1. Password Tips
- Use at least eight characters long password.
- Use a combination of different character types in a password, e.g. upper and lower case letters, numeric and symbol characters.
- Do not use name(s), birthday(s), phone number(s) or ID number(s) as your password(s).
- Do not use any connected letters or numeric characters which are located on the keyboard, e.g. 123, 321, qwe, ewq, etc.
- Password should not be the same as the relevant account name.
- Password should not be common wording like "Password" or "P@ssw0rd".
- Remember your password and DO NOT write it down or reveal it to anyone.
- Change your password on a regular basis (e.g. 90 days).
2. Maintain Your Account/App
- Regularly verify the transaction records on your account, check statements, emails and SMS notifications as soon as you receive them. Should you notice any unusual or unauthorized transactions, please change your password AND report to PAOB customer service centre at (852) 3762 9900 immediately.
- Always keep the electronic receipt for fund transfers and bill payment transactions (such as email and SMS) as a record to help you verify relevant transactions.
- Our emails and text messages never include hyperlinks to our APP or any page that directs you to carry out transactions or asks you to fill in sensitive personal information (including login passwords or one-time passwords). We will never ask you to confirm or provide us with any sensitive personal information by replying to an email.
- When conducting fund transfers or bill payments, a One-Time-Password (OTP) will be sent to you via SMS to authorize the payment instructions. Never tell or forward your SMS OTP or password to anyone, even if such person claims to be from a bank, a law enforcement agency or a government official.
- If your mobile phone number has been changed, you should notify the bank to update your record immediately.
- You should always log out and close your APP when you have finished your mobile banking session. Your mobile banking APP will automatically log out after a period of inactivity.
- Leaving your device or account unattended while you are logged on may cause unauthorized access, payment transactions and leakage of personal information.
- Do not disclose any information related to your account to anyone.
3. Maintain Your Device
- Download or install application from official store / trusted sources.
- Update patches from your device provider regularly to mitigate the latest security loopholes identified.
- Install the latest anti-virus software on your device with the latest virus definition.
- Do not use any public device to access our PAOB service.
- Do not use any insecure communication channels, e.g public Wi-Fi.
- Setup secure passcode, screen locks or biometric authentication on your device to prevent unauthorized access.
- Do not log on to your mobile banking account on a "jailbroken" / "rooted" mobile device.
4. Phishing Scams
Phishing is when a criminal sends you an email that embedded with links or file attachments, the email may look genuinely from the bank. And it will ask you to enter the link that will take you to a website or download an APP.
Once you arrive at the fake site, it will usually prompt you to enter personal security information, such as your account number, user ID/password. The phishing website will record the information you provided and use it to access your account and steal your money. Similarly, if you download an APP from the phishing email or untrusted sources, your mobile device could be compromised together with your personal security information.
Remember: Always type in address https://www.paob.com.hk directly into browser to avoid going to fraudulent websites and only download our APP from official App Store or Google Play.
5. Bogus Calls and SMS messages
A caller may claim to be from the bank and invite you to apply for a personal loan or financial services. Try to authenticate the call by asking the caller about his/her department name, contact number. Contact our customer service if you are not sure of the caller's identity. Remember: Do not disclose important personal information to the caller.
Whenever you receive calls, SMS messages, emails, letters or communications through any other channels that claim to be from banks, even though your account is said to be at stake, transactions are said to have been conducted using your credit card or no matter how interested you are in the products being promoted, you should be cautious.
6. SIM Card Swap
- To gain access to your mobile banking service or even conduct unauthorized instructions (e.g. fund transfer), a fraudster may use a technique to "swap" your SIM card to them.
- The fraudster will then approach your mobile service provider impersonated as yourself and will claim to have lost the SIM card or the mobile phone. By registering a new SIM card, the fraudster will get hold of the new SIM card (with your mobile phone number) through which the fraudster will be able to obtain the SMS OTP for authenticating an online instructions.
- Please be alerted and contact your mobile provider immediately if you lose the network connectivity of your mobile phone for a long period.