• Security Tips

How to Safeguard and Protect Your Password or One-Time Confirmation Password (OTP):
• Do not use your User ID, ID number, date of birth, telephone number, other personal information or any sequential/repeated number (e.g. 123456, 111111) as your Password.
• Password should be consist of 8 to 20 alphanumeric characters, without repeating any digit or character more than once
 • Please memorize your Password and do not keep a written record of your Password or disclose it to anybody.  • Please change your Password regularly. • Do not use your password for Corporate Online Banking on other financial or non-financial websites, applications, or online services. • Do not write down or record your password on a computer hard drive, external storage device, mobile phone, or any other insecure place. • Do not select your Internet Browser option for storing and retaining your login User ID, password and OTP.  • Disable your browser's 'AutoComplete' function that remembers the data (including your Organization ID, User ID, password and OTP) that you input. • Do not reveal or share your Organization ID, User ID, password and OTP to anyone. • If you have forgotten your password, you may reset your password via the Forget Password option on the login page. If you still have problem on it, please contact bank customer service team for further help. • Please contact our bank customer service team immediately if you suspect any unauthorized access. How to Safeguard and Protect Your Corporate Online Banking Security Device or Corp eToken:
• Do not allow anyone to keep, use or tamper your Security Device or Corp eToken.
• Never reveal the OTP generated by your Security Device or Corp eToken to anyone.
• Each Security Device or Corp eToken is unique and tagged to your User Login ID. You will not be able to use another person's registered Security Device or Corp eToken to access Corporate Online Banking.
• Always keep your Security Device locked when not using, Do not leave your Security Device unattended. If you are a Corp e Token user, please keep your mobile device with Corp e Token installed safely.
• Do not divulge the serial number of your Security Device or Corp eToken to anyone.
• Do not attempt to replace the battery or modify any parts in your Security Device. Please contact our bank customer service team should your Security Device is malfunction, broken or physically damaged, or lost.
• If you have installed Corp eToken APP but your mobile phone/mobile device is lost/stolen, or you would like to use the Corp eToken on another device, please login Corporate Online Banking to disable your Corp eToken or contact our bank customer service team immediately.
• When activating your Corp eToken APP with biometric recognition technology (e.g. Facial or Finger print recognition), please ensure the environment is safe and private before proceeding.
• Please contact our bank customer service team immediately if you suspect your Security Device or Corp eToken has been tampered or misused.
 Major Tips on Protection of Your Mobile Phone/Mobile Device:
• Set a passcode/password for your mobile phone/mobile device that is difficult to guess. Activate the auto-lock function.
• Use the latest versions of operating system and APPs on your mobile phone/mobile device.
• Do not jailbreak or root your mobile phone/mobile device.
• Do not keep sensitive information, e.g. PIN, login password, banking account number and personal ID document numbers, in your mobile phone/device
• Install and update promptly your security software. Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails/SMS messages.
• Do not download APPs from unsecured sources. Download and upgrade your APPs from official APP stores or reliable sources only.
• When you install an APP, read permission requests carefully and stop installation if the permission requests seem unusual or unnecessary for you.
• Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) not in use.
• Use only trusted & encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.
 Be Cautious of Malware (Trojan Horses, Spyware etc.): Trojan Horse Program could capture your PC or mobile devices (smartphones or tablets) (thereafter collectively as “Devices”) screen, logging keystrokes history or at the runtime, and remote control your computer or mobile devices. It steals information like your Login ID, passwords, SMS OTP, to proceed fraudulent or unauthorized transactions with the corporate bank accounts. If you found any unusual circumstance when using the Bank's Internet banking services, please contact us immediately and should also stop inputting any password or transaction. Be Cautious of Spyware: Spyware is a malicious program that is installed on the Devices without user's acknowledgement or consent, with a threat to information leakage. This program often comes from the hidden components of "free program". Such software claims to accelerate your internet speed and protect your Devices from email virus. Once you have installed such software on your Devices, user's information and internet activities will be redirected to unauthorized organizations that allow them to store and analyze your internet activities/information. To further protect your e-banking security, access to CNCBI Corp eToken would be suspended if potential risks had been detected on your device. Potential risks may include:
• Malware APPs and/or APPs from unofficial sources were installed on your device; and
• Mobile APPs which have requested for excessive permission settings (e.g. screen sharing, screen mirroring or remote control function)
 If your access to CNCBI Corp eToken is suspended, you should:
• Turn off the accessibility settings of the installed APPs on your device
• Disable the USB debugging in developer mode of Settings
• Delete or uninstall suspicious APPs on your device
 For more information, please refer to the press release from the Hong Kong Association of Banks “Enhancement on security measures to safeguard customers against malware scams”:
https://www.hkab.org.hk/en/news/press-release/292 What you can do to protect yourself?
• Install mobile security, anti-virus or anti-spyware software programs onto your Devices from authorized stores before you download other programs in your Devices.
• Only download and install APPs provided by trusted and verified developers from official APPs stores. If you see a prompt asking you to install an “APK”, or a new keyboard, do not install it unless you are completely sure it is safe.
• Do not download any freeware version of software onto the Devices that will be used to access the Corporate Online Banking Service.
• Do not download any Point-to-Point (P2P) sharing software (e.g. WinMX, Foxy, BitTorrent) onto the Devices that will be used to access the Bank's Internet banking services.
• Do not install Internet Accelerator program.
• Do not visit the Bank's website while there is any software that has the ability to monitor the current internet session of your Devices and uninstall any suspicious software that has the ability to track your internet sessions. If you suspected that your Devices, which had been used to access the Bank's Internet banking services, may have been affected by malware, please report to the Bank immediately. If possible, turn off the affected device and use another device to contact the Bank.
• Regularly update your anti-virus/ anti-spyware software to ensure that your Devices are installed with the latest version.
• Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails, instant message, SMS messages, webpages or social media pages/posts.
• Evaluate APPs' requested permissions and accessibility carefully before installation; and maintain proper configuration of mobile devices (e.g. disallow installation of APPs from unknown source). Be aware of what permissions you grant APPs during installation, especially if they are sensitive such as “notifications”, “accessibility” or “send/view SMS” in mobile devices. Do not give unnecessary permissions.
• Avoid using any public/shared computers or devices such as those located at cyber cafes or public libraries.
• Avoid using public Wi-Fi to access Corporate Online Banking services.
• Regularly update your operating system, mobile applications and browser to ensure that your Devices are installed with the latest version.
 Other Important Online Security Tips and Precautions for You:
• Always apply proper dual controls and authorization before conducting high-risk transactions and online fund transfer.
• Always check the authenticity of CHINA CITIC BANK INTERNATIONAL LIMITED website by comparing the URL and the bank's name in its digital certificate or by observing the indicators provided by an extended validation certificate.
• Always check that the CHINA CITIC BANK INTERNATIONAL LIMITED website address changes from http:// to https:// and a security icon that looks like a lock or key appear when authentication and encryption is expected.
• Please check your bank account balance and transactions frequently and report any discrepancy to bank immediately.
• Install anti-virus, anti-spyware and firewall software in your personal computers, notebooks, or mobile devices, particularly when they are linked via broadband connections, digital subscriber lines or cable modems.
• Update your operating system, Internet browsers and anti-virus and firewall software with latest security patches or newer versions on a regular basis.
• Set up hard-to-guess lock codes and auto-lock functions.
• Remove file and printer sharing in your computers or notebooks, especially when they have Internet access via cable modems, broadband connections or similar set-ups.
• Do make regular backup of critical data.
• Consider the use of encryption technology to protect highly sensitive data.
• Log off the online session and turn off your computer when not in use.
• Do not install software or run programs of unknown origin.
• Do not download any freeware onto the computer that you use to access Internet banking.
• Delete junk or chain emails.
• Do not open email attachments from senders or e-mail ID unknown to you.
• Do not disclose personal, financial or credit card information to little-known or suspect websites.
• Do not use a computer or a device, which cannot be trusted.
• Do not use public or Internet café computers to access online banking or perform financial transactions online.
• Close all browser windows before logging on to Internet banking to protect your personal information from unauthorized access from another website.
• Always log off after using Corporate Online Banking service.
• Be wary of opening unexpected emails with attachments, and never click on a hyperlink in a suspicious email.
• Never use hyperlinks in emails or Internet search engines to log on to Internet banking. Always type the address into your browser or bookmark the genuine website and use that to access your bank account.
• Never open an email attachment that contains a file ending with .exe, .pif, or .vbs as these are commonly used with viruses.
• When an email claiming to originate from a bank looks suspicious to you, e.g. if it says you have won a prize draw or there is an offer for you to make some easy money without any action on your part, contact the bank immediately for verification.
• Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information) and whether anyone is trying to peek at your password. Log out immediately after use.
• Check your bank's SMS messages and other messages (e.g. e-mail alert notification) in a timely manner and verify your transaction records. Inform your bank immediately in case of any suspicious situations. Banks will not ask for any sensitive personal information (including passwords) through phone calls or emails.
• You should terminate the login session if you encounter any SSL server certificate warning not belongs to CHINA CITIC BANK INTERNATIONAL LIMITED (CNCBI) and inform CNCBI Corporate Online Banking customer service hotline (+852 3603 6166) immediately.
• You should regularly check your account balance and transaction activities. If there is any abnormal activities noted, please contact CNCBI Corporate Online Banking customer service hotline (+852 3603 6166) immediately.
 More Security Tips:
To learn more online security tips, you may refer to our Online Security Page and also visit the following websites supported by Hong Kong SAR government, Hong Kong Monetary Authority & Hong Kong Police Force.
Hong Kong SAR Government Cyber Security Information Portal:
https://www.cybersecurity.hk/en/index.php Hong Kong SAR Government InfoSec Website:
https://www.infosec.gov.hk/en/best-practices/person/ Hong Kong Monetary Authority:
https://www.hkma.gov.hk/eng/smart-consumers/internet-banking/ Hong Kong Police Force:
https://www.police.gov.hk/ppp_en/04_crime_matters/tcd/index.html Please contact Corporate Online Banking customer service hotline (+852 3603 6166) or your Relationship Manager immediately if you suspect any unauthorized access or abnormal transactions related to your Corporate Online Banking service account.