1. Password tips
- Use at least eight characters long password.
- Use combination of different character types in a password, e.g. Upper and lower case letters, numeric and symbol characters.
- Do not use names, birthdays, phone numbers or ID numbers as your password(s).
- Do not use any connected letters or numeric characters which located in the keyboard, e.g. 123, 321, qwe, ewq, etc.
- Password should not be the same as account name.
- Password should not be common wording like "Password" or "[email protected]".
- Remember your password and DO NOT write it down or reveal it to anyone.
- Change your password on a regular basis (e.g. 90 days).
2. Managing your account/APP
- Regularly verify the transaction records on your account, check statements, emails and SMS notifications as soon as you receive them. Should you notice any unusual or unauthorised transactions, please change your password AND report to PAOB customer service centre (852) 3762 9900 immediately.
- Always keep the electronic receipt for fund transfers and bill payment transactions (such as email and SMS) as a record to help you verify transactions.
- Our emails and text messages never include hyperlinks to our APP or any page that asks you to fill in personal information. We will never ask you to confirm or provide us with any personal data by replying to an email.
- When conducting fund transfer or bill payments, a One-Time-Password (OTP) is send to you via SMS to authorise the payment instructions. Never tell or forward your SMS OTP or password to anyone, even if they claim to be from the bank, the law enforcement agencies or government officials.
- If your mobile phone number has been changed, you should notify the bank to update your record immediately.
- You should always log out and close your APP when you have finished your mobile banking session. Your mobile banking APP will automatically log out after a period of inactivity.
- Leaving your device or account unattended while you are logged on could cause unauthorized access, payment transactions and leakage of personal information.
- Do not disclose any information related to your account to anyone.
3. Maintain your device
- Download or install application from official store / trusted sources.
- Update patches from your device provider regularly to mitigate latest security loopholes identified.
- Install the latest anti-virus software on your device with the latest virus definition.
- Do not use any public device to access our PAOB service.
- Do not use any insecure communication channels, e.g public Wi-Fi.
- Setup secure passcode, screen locks or biometric authentication on your device to prevent unauthorized access.
- Do not log on to your mobile banking account on a "jailbroken" / "rooted" mobile device.
4. Phishing Scams
Phishing is when a criminal sends you an email that embedded with links or file attachments, the email may look genuinely from the bank. And it will ask to enter the link that will take you to a website or download an APP.
Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, user ID/password. The phishing website will record the information you provided and use it to access your account and steal your money. Similarly, if you download an APP from the phishing email or untrusted sources, your mobile device could be compromised together with your personal security information.
Remember: Always type in address https://www.paob.com.hk directly into browser to avoid going to fraudulent websites and only download our APP from official App Store or Google Play.
5. Bogus Calls and SMS messages
A caller may claim to be from the bank invite you to apply for a personal loan or financial services. Try to authenticate the call by asking the caller about their department name, contact number, contact our customer service if you are not sure of the caller's identity. Remember: Do not disclose important personal information to the caller.
Whenever receiving calls, SMS messages, emails, letters or communications through any other channels that claim to be from banks, even though your account is said to be at stake, transactions are said to have been conducted using your credit card or no matter how interested you are in the products being promoted, you should be cautious.
6. SIM card swap
- To gain access to your mobile banking service or even conduct unauthorized instructions (e.g. fund transfer), fraudster began to use a technique to "swap" your SIM card to them.
- Fraudster will approach your mobile service provider impersonated as yourself and claimed "you" have lost the SIM card or the mobile phone. As "you" wanted to arrange a new SIM card, fraudster would then get hold of the SIM card (with your mobile phone number), then the fraudster would be able to obtain the SMS OTP for authenticating an online instructions.
- Please be alert and talk to your mobile provider immediately if you lost the network connectivity for a long period.