Standard Chartered Online Banking - Security Message

  1. Use a computer/ device that you trust

    • Create passwords to protect your computer from unauthorized access

    • Do not conduct your Standard Chartered Online Banking transactions using public or shared computers.

    • Safeguard your mobile phone or any device that you may use to receive the One-time Password.

    • Check Microsoft or Apple websites for the latest security and updates.

    • Always keep the operating system of your computer / device up to date by ensuring that automatic updates are switched on and all updates are installed when available.

    • If you are using a wireless network or device, you are strongly advised to consult your vendor/service provide to ensure that your network or devices are configured with adequate security settings.

  2. Install anti-virus software, anti-spyware software, personal firewall and security updates for browsers in your computer

    • Install and regularly update anti-virus software, anti-spyware software, personal firewall and security updates for browsers to protect your computer from viruses and malicious programs.

    • Install relevant software and updates from trusted sources, e.g. Official website of software or update, authorized CDs, DVDs, Blu-ray Discs, etc.

  3. Keep your Username/Password secure and confidential at all times

    • Avoid using the same details that you use to access other services such as email, other Internet sites/ISPs, ATM PIN, or Phone Banking TIN.

    • Do not use easy to guess information as your Password, such as phone numbers, name or birthday of friends and relatives or repeated numeric combination.

    • Avoid using part of your Username as your Password.

    • Never reveal your Password to anyone (No Bank staff will ever ask for your password), e.g. If you receive anomalous email asking for sensitive account information, you must not disclose. You should report to the Bank immediately by phone if in doubt.

    • Always memorise your Password. Never write it down or reveal it to anyone. If you cannot remember the password, you should always disguise the password and keep it in a safe place separate from where you keep your Username, your computer and bank account details.

    • Change your Password regularly.

    • Please ensure that your entry of Username and password cannot be watched by someone standing around or behind you when you login.

    • For better security, we highly recommend you to adopt 8-16 alpha-numeric character set consisting of both letters and numbers, lowercase and uppercase, e.g. IcneL9305.

    • Password must not contain 3 or more consecutive identical characters, e.g. "aaa" or "111", etc.

    • Password must not contain 4 or more consecutive identical characters as part of your Password, e.g. "1234" or "abcd", etc.

  4. Do not store your Username/Password in the browsers

    • Remember to disable your auto-complete function on your browser, as this will make your Username & Password automatically available to anyone having access to your system. To turn this function off in MS Internet Explorer browser, click the Tools menu, click "Internet Options", click the "Content" tab, and click the "Autocomplete" button. Then disable the "Usernames and passwords on forms".

      Standard Chartered Online Banking
  5. Always log out your online session

    • Always log out from Standard Chartered Online Banking when you finish using the service or when you will be away from your PC.

    • Always close the browser application after logout.

    • Do not access third party websites within the same internet browser session when using Standard Chartered Online Banking.

  6. Clear your browser cache and history after each session

    • Always clear the browser cache after each session so that your account information is removed from the computer.

    • To clear browser cache:

      • For Microsoft Internet Explorer, click "Tools", "Internet Options". Choose the "General" tab and click "Delete Files" on the "Temporary Internet Files" section.

  7. Verify 2-Factor Authentication SMS and Post-Transaction SMS details

    • The Bank will send a 6-digit One Time Password (OTP) together with partial details of the transaction to your mobile phone via SMS, when you request for the following services at Standard Chartered Online Banking:

      • Registering Online Banking

      • Adding Transfer Payees

      • Adding Bill Payees (bills of Banking & Credit Cards, Credit Services, Securities Broker & Hong Kong Jockey Club)

      • Update Personal Information

    • Please verify transaction details in the SMS carefully before you input the OTP in online banking.

    • Never reveal your OTP to anyone (No Bank staff will ever ask for your password).

    • An SMS will be sent to you after completing any of the above transaction. Please check transaction details carefully.

  8. Fraudulent Email, Website and SMS

    • Please be aware of suspicious emails, websites, pop-up windows and SMS that could trick you into revealing your sensitive information, e.g. Username, Password, mobile phone number and other confidential account or credit card information. Our Bank will never ask you for such information by email or request you to input your mobile phone number during an online banking transaction. In addition, you should not access Standard Chartered Online Banking through hyperlinks embedded in emails or third party websites.

    • Please verify the source of any suspicious emails and SMS before opening them to safeguard your personal information.

    • Please beware of email scams. There have been cases where fraudsters have hacked into people's email accounts, and then sent out emails to the victim’s friends and business partners pretending to be the victim. Using the victim's email address, fraudsters have sent out requests for money to be paid into a specified account. Should you encounter such suspicious emails, please take steps to authenticate the identity of the email sender but don’t use the contact information given in the email if it is different from what you have.

  9. Verify the integrity of the website

    • Before performing online banking transactions, make sure that the Bank website you access is genuine.

    • Always login Standard Chartered Online Banking through the hyperlinks in Standard Chartered's website: when you want to perform banking transactions.

    • Do not login Standard Chartered Online Banking through hyperlinks embedded in emails or third party websites.

    • If you are using Internet Explorer: Double click the "padlock" icon at the bottom right corner of the screen to check the security certificate of Standard Chartered Online Banking.

      Security Message
      Security Message
  10. Disable the "File and Printer Sharing" feature on your Operating system

    • Disable the "File and Printer Sharing" feature of your operating system to prevent illegal control or access to your computer.

    • For Windows XP/Vista, Click "Start", "Settings", "Control Panels". Double click "Network Connections". Right click "Local Area Connection" then click "properties". Disable "File & Printer Sharing for Microsoft Networks".

      Security Message
  11. Check your account and transaction history details

    • Check your last login date and time each time you login to Standard Chartered Online Banking.

    • Check your account balances and statements regularly to identify any unusual transactions.

  12. Update your contact information

    • Always update Standard Chartered with your latest personal contact information.

  13. Malware

    • Malware is designed to steal user information by altering the look and feel of the Bank's website. It is discovered that a new malware program called "SpyEye" which targets Online Banking users' transactions, specifically with regard to payee addition.

    • If your computer has been infected with malware, you may be prompted to enter your online banking username, password and One-Time Password (OTP) ALL in one screen. The correct login method requires you to enter your username and password only. You will be required to enter the OTP that you receive via SMS only when you conduct below online transactions.

      • Registering Online Banking

      • Adding Transfer Payees

      • Adding Bill Payees (except bills under Government & Statutory Organisation and Public Utilities)

      • Adding Telegraphic Transfer Payees

      • Adding Cashier's Order Payees

      • Update Personal Information

    • If your computer has been infected with the "SpyEye" malware, you will be redirected to a page or pop-up screen. It may be stating, e.g. "We are checking your security settings. Every step can take 1-10 minutes. Please be patient and don't close or reload the page while we are checking the information", and/or, “Please wait” and/or a timer counting down to zero, etc.

    • If you encounter a message similar to the above when using Standard Chartered Online Banking, your computer is likely to be infected with the "SpyEye" malware. You are advised to close your browser immediately and inform the Bank through our customer service hotline at 852 2886 8888. You are also advised to refrain from using this computer for Online Banking until it has been checked and cleared of the malware.

  14. Man-In-The-Browser Attack

    • Please be highly aware of a recent online threat known as a Man-In-The-Browser (MITB) attack, where an attacker takes control over a customer’s connection and transmits counterfeit screens to the customer in attempt to capture and manipulate customer data.

    • A frequent MITB attack scenario involves the attacker taking control over a customer’s login session. The attacker transmits screens similar to the online banking screens requesting the customer to wait while their details are being verified. During this, the attacker would initiate a request for adding payee or updating personal information while the customer’s account is being compromised. An SMS containing a One-Time Password (OTP) is sent to the customer’s mobile phone as part of the process. More counterfeit screens are transmitted to the customer to prompt the customer to key in the OTP in order for the attacker to proceed with payee addition and/or personal information update.

    • Please do not proceed if you notice an unusual screen or message during your online banking login session.

    • Do not act on an SMS containing an OTP that you have not requested for, review your existing payee list for any unauthorized additions.

  15. Contact the Bank immediately if there are suspected access or transactions

    • If you suspect any unauthorized access or transactions, please promptly call our Customer Service Hotline at (852) 2886 8888 to immediately terminate your Standard Chartered Online Banking access and any other access channels to your accounts such as ATM. Please also provide details of the unauthorized transactions.