Personal e-Banking Security

Overview

To ensure online protection and provide you safe and secure e-Banking services, we have implemented the following online security measures. 

In the meantime, you can also help safeguard your account information and data privacy. Please read the FAQs on Privacy and Security and visit Security Information Centre for more information.

Online Security Measures

Log on

Overview

When you log on to Personal e-Banking (Desktop version) with a new browser, you must choose whether to "Trust this browser".

After trusting a browser, you can log on via the same browser by entering the password or one-time security code only. No additional verifications needed. But you will be required to trust your browser again when there are certain changes on your device or browser, such as software version, to secure safety.

When using a new / untrusted browser to log on, we will need additional verification (enter a one-time SMS verification code or one-time security code) to confirm your identity.

This security measure protects your Personal e-Banking (Desktop version) against unauthorised log-on.

Overview

The Mobile Security Key / Security Device employs two-factor authentication to ensure data privacy and protect particularly high-risk transactions in Personal e-Banking. The Mobile Security Key is a digital version of the Security Device within Hang Seng Personal e-Banking mobile app. You can generate one-time security codes for verification purposes when you perform designated transactions with either your Mobile Security Key or physical Security Device.

Effective from 1 July 2022, we no longer issue a physical Security Device to Personal e-Banking customers (except for those with accessibility needs). Customers may download Hang Seng Personal Banking mobile app and switch to Mobile Security Key for more convenient banking services.

Transaction Signing

For added online protection when you perform any high -risk transactions, you are required to enter transaction-specific information into the Mobile Security Key / Security Device to generate a unique security code that will authorise the respective instruction in Personal e-Banking. This additional transaction verification function further prevents fraudulent attacks and ensures high-risk transaction will be made only for the account you specify.

Mobile Security Key

Learn more about Mobile Security Key

Security Device

What can you do with the Security Device

  • Transfer to Non-registered accounts / payees (including small value limit)
  • Pay bills to e-Merchants
  • Enroll to e-Bills
  • Set up Direct Debit Authorisation
  • Raise daily transfer and bill payment limit
  • Register new payee
  • Register Cross-Border View & Transfer services
  • Trading securities and other investment products
  • Request for ATM Card Replacement
  • Reset Card PIN or Request new Phone PIN
  • Report Card lost and card replacement
  • Update Personal Particulars
  • Reset Personal e-Banking passwords
  • Replace Security Device

PIN-protected

To safeguard your Security Device from easy access by third parties in case of loss, it is PIN-protected. You will have to set a PIN before the first time you use it and this PIN will be required to unlock the device before each use.

For any queries, e.g. instructions for setting up or replacing your Security Device, please visit Frequently Asked Questions.

Overview

You will receive a SMS notification when you have completed the following transaction in Personal e-Banking:

  • Transfers to non-registered 3rd-party accounts
  • Bill payment to payee under “e-merchants” category
  • Raise daily transfer and bill payment limit
  • Register new payee
  • Set up / amend Direct Debit Authorisation to designated beneficiaries
  • Change of personal particular
  • Reset password via “Forget password(s)”
  • Reset Card PIN

To conduct the above transactions, you must have your mobile number registered in our record. Please note that your SMS message will not be forwarded even if you have subscribed to an 'SMS Forwarding' service provided by a telecommunications service providers in Hong Kong.

To review and update your registered mobile number, please visit Customer Services > Account Maintenance > Personal Particulars after logging on to Personal e-Banking.

General question

<Only applicable for Android device users with App version after 18.6>

In response to recent malware attacks targeting Android device users, we've added a new function to detect suspicious apps installed on your device. Apps downloaded from non-official app stores or websites may allow hackers to gain control of your device. Hang Seng Mobile App will be unavailable until you delete or turn off Accessibility for these apps.

When you open the latest version of our app, we'll check the source and permissions of apps installed on your device. If we detect any suspicious apps, you'll see a screen showing the name of those app before logging on.

If you see the blocked logon screen, you need to complete one of the following actions before you can log onto Hang Seng Mobile App:

  • Tap the button on screen to go to device Settings and turn off accessibility for suspicious apps
  • Search for "accessibility" on your device settings and turn the function off for suspicious apps
  • Delete the suspicious apps from your device
  • Restore your device to factory settings

No, you don't have to delete or install Hang Seng Mobile App again. To continue using our app, please turn off Accessibility function for apps shown in the blocked logon screen.

Suspicious apps are those downloaded from unofficial sources, which are not verified officially. Excessive permissions refer to apps that request extra accessibly access to sensitive information or device functionalities.

We recommend the following:

  1. Delete the app(s) shown on the blocked logon screen;
  2. Log onto Hang Seng Mobile App to ensure it works normally;
  3. Download the app(s) you deleted from an official app store (e.g. Google Play Store, Samsung Galaxy Store, Huawei Store).

If you can't find the mentioned app in the accessibility application list, it is possible that the malware may be disguised as another app. In this case, we recommend turning off the accessibility function for all apps on your device as a precautionary measure. This will help ensure the security of your device while using Hang Seng Mobile banking.

Please consider deleting the identified app or reset your device to factory settings.

Google Play Store, Samsung Galaxy Store, Xiaomi Mi GetApps, Huawei AppGallery, Amazon Appstore, OPPO App Market, VIVO App Store, MeiZu App Store, OnePlus App Gallery, HONOR App Gallery, etc.

Your privacy matters to us. We only use this tool to detect malware activity and security threats. We don't collect additional personal data from your device.

Accessibility settings such as text-to-speech enhances user interface and makes it easier for users with disabilities to use a mobile device. However, fraudsters are using these settings to control devices remotely to steal sensitive information.

Our anti-malware tool flags apps downloaded from sources other than official app stores. Some well-known apps come from non-official sources, so they carry potential security risks.

The impact may vary for each app. You can enable the accessibility settings again after using Hang Seng Mobile App, or consider downloading the app from official app stores.

Overview

Effective from Jun 2024, you can keep track of your banking activities such as log-on and transaction via Hang Seng Mobile App by going to "Settings & Security" > "Your Recent Activities".

Records will be kept up to 30 days (max. 1,000 records), helping you to stay updated with your account and prevent unauthorised access.

FAQ

To better protect your account, we'll record some particular online banking activities for your easy reference. This includes:

Types

Banking activities

Log-on
  • Log on to Personal e-Banking via the following channels:
    - Hang Seng Mobile app
    - Hang Seng Invest Express Mobile App
    - Hang Seng Olive Mobile App
    - Hang Seng Bank Website
Security and app settings

  • Register Personal e-Banking
  • Activate Mobile Security Key
  • Activate biometric authentication
  • Recover username
  • Reset "6-digit PIN" 
  • Reset Personal e-Banking password
Change of contact details
  • Change the following contact details:
    - Phone / mobile number
    - Email address
    - Residential / office address
    - Correspondence address
Transfer and Pay
  • Transfer to non-registered local payee
  • Transfer to new overseas payee
  • Pay bill
Transfer limit and payee settings
  • Add payee
  • Raise bill payment limit
  • Raise individual payee daily transfer limit
  • Raise registered payee daily transfer limit
  • Raise non-registered payee daily transfer limit
  • Raise small value daily transfer limit
  • Raise mainland & overseas daily transfer limit
  • Set up a direct debit instruction
  • Link an account in Pull Money
Cards settings
  • Activate card
  • Block / unblock card
  • Set card-not-present transaction & limit
  • Add card to mobile wallet
  • Set local ATM withdrawal limit for debit card
  • Set monthly spending limit for debit card
  • Set overseas ATM withdrawal limit

We will only keep a record of some particular online banking activities that you complete on Personal e-Banking via our mobile app or website.

We will only keep a record of some particular online banking activities, and credit card transactions are not included.

You can go to "Credit Cards" at the bottom menu of Hang Seng Mobile App, and check the relevant records under "Recent transaction(s)"

If you noticed any suspicious banking activities, please contact us via "Settings & Security" > "Report suspicious transactions" to temporarily suspend your Personal e-Banking account.

In some cases, such as account limitations or system upgrades, the instructions that shown as submitted may not be completed. You can learn more about the status of the instructions in the following ways:

  • For transfers and payments, you'll see a record on "Account Overview" page under "Account Services" if the transaction is successful
  • For adding card to mobile wallet, you may check if your card is successfully added by tapping "Credit Cards" at the bottom menu
  • For debit card activation or block / unblock debit card, you may check if your card is successfully activated or blocked / unblocked on "My Debit / ATM Cards" under "Cards" page

 

It could be because you logged on via our other mobile apps, as the record will show "Successfully logged on via mobile app" when you log on to Hang Seng Mobile App, Hang Seng Invest Express Mobile App, or Olive Mobile App.

If you haven't logged on to any apps and believe that the log-on was not done by you, please contact us via "Settings & Security" > "Report suspicious transactions". Please note, we can only temporarily suspend your Personal e-Banking account, but cannot verify the log-on status for you.

The location is based on the IP address we detected when you logged on. If you're using any VPN services, it may change your IP address, which makes the log-on location shown in the record different from your actual location. Similarly, if you're using a data SIM with roaming enabled, the log-on location may reflect the location of the data SIM, rather than your actual location.

The browser you're using may ride on an open-source technology called Chromium, which is the same technology that powers Google Chrome. In this case, the browser you logged on with will be shown as Chrome.

Other online security measures

If you want to make bill payments to payees under the category of Banking and Credit Card Services, Brokers, Other Financial Institutions, or Sports and Leisure, you will need to complete pre-registration at one of our branches.

You will notice the bank's URL address begins with “https” when you have established a secure session with Hang Seng Personal e-Banking. Most desktop browsers will display a padlock icon either in the address bar or near the top of the browser to indicate you are accessing genuine Personal e-Banking services.

If a session is unattended or inactive for a certain period, it will be terminated automatically to prevent unauthorised access to your bank account.

Useful information