The Bank of East Asia

Wholesale Banking

Security

  • Employs Java Technology, public key cryptography, and Transport Layer Security (TLS for data encryption)
  • Automatic logout after 10 minutes to prevent unauthorised access at an unattended terminal
  • Displays login history for access control

Security Tips

Important Notes for Security in relation to Cyberbanking

These important notes apply to both personal and corporate Cyberbanking services (together referred to as "Cyberbanking") provided whenever and through whichever channels by The Bank of East Asia, Limited (“BEA”). Please read and adopt the following security precautions before using Cyberbanking, and follow the important notes and security tips issued by BEA on a regular basis.

Protect Your Account and Password

(1) Your mobile phone number, email address, and correspondence address must be up to date at all times in order to successfully receive notifications from BEA. Please update your information at any BEA branch immediately following any changes.

(2) Set a new Personal Identification Number (“PIN”) the first time you use the service, and then destroy all documents that your former PIN is printed on.

(3) Use a combination of numbers (0 to 9) and letters (A to Z) for your Cyberbanking PIN. Do not use your identity card number, telephone number, date of birth, driving license number, or any popular number sequence (such as 987654 or 123456) when choosing your PIN or password. Do not use the same number or letter more than twice.

(4) Memorise your PIN and password. Do not write them down.

(5) Change your PIN and password regularly.

(6) Keep your Cyberbanking account number, ATM card number, private key, and PIN for all Cyberbanking channels secret at all times. Ensure that you (and, where relevant, any authorised person) do not disclose or share this information with anyone – including any joint account holder or any financial management software or programs – under any circumstances, and do not transmit this information through email or any instant messaging software/programs. Never assign the same PIN or password for any other service (such as your internet connection, or login details for another website).

(7) Keep your ATM Card, bank statements, cheque books, other important documents, and any security device for accessing Cyberbanking in a safe place. If you want to discard any documents that contain your personal information, destroy them first.

(8) Under no circumstances will BEA use an email, SMS, instant message, phone call, or any other method to ask for your personal information, such as your password, One-time Password ("OTP"), HKID number, date of birth, account/credit card number, credit card expiry date, telephone number, Cyberbanking account number/username or Mobile Banking user ID. Do not disclose this information to anyone, including any person who claims to be an employee or representative of BEA, under any circumstances.

(9) Notify BEA immediately of any actual or possible unauthorised use of your Cyberbanking account number PIN or password, and send confirmation in writing to BEA without delay.

(10) Check your surroundings before performing any banking transactions, and make sure that no one sees your PIN or password. Cover the keypad when you enter your PIN on any device, such as a personal computer, mobile device, or other self-service terminal.

(11) Never leave your device unattended while using Cyberbanking or let any other person use your Cyberbanking service.

(12) Do not use a public computer or public Wi-Fi network to access Cyberbanking. Choose encrypted networks and remove any unnecessary Wi-Fi connection settings when using Wi-Fi to log in to Cyberbanking or Mobile Banking. Please disable any wireless network functions (e.g. Wi-Fi, Bluetooth, near-field communication (NFC)), or payment applications whenever such functions are unnecessary.

(13) Disable your browser's "AutoComplete" function. On some browsers, this function remembers the data you have entered previously. Refer to your browser's "Help" function if necessary.

(14) Make sure that all other browsers are closed before logging in to Cyberbanking or Mobile Banking.

(15) After you finish a session, make sure to log out of Cyberbanking, Mobile Banking and the BEA App, and clear your browser cache whenever necessary.

(16) Check the website's privacy policy statement and statement on security safeguards before providing personal data to the website.

(17) Check your bank balance and transaction history regularly. Notify BEA immediately if you discover any problems or any suspicious transactions and/or unauthorised transactions.

(18) Change your PIN or password immediately if you suspect that you have been deceived by a fraudulent website or email, or through a public Wi-Fi connection, public computer, third party's device, or any other means (for example, if you fail to log in to a service website after entering your correct PIN, whether or not any alert messages appear).

(19) If you intend to withdraw cash at overseas ATMs, you should activate the overseas ATM cash withdrawal function in advance and set a prudent overseas ATM cash withdrawal limit as well as an activation period. You may also check with BEA in advance whether your ATM card can be used to withdraw cash at your intended overseas destination.

Beware of Online Threats

(1) Only log in to Cyberbanking through www.hkbea.com. Do not click on URLs or hyperlinks embedded in any email, SMS, instant message, QR code, search engine, or any untrusted source to access Cyberbanking.

You should access the BEA website by typing www.hkbea.com into the web browser directly or by bookmarking the genuine website for subsequent access.

(2) Check the authenticity of the BEA website by checking the URL and the Bank's name in its Digital Certificate. A security icon that looks like a lock or key will appear when authentication and encryption is expected.

(3) Every time you log in to Cyberbanking, please verify your last login date and time on the homepage. Check that the BEA identity message is authentic when you access Mobile Banking.

(4) Take precautions against hackers, viruses, spyware, and any other malicious software when sending and receiving emails, opening email attachments, visiting and disclosing personal/financial information to unknown websites, and downloading files or programmes from websites. Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails or messages received through WhatsApp, Line, WeChat, and other e-communities.

(5) Use proper firewalls, anti-virus software and anti-spyware software, and promptly install the most up-to-date versions to scan your device from time to time to strengthen their security.

(6) Upgrade your browser and applications to support Transport Layer Security (TLS) encryption or a higher encryption standard, and make sure that the browser option for storing or retaining usernames, and PINs is unselected.

(7) Remove shared files and printers from your computer, especially when accessing the internet through a cable modem, broadband connection, wireless network, or similar setup.

(8) If any suspicious screens pop up, or any unusual login screen request appears asking you to provide additional personal information, or if your device's network/traffic is unusually slow, you should log out of Cyberbanking or Mobile Banking immediately and scan your device (including but not limited to computers and mobile or tablet devices) with the most up-to-date version of your virus protection software.

(9) When you receive an SMS with an OTP, verify the accuracy of the transaction details before entering the OTP. When you receive our SMS message and/or notification message, verify the accuracy of the transaction details in a timely manner and inform BEA immediately of any suspicious situations. No SMS containing an OTP will be forwarded to any other mobile phone number, even if you have subscribed to an SMS-forwarding service provided by your telecommunications provider in Hong Kong.

(10) Protect yourself from email scams - verify the sender's identity before you take any action, to avoid being deceived.

(11) Do not use applications, programs, or software from untrustworthy sources.

(12) Contact BEA for confirmation immediately whenever a website or app claiming to originate from BEA looks suspicious to you.

Secure Your Device

(1) Use the version of operating system, BEA App, and browser recommended by BEA to access the Cyberbanking. Do not jailbreak or root your mobile device.

(2) Do not install or run applications from third-party sources on your device. You are recommended to set your device to block installation of applications from unknown sources and keep it properly configured.

(3) Carefully read installation and/or permission requests from websites, applications, and other software and programs. Be wary of any unusual or unnecessary request.

(4) Keep the operating system and applications installed on your device up to date with the latest security patches.

(5) Consider using the latest versions of security software/programs to scan your device from time to time to strengthen its security.

(6) Check the storage, battery, and data usage of applications in your device from time to time to see if there are any suspicious applications. Uninstall any suspicious application when necessary.

(7) Do not share your device with other people or use other people’s devices to log in to Cyberbanking, Mobile Banking, or the BEA App. Set a passcode for your device that is difficult to guess and activate the auto-lock function.

(8) If your device is capable of biometric authentication (e.g. fingerprint or facial recognition), do not let any other person register his/her biometrics on it.

(9) You should not use facial recognition for authentication if you have identical siblings or siblings that look like you, or if you are an adolescent with rapidly developing facial features.

(10) Do not disable any features that can strengthen the security of biometric authentication, such as “attention awareness” for facial recognition (e.g. ensure that the “Require Attention for Face ID” setting is enabled).

For more information on how to ensure your safety when using internet banking, please visit the website of: