1. Password tips
- Use random combination of letters (both upper and lower case), numbers and special characters, which is hard to guess
- Do not using names, birthdays, phone numbers, ID numbers as your password(s)
- Password should not be the same as account name
- Password should not be dictionary wordings like "Password"
- Remember your password and DO NOT write it down or reveal it to anyone.
- Change your password on a regular basis (e.g. 90 days)
2. Managing your account/APP
- Use our APP to check transactions on your account more frequently, check statements, emails and SMS notifications as soon as you receive them. Should you notice any unusual or unauthorised transactions, please change your Password and notify the Bank immediately.
- Always keep the electronic receipt for fund transfers and bill payment transactions to help you verify transactions.
- Our emails and text messages never include hyperlinks to our APP or any page that asks you to fill in personal information. We will never ask you to confirm or provide us with any personal data by replying to an email.
- When conducting fund transfer or bill payments, a One-Time-Password (OTP) is send to you via SMS to authorise the payment instructions. Never tell your SMS OTP or password to anyone, even if they claim to be from the bank, the law enforcement agencies or government officials
- If your mobile phone number has been changed, you should notify the bank to update your record immediately.
- You should always log out and close your APP when you have finished your mobile banking session. Your mobile banking APP will automatically log out after a period of inactivity.
- Leaving your mobile device unattended while you are logged on could cause unauthorized access, payment transactions and leakage of personal information.
3. Maintain your device
- Install the latest anti-virus software on your mobile device with the latest virus definition.
- Update patches from your mobile device provider regularly to mitigate latest security loopholes identified.
- Use screen locks on your mobile device to prevent unauthorized access
- Do not logon your mobile banking APP on a "jail break" / "rooted" mobile device
- Do not install or run software downloaded from unknown sources
4. Phishing Scams
Phishing is when a criminal sends you an email that embedded with links or file attachments, the email may look genuinely from the bank. And it will ask to enter the link that will take you to a website or download an APP.
Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, user ID/password. The phishing website will record the information you provided and use it to access your account and steal your money. Similarly, if you download an APP from the phishing email or untrusted sources, your mobile device could be could be compromised together with your personal security information.
Remember: Always type in address https://www.paob.com.hk directly into browser to avoid going to fraudulent websites and only download our APP from App Store or Google Play.
5. Bogus Calls
A caller may claim to be from the bank invite you to apply for a personal loan or financial services. Try to authenticate the call by asking the caller about their department name, contact number, contact our customer service if you are not sure of the caller's identity. Remember: Do not disclose important personal information to the caller.
6. SIM card swap
- To gain access to your mobile banking service or even conduct unauthorized instructions (e.g. fund transfer), fraudster began to use a technique to "swap" your SIM card to them.
- Fraudster will approach your mobile service provider impersonated as yourself and claimed "you" have lost the SIM card or the mobile phone. As "you" wanted to arrange a new SIM card, fraudster would then get hold of the SIM card (with your mobile phone number), then the fraudster would be able to obtain the SMS OTP for authenticating an online instructions.
- Please be alert and talk to your mobile provider immediately if you lost the network connectivity for a long period.