The Bank of East Asia

Personal Banking

Security Tips

Protect Your Account and Password

1. Do not use your identity card number, telephone number, date of birth, driving license number, or any popular number sequence (such as 98765 or 12345) when choosing your PIN or password. Do not use the same digit more than twice.
2. Memorise your PIN and password. Do not write them down.
3. Change your PIN and password regularly. Avoid reusing of passwords from personal accounts and/or social media accounts.
4. Keep your user ID and password secret at all times. Ensure that you (and, where relevant, any authorised person) do not disclose or share this information with anyone – including any joint account holder or any financial management software or programs – under any circumstances, and do not transmit this information through email or any instant messaging software/programs. Never assign the same password for any other services (such as your internet connection, or login details for another website).

In addition, choose login credentials, user ID, and/or passwords which are significantly distinct from your other personal accounts, especially from social media accounts.

5. Under no circumstances will The Bank of East Asia, Limited (“BEA”) use an email, SMS, instant message, phone call, or any other method to ask for your personal information, such as your password, One-time Password ("OTP"), HKID number, date of birth, account/credit card number, credit card expiry date, telephone number, Cyberbanking account number/username, or Mobile Banking user ID. Do not disclose this information to anyone, including any person who claims to be an employee or representative of BEA, under any circumstances.
6. Delete any SMS/push messages that you receive after using Mobile Banking.
7. Notify BEA immediately of any actual or possible unauthorised use of your PIN or password, and send confirmation in writing to BEA without delay.
8. Check your surroundings before performing any banking transactions, and make sure that no one sees your PIN or password. Cover the keypad when you enter your PIN on any device, such as a personal computer, mobile device, or other self-service terminal.
9. Never leave your device unattended while using the BEA App or let any other person use your Mobile Banking.
10. Do not use a public computer or public Wi-Fi network to access Mobile Banking. Choose encrypted networks and remove any unnecessary Wi-Fi connection settings when using Wi-Fi to log in to Mobile Banking. Please disable any wireless network functions (e.g. Wi-Fi, Bluetooth, near-field communication (NFC)), or payment apps whenever such functions are unnecessary.
11. Change your PIN or password immediately if you suspect that you have been deceived by a fraudulent website or email, or through a public Wi-Fi connection, public computer, third party's device, or any other means (for example, if you fail to log in to a service website after entering your correct PIN, whether or not any alert messages appear).

Beware of Online Threats

1. Do not click on URLs or hyperlinks embedded in any email, SMS, instant message, QR code, search engine, or any untrusted source to access Mobile Banking. Do not use/install any third-party software or program to access Mobile Banking.

You should access the BEA website by typing into the mobile browser directly, by bookmarking the genuine website for subsequent access, or through the BEA App.

2. Check that the BEA identity message is authentic when you access Mobile Banking.
3. Take precautions against hackers, viruses, spyware, and any other malicious software when sending and receiving emails, opening email attachments, visiting and disclosing personal/financial information to unknown websites, and downloading files or programmes from websites. Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails, including but not limited to encrypted files, compressed files (zip), or messages received through WhatsApp, Line, WeChat and other e-communities.
4. Do not use apps, programs, or software from untrustworthy sources.

Secure Your Device

1. Use the version of operating system, BEA App, and browser recommended by BEA to access Mobile Banking. Do not jailbreak or root your mobile device.
2. Do not install or run apps from third-party sources on your device. You are recommended to set your device to block installation of apps from unknown sources and keep it properly configured.
3. Carefully read installation and/or permission requests from websites, apps, and other software and programs. Be wary of any unusual or unnecessary request.
4. Keep the operating system and apps installed on your device up to date with the latest security patches.
5. Consider using the latest versions of mobile security software/programs to scan your device from time to time to strengthen its security.
6. Check the storage, battery, and mobile data usage of apps in your mobile device from time to time to see if there are any suspicious apps. Uninstall any suspicious app when necessary.
7. Do not share your device with other people or use other people’s devices to log in to Cyberbanking or Mobile Banking, or the BEA App. Set a passcode for your device that is difficult to guess and activate the auto-lock function.
8. If your device is capable of biometric authentication (e.g. fingerprint or facial recognition), do not let any other person register his/her biometrics on it.
9. You should not use facial recognition for authentication if you have identical siblings or siblings that look like you, or if you are an adolescent with rapidly developing facial features.
10. Do not disable any features that can strengthen the security of biometric authentication, such as “attention awareness” for facial recognition (e.g. ensure that the “Require Attention for Face ID” setting is enabled).