure all other Internet sessions are closed before you log on to Internet banking. While you have an Internet banking session open, we recommend that you do not open other Internet browser sessions and access other sites. This can help to ensure your financial information is protected and blocked from unauthorised access via another website.
  • Verify that the Internet address is the genuine Hang Seng Bank website by double clicking the 'lock' icon at the bottom bar of the screen to check the security certificate of Hang Seng Bank.
  • Always remember to log off properly using the "Logoff" button when you have completed your banking activities.
  • Review your account regularly and always keep good records of your personal finances.
  • Refer to the security advice from time to time.
  • You may want to print a hardcopy of this security FAQ page for reading offline.
  • Please refer to this security FAQ from time to time
   
Q: How can I be sure that my personal information in Hang Seng Bank is kept in security?
A: To change your personal information, you have to input Security Code by your Security Device to verify your identity for online submission; or complete a request form under Customer Services and return it to us in person or by mail. Authentication on your identity is required before updating your personal information, so as to avoid cases of manipulation. Any address and contact phone number provided within Hang Seng e-Banking Services will be used solely for contact or other purpose as specified, and will not be updated into our bank's record.