Frequently Asked Question
Confidentiality of customers' account information is our utmost concern. To ensure confidentiality, the following security measures are used to protect our customers:
1.
Hang Seng e-Banking Services are under a secure site with 128-bit encryption, the highest level of encryption commercially available. All data sent to and from Hang Seng Bank is encrypted to protect your personal / company's financial information.
2.
User name and password(s) must be entered to authenticate your identity every time you logon to our e-Banking Services. Your password(s) will be temporarily suspended if you incorrectly key in a password for three consecutive times.
3.
If the machine is left idle for 20 minutes, system will prompt and you are required to click 'OK' if you wish to continue using e-Banking. Otherwise, the system will automatically logoff itself to prevent any unauthorised access.
In the Chrome, right-click any text on a page (not on a graphic object) and select 'Inspect' (or press F12 key), and then select "Security" in the upper navigation bar (using the " <<" or " >>" left double arrow icon or right double arrow icon to search via the navigation bar). Under the "Connection", you will find the status as "TLS 1.2, ECDHE_RSAE C D H E _ R S A with P-256, and AES_256 GCM".
Yes, otherwise you will not be able to use e-Banking. You may choose to cancel e-Banking service if necessary.
For Chrome browser,
-
•bullet Click on the More "
"at the top right hand side of browser window -
•bullet Click on "Settings"
-
•bullet Scroll downward to the bottom and click "Advanced"
-
•bullet Identify the "Privacy and security" section, and enable or disable Cookie by clicking on the "Cookies" section.
Some randomly assigned identifiers and customer's setting / usage pattern will be stored in cookies:
•bullet
Various session identifiers will be assigned to you at logon or during specific transaction flow, so as to enable our server to maintain dialogue and verify the genuineness of the request sent from your web browser. They will be cleared from your computer upon logoff.
•bullet
Some of your setting or usage pattern for the particular logon session is stored in cookies to ensure your smooth experience. They will be cleared from your computer upon logoff.
•bullet
A statistics identifier is assigned to mark your browser as an anonymous individual. This identifier will be used to track your e-Banking usage pattern for analysis on the website usage. It will be stored in your computer until you delete cookies of your browser, then a different identifier will be assigned to your browser at your next logon.
In order to assure our customers that they are dealing with Hang Seng Bank, we provide a certificate at the beginning of the session. At the upper right corner of the browser window, there will be an icon telling you if the page has been encrypted. Don't type your password on a page that isn't encrypted. Simply click on the Encrypted Icon and you will see the security certificate of Hang Seng Bank Limited.
For Chrome browser,
you may check the validity of the certificate as below:
•bullet
Click the "security lock icon" at the upper left corner of the URL address box
•bullet
Find the "certificate: valid" section
•bullet
Click on the "certificate: valid" and the certificate information is displayed as below
Issued to: www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
Issued by: DigiCert SHA2 Extended Validation Server CA
Valid from: .... to ....
Check the certificate information is displayed with:
Subject
www.hangseng.com or e-banking.hangseng.com or e-banking1.hangseng.com or e-banking2.hangseng.com
HANG SENG BANK LTD
Issuer
DigiCert SHA2 Extended Validation Server CA
www.digicert.com
DigiCert Inc.
Check the certificate is within the valid period
To avoid unauthorised access to your account(s), you should avoid conducting any transactions or checking your account balances in an area where Internet service is available to the public. You should also note the following points in taking care of your password(s):
•bullet
Take reasonable steps to keep your password(s) secret to prevent fraud
•bullet
Do not disclose your password(s) to anyone.
•bullet
Do not allow anyone else to use your password(s).
•bullet
Do not write down or record the password(s) without disguising it.
•bullet
Do not use easily accessible personal information such as your birthday, name, Hong Kong Identity Card number, telephone number or similar numbers as your password(s).
•bullet
Do not use password(s) from other Internet sites.
•bullet
Do not write down the password(s) on any device for accessing our e-Banking Services or on anything usually kept with or near it.
•bullet
Occasionally change your password(s) via our e-Banking Services.
•bullet
Do not use the password(s) for accessing other services(for example, connection to the Internet or accessing other websites).
If you forget your password, input your username on the log on page as usual and then click "Forgot your password". Then please follow the screen instructions to reset your password.
•bullet
User name is for identification when you access our e-Banking Services. You set up your User name when register our e-Banking and each User name must be unique.
•bullet
Your User ID should be something you can easily remember, yet cannot be easily guessed by anyone else. If you wish to use your name (or something equally familiar), we suggest using a mixture of alphabets and/or numbers.
•bullet
The auto-complete function on your browser should be disabled to avoid the automatic completion of your ID when you type in User ID.
The auto-complete feature saves previous entries you have made for Web addresses, forms, and passwords. Then, when you type information in one of these fields, auto-complete suggests possible matches. These matches can include folder and programme names you type in the Address bar, and search queries, stock quotes, or information for just about any other field you fill in on a Web page.
While you use the Internet banking service, it will automatically prompt your User ID which you have used in the system. For security protection, the auto-complete function of your browser should be disabled to avoid the automatic completion of your ID when you start to type the User ID. Turn auto-complete on or off in Chrome browser by clicking the menu icon "" at the upper right hand side of browser window, then select the "Autofill" section under "Settings" and click the "Passwords". Toggle the setting ON or OFF.
Once you've selected your username, it cannot be changed. Password can be altered any time. Your new password should contain at least eight characters which can include letters, numbers or these special characters ! $ * - . = ? @ _ '. It must not be the same as your User name and your old password.
You are reminded of the following tips on secure use of e-Banking.
•bullet
At Logon, DO NOT enter any numbers generated from the Internet to your Security Device.
•bullet
The yellow button on your Security Device is mainly used for transferring funds to third party accounts.
•bullet
When making payment to unregistered third party accounts, always ensure the input to the Security Device is extracted from your intended beneficiary account number before using the 'Yellow' button. Never enter digits that are unfamiliar to you.
•bullet
If unusual screens pop up and/or the computer's response is unusually slow, customers should log out from the online banking service completely and scan the computer with the most updated version of virus protection software.
•bullet
Learn more about Mobile Security Key
Please contact our Customer Services Representatives as soon as reasonably practicable on the following hotlines:
| Private Banking customers: | 2121-11882 1 2 1 1 1 8 8 / Corresponding Relationship Manager |
| Prestige Banking customers: | 2998-91882 9 9 8 9 1 8 8 |
| Preferred Banking customers: | 2822-82282 8 2 2 8 2 2 8 |
| Integrated Account customers | 2912-34562 9 1 2 3 4 5 6 |
| Other customers: | 2822-02282 8 2 2 0 2 2 8 |
It is possible you may have difficulties in accessing some parts of our site. For example, we have seen some users coming into the Interactive Edition from a proxy server who are unable to successfully use phrase-search feature available in the Search Archive. And some proxy server configurations have made it difficult for other users to access the site. If you experience access or search problems and you know your company has integrated a proxy server, check with your system administrator. We found that, with the administrator's assistance, most situations can be resolved.
You should click the Logoff utility icon on the top right section of the screen. This will ensure that your session is properly logged off.
You should:
•bullet
Implement adequate physical security control over your PCs.
•bullet
Install virus detection software on your computer to protect from known viruses such as Trojan Horses. The software should be updated regularly to ensure that you have the latest protection.
•bullet
Install a personal firewall on your computer to help prevent unauthorised access and update the firewall regularly to ensure you are covered with the latest protection. Please refer to your PC or software vendor to identify a firewall that best suits your PC environment.
•bullet
Ensure you download and apply security updates and patches to your PC/browser when they are made available. They are designed to provide you with protection from known possible security problems.
•bullet
To prevent viruses or other unwanted problems, do not open attachments from unknown or untrustworthy sources.
•bullet
Not install pirated software or software from unknown sources.
•bullet
Beware of keystroke loggers (ie. hardware or software installed in your PC without your knowledge to record all keystroke entered), hacker tools and other computer crime risks.
•bullet
Know everyone who uses your computer and limit unauthorised access.
•bullet
Always disconnect from the Internet when you have finished to avoid leaving your computer online when you are not using the service.
•bullet
Never write down your Internet banking details in a format that can be recognized by others. If you store any personal information in an electronic device, please ensure that there will be reasonable care and protection so that you are the only authorised person who can access the stored information.
•bullet
Take reasonable steps to keep the security device safe to prevent fraud.
•bullet
Not access Hang Seng e-Banking from computer terminals which are shared with other users (e.g. cyber cafes), as it is difficult to ensure these PCs are free of hacker programmes (someone might be able to access your personal/account information).
•bullet
Ensure all other Internet sessions are closed before you log on to Internet banking. While you have an Internet banking session open, we recommend that you do not open other Internet browser sessions and access other sites. This can help to ensure your financial information is protected and blocked from unauthorised access via another website.
•bullet
To ensure that you are using the genuine Hang Seng Personal e-Banking website, please type https://www.hangseng.com into the address bar of your browser window. You may then wish to bookmark the site for future use. Avoid access to e-Banking Services through hyperlinks embedded in emails or other untrustworthy sources such as pop-up windows and the search result of the Internet search engines.
•bullet
Verify that the Internet address is the genuine Hang Seng Bank website by clicking the 'lock' icon at the upper bar of the screen to check the security certificate of Hang Seng Bank.
•bullet
Never leave e-Banking devices unattended while using Hang Seng e-Banking Services.
•bullet
Always remember to log off properly using the "Logoff" button when you have completed your banking activities.
•bullet
Be alert to your surrounding when you use e-Banking Services via mobile devices.
•bullet
Review your account regularly and always keep good records of your personal finances.
•bullet
Disable the auto-complete function within your browser to avoid sensitive information is saved and displayed for the automatic completion. Please refer to your browser's own "Help" function on how to disable the function.
•bullet
Refer to the security advice from time to time.
•bullet
You may want to print a hardcopy of this security FAQ page for reading offline.
•bullet
Please refer to this security FAQ from time to time
To change your personal information, you have to input Security Code by your Security Device to verify your identity for online submission; or complete a request form under Customer Services and return it to us in person or by mail. Authentication on your identity is required before updating your personal information, so as to avoid cases of manipulation. Any address and contact phone number provided within Hang Seng e-Banking Services will be used solely for contact or other purpose as specified, and will not be updated into our bank's record.
If you suspect any security breach or unusual account activities, please contact our Customer Service Representatives on (852) 2822 0228( 8 5 2 ) 2 8 2 2 0 2 2 8 (24 hours) as soon as reasonably practicable and change your passwords as soon as possible.
Please refer to the security advice from time to time. You may want to print a hardcopy of this security FAQ page for reading offline.
Warning: You may be held liable for all losses if you have acted fraudulently or with gross negligence, or failed to follow the safeguards set out above.
To protect your account from unauthorised access, you will be required to input SMS verification code or security code to verify your identity and select whether to trust your browser if you're using it to log on to Personal e-Banking (Desktop version) for the first time. Trusting your browser ensure us the login was triggered by you from a safe place, so that we can allow you to log on seamlessly without additional verification in the future.
You should trust browsers only on your personal devices. Please avoid doing so on public devices, such as computers in cafes and libraries.
This is part of our enhanced security measures to keep your online banking experience safe and secure. You will be required to do so only when you log on to Personal e-Banking (Desktop version) on a new or untrusted browser. Trusting your browser means we will know it's you logging on and you can do so without additional verification in the future. Please only trust a browser when you are using your personal device.
Yes. However, you will be required to input SMS verification code or security code to verify your identity for next log on.
No. Trusting your browser means we'll know it's you logging on and you can do so without additional verification with trusted browser. Additional verification will still be required when you conduct transaction such as transfers to non-registered payees.
However, to protect your interests, you are reminded not to turn on any password auto-fill / auto-save function of your browser.
The trusted browser status is only applicable to your Personal e-Banking username. Other users of the same device will have to trust the browser with their own e-Banking username.
To protect your interests, you are reminded not to turn on any password auto-fill / auto-save function of your browser.
When you retry, make sure your username is correct. Also, the date and time of your mobile device should be set automatically to generate a valid security code. You can check and update via your mobile device's settings.
You may request a new SMS verification code if you confirm the mobile number on the page is correct.
In addition, please confirm that you can receive SMS with this number at the country/ region where you're located.
If you are using “China Mobile 1- Card-2-Number Prepaid SIM Card” with Mainland China mobile number as primary number, you may not be able to receive the SMS verification code that is sent from Hang Seng Bank during log-on. Please change your mobile number record in Hang Seng Bank to the Mainland China mobile number in order to receive the SMS verification code. For other enquiries related to the SIM Card, please contact your telecommunications service provider.