The Bank of East Asia

Security Tips

Security Tips

The Bank of East Asia, Limited (“BEA”) has adopted the latest security technology to prevent unauthorised access to customers' bank accounts and provide a well-protected online banking service. You are encouraged to read the following advice to ensure the safety of your transactions and information.

  1. Major Security Tips
  2. Use of e-Channels (including Personal/Corporate Cyberbanking and BEA’s official mobile applications)
  3. Use of ATM Services
  4. Use of i-Teller Services
  5. Use of Phone Banking
  6. Two-Factor Authentication
  7. Fraud Prevention Information
  8. More Security Information

 


 

Protect your Personal Digital Keys

 

      1. Major Security Tips
        • The Bank’s staff will never ask for sensitive information such as your HKID, account number, Personal Identification Number (“PIN”), one-time passwords (“OTPs”) generated with i-Token, credit card number, etc., through any channels (such as phone calls, email, or SMS). Do not disclose or share such information with anyone, even BEA staff or police officers, under any circumstances.
        • Never disclose your online banking login name or password to anyone.
        • Avoid opening any email attachments or clicking hyperlinks embedded in any email, SMS, instant message, social media platform, QR code, search engine, or any untrusted source to access webpages and enter your sensitive information – especially your login details. Only use the service by typing www.hkbea.com into your web browser, through a bookmarked link, or through BEA’s official mobile applications.
        • Take precautions against phishing scams (such as scams themed around COVID-19 or other social phenomena) hackers, viruses, spyware, and other malicious software.
        • Always check your SMS/email transaction notifications from the Bank, and regularly check your transaction history and statements in Cyberbanking or BEA’s apps.
        • Make your passwords difficult to guess by using a combination of numbers, symbols, letters in upper and lower case, and different from those used for other internet services. Change your passwords regularly.
        • Use official software and keep the operating system and apps installed on your device up to date with the latest security patches. Install anti-virus and anti-spyware software, keep them updated, and scan your device regularly.

         

      2. Use of e-Channels (including Personal/Corporate Cyberbanking and BEA’s official mobile applications)
        • Be alert to your surroundings before logging in. Make sure no one sees what you enter and log off properly after use.
        • To ensure secure transactions, please download one of BEA’s official mobile applications and i-Token from an official app store (Google Play or the App Store) and do not use the app on any “jailbroken” or “rooted” devices.
        • Please take note of your last login date and time or “Identity Message” every time you log in to one of our e-channels.
        • Visit any of our branches to update personal information if your mobile phone number and/or email address recorded in the Bank has been changed or become invalid.
        • Verify the transaction details including the payee name and amount when making “FPS” small-value transfers or transfers to registered/non-registered accounts using a mobile phone number, email address, FPS ID, QR code, or account number. If you have any enquiries, confirm with the payee before making the transaction.
        • To prevent unauthorised access by others, we recommend you set up auto-lock and a passcode lock, and enable remote wiping for your device in case of loss/theft.
        • Notify the Bank immediately of any actual or suspected unauthorised access of your account.
        • If your device is capable of biometric authentication (e.g. fingerprint or facial recognition), do not disable any features that strengthen the security of biometric authentication and do not let any other person register his/her biometrics on it.
        • You should not use facial recognition for authentication if you have identical siblings or siblings that look like you, or if you are an adolescent with rapidly developing facial features.
        • Do not use a public computer or public Wi-Fi network to access e-banking services. Choose encrypted networks when using Wi-Fi and remove the settings of any unnecessary Wi-Fi connections. Disable any wireless network functions such as Wi-Fi, Bluetooth, NFC, etc. when not in use.
        • Avoid using online services through free or untrusted Virtual Private Network (VPN). If you need to use remote access technology to access online services, please use trusted software without publicly known vulnerabilities.
        • Carefully read the installation and/or permission requests from websites, apps, and other software and programs. Do not install or run apps from third-party/untrustworthy sources on your device, and uninstall any suspicious apps.
        • Regularly check and update your system’s web browsers and any of BEA’s official mobile applications on your devices.
        • Be alert if using public USB charging stations for your mobile phone or device to avoid malware infection.
        • Do not submit documents (such as scanned identity documents, bank statements, or letters) to any untrusted website or app.

         

      3. Use of ATM Services
        • Remember your PIN and do not keep it with your ATM card.
        • Change your PIN immediately when using your ATM card for the first time and destroy any documents containing your PIN.
        • Be alert to your surroundings before conducting any transactions. Make sure no one sees your PIN, and cover the keypad when you enter your PIN.
        • Check that the protective keypad cover is intact before using any ATM in Hong Kong. Contact the Bank immediately if in doubt.
        • Should you notice any suspicious devices in an ATM (such as a micro-skimmer, pin-hole camera, fake key pad, etc.) or any suspicious activities around you when performing an ATM transaction, cancel your transaction and inform the Bank immediately.
        • Retrieve the banknotes (if withdrawing cash), transaction receipt (if applicable), and ATM card as instructed after your ATM transaction is completed. Never try pushing your ATM card back into the ATM.
        • Count the banknotes immediately after withdrawing cash. Keep all transaction receipts and check them against your account records.
        • Do not take away any banknotes left behind by someone else at the cash dispenser or ATM card left in the card insertion slot. Let the ATM retract the banknotes and/or ATM card automatically.
        • Set your effective date and expiry date for overseas ATM cash withdrawal before travelling. Invalidate the function when you have returned from travelling.
        • If your ATM Card/PIN is lost or stolen, or if someone else learns your PIN, please inform the Bank immediately by visiting any of our branches, logging in to Cyberbanking, or calling our hotline:
          (852) 2211 1818 (during office hours)
          (852) 2211 1862 (during non-office hours)

         

      4. Use of i-Teller Services
        • Be aware of your surroundings and do not ask for/accept assistance from strangers when performing transactions.
        • Always keep your ATM card in a safe place.
        • Should you notice any suspicious device in the i-Teller (such as a micro-skimmer, pin-hole camera, fake key pad, etc.) or any suspicious activities around you when performing a transaction, cancel your transaction and inform the Bank immediately.
        • Check your account transaction records regularly. Inform the Bank immediately if you find any suspicious transactions. The Bank will not ask for any sensitive personal information over the phone or by email.

         

      5. Use of Phone Banking
        • In order to prevent fraud, please keep your Phone Banking PIN secret.
        • Never disclose your Phone Banking PIN to anyone (including BEA staff or police officers).
        • Do not allow anyone to use your Phone Banking PIN to perform enquiries/transactions.
        • Update your Phone Banking PIN regularly to ensure safety.
        • Check your account transaction records regularly. Inform the Bank immediately if you find any suspicious transactions. The Bank will not ask for any sensitive personal information over the phone or by email.

         

      6. Two-Factor Authentication
        • To enhance security for online transactions, the Bank provides a two-factor authentication service for its e-channels. You are required to enter an i-Token OTP+ or SMS OTP# to confirm designated transactions*.
        • Do not leave your security device (including your mobile phone which has i-Token installed or receives SMS OTPs) unattended or allow anyone to possess or control your security device.
        • Do not share any OTP sent to your mobile phone or provided by i-Token with other people.
        • Do not install i-Token on any “jailbroken” or “rooted” devices.
        • Carefully check the transaction details before entering your OTP.

          +You are required to register your mobile phone number and email address with the Bank before you can use i-Token.

          *These transactions include fund transfers to non-registered accounts with BEA Hong Kong and other local banks, fund transfers to non-registered BEA accounts in China and the United Kingdom, transaction limit increases, bill payments to merchants (except the "Government or Statutory Organisation", "Utilities", "Education: Primary or Secondary School", and "Education: Post-secondary or Specialised Institution" categories), setting up scheduled instructions or templates for the above-mentioned transactions, access to online investment services (including Stocks, Unit Trusts, Linked Deposit-related services, eIPOs, and Foreign Exchange/Precious Metal Margin Trading services), and any new transaction types as prescribed by the Bank from time to time.

          #SMS OTPs cannot be forwarded to any other phone number, even if you have enabled the "SMS forwarding" service with your mobile phone service provider in Hong Kong.

         

      7. Fraud Prevention Information
        • If you have suspicions about the identity of any apparent intermediary/representative who promotes BEA products or services, you should immediately make a call to the Bank through official channels to verify.
        • Notify the Bank immediately if you lose and/or subsequently replace any identity documents which you registered with BEA when opening your account, or if you have any suspicion that statements or account details may have been compromised or stolen.
        • Beware of bogus SMS messages and voice message calls. If you are suspicious about the identity of any callers, call us immediately through official channels to verify.
        • Beware of fraudsters who impersonate the staff of BEA Group. Beware of unauthorised share-trading transactions. If you notice any suspicious or unauthorised activity related to your account, you should make a call in official channel and verify with the Bank immediately.
        • To avoid being deceived by a message, verify the sender's identity through alternative channels before taking any action.
        • Beware of potential phishing attacks with common signs, such as a malicious sender address, subject heading with a “warning” or “FYI” label, a request that you enter personal information or click on a suspicious link, generic salutation, threat or false sense of urgency to trick you, demand for sensitive information or instruction to open an attachment, poor spelling/grammar, etc. In any such case, please verify the sender’s identity through alternative/official channels or delete the message immediately.
        • Before entering your credit card information and/or an SMS OTP, please ensure the website is trustworthy.
        • Keep alert when linking your credit card to any contactless mobile payment app. An SMS will be sent to your mobile phone once your card has been linked successfully to a contactless payment app.
        • Take precautionary measures to protect all mobile devices you own which can be used to access any BEA app or activated Mobile Contactless Payment Service, and prevent others from accessing it.

         

      8. More Security Information

        To learn more about security issues related to e-banking services, please click the following links:

        Hong Kong Police Force:

        HKSAR Government:

        Hong Kong Monetary Authority:

         

        If you notice any suspicious transactions or receive suspicious transaction notifications, please contact our 24-hour Customer Service Hotline (852) 2211 1333 immediately or visit one of the BEA Branches. For ATM or Cyberbanking (including BEA App) related suspicious transactions, you can complete the Report Suspicious Transactions Form for our handling. You can also contact the Anti-Deception Coordination Centre (ADCC) on (852) 18222 for an anti-deception consultation service provided by the Hong Kong Police Force.