Courtesy really costs nothing? If a bank client offers any gifts or money to a bank officer for obtaining improper assistance or allowance when using or applying for bank services, the bank client may commit a bribery offence.
Reminder: Bank officers must comply with designated procedures and guidelines. Offering them gifts would only cause trouble and generate corruption suspicions. If you want to express your appreciation for their good service, just give them a heartfelt compliment! |
It is fine to cross the line? If anyone submits fabricated documents to a bank for getting through the application procedures, he might be liable for a fraud offence. In case an advantage is offered to a bank officer for his help in covering up the scam, the offeror might also commit a bribery offence.
Reminder: True and accurate documents must be submitted when applying for bank services for speedy and smooth approval. Banks would determine the authenticity of documents. Fraudulent means or bribery would only bring regrets! |
Better to believe so? The ICAC will never ask a member of the public to open a bank account; or to transfer or pay money for asset clearance or investigation purpose. If someone asks you to remit money or provide bank account password for an ICAC investigation, it must be done by con men posing as ICAC officers.
Reminder: Beware of con men posing as ICAC officers! If you encounter any similar situations or have any queries, call the ICAC 24-hour Report Corruption Hotline (852) 25 266 366 immediately. |
|
|
Phishing is a cybercrime that fraudsters try to lure you into providing sensitive data such as personal information, bank account / credit card details, and login credentials, etc. The common way to do so is asking you to click on a hyperlink, scan a QR code, or open an attachment embedded in email, SMS or instant message, and the fraudsters can use the information provided by you to access your bank accounts and conduct unauthorized transactions.
China CITIC Bank International Limited (“the Bank” or “we”) would never send any SMS or emails with embedded hyperlinks, QR codes or attachments which direct customers to our websites or Apps to carry out transactions. We would not request customers to share their login credentials and / or sensitive personal information, e.g. credit card details, login passwords, PIN or OTP, etc. by phone, email or SMS (including via embedded hyperlinks).
To step up customer account security, starting from 28 January 2024, we have implemented the SMS Sender Registration Scheme (the “Scheme”) set up by the Office of the Communications Authority; SMS messages from the bank would carry one of the following registered SMS Sender IDs:
- #CNCBI
- #CNCBI_INFO
- #CNCBI_TXN
However that the Scheme is not applicable to:
- SMS messages of which customers are expected to reply to the bank via phone numbers
- Local subscribers of single-card-multiple-numbers/one-card-two-numbers mobile service provided by non-Hong Kong operators.
Stay vigilant when receiving SMS messages with sender IDs not having the prefix "#", especially when such messages are sent from an unknown sender. Never disclose to unidentified senders any personal information, bank account numbers or credit card details such as online banking login credentials, transfer money or access websites via any hyperlink in SMS messages. |
|
Never click the hyperlink, URL or scan a QR Code in the SMS or email to login to the Bank’s i-banking, Business Internet Banking service, Corporate Online Banking service, inMotion, inVest, FX Go or any other electronic/mobile banking applications/platforms made available by the Bank from time to time (thereafter collectively as “Internet banking services”). |
|
Never reveal your sensitive personal information such as credit card details (including card number, expiry date and CVV), login credentials or OTP to anyone or websites of unknown sources. Fraudsters may claim themselves as courier companies, telecommunication companies, rewards club companies or government bodies to deceive you into providing the aforementioned information. |
|
Never click on hyperlinks or install attachments from suspicious SMS, emails, webpages, social media pages/posts or unknown sources. |
|
Contact us to verify the SMS, email or caller authenticity via other channels (e.g. our customer service hotline published on website) if you have any queries. |
|
Visit our official website at www.cncbinternational.com/en and only download and install Apps provided by trusted and verified developers from official Apps stores. |
|
Authenticate the identity of the caller or sender’s domain. |
|
Do not register other people's fingerprints or appearance as part of the Touch ID or Face ID of your mobile device. |
|
Please refer to the website for details.
|
|
|
A stooge account is either set up with false paperwork using a stolen or manipulated identity, or belongs to a legitimate customer who has allowed criminals to use their account. Criminals often target vulnerable people, i.e. those financially struggling, by tempting them with cash to permit access to their accounts.
Through telemarketing or social media platforms, criminal syndicates would offer the benefit of making quick money and lure the public into selling or lending their bank accounts, or use their personal credentials to open bank accounts. The syndicate will then use these "stooge accounts" (i.e. the accounts which is held by the account holder but manipulated by the culprit) to receive/launder fraudulent payments or other crime proceeds. |
|
Never sell or lend the bank accounts/ personal credentials to others as these might be abused for unlawful purposes. Account holders should have the responsibility to understand the source of every single transaction credited into their accounts. Otherwise, they may expose themselves to the risk of committing the offence of money laundering of which the maximum penalty is a fine of HKD 5 million and imprisonment for 14 years. |
|
Trojan Horse Program could capture your PC screen, logging keystrokes history or at the runtime, and remote control your computer or mobile devices (smartphones or tablets) (thereafter collectively as “Devices”). It steals information like your Login ID, passwords, SMS OTP or other personal data to proceed fraudulent or unauthorized transactions with your bank accounts. If you found any unusual circumstance when using the Bank’s Internet banking services, please immediately contact us and should also stop inputting any password or transaction. |
Spyware is a malicious program that is installed on the Devices without user's acknowledgement or consent, with a threat to information leakage. This program often comes from the hidden components of "free program".
Such software claims to accelerate your internet speed and protect your Devices from email virus. Once you have installed such software on your Devices, user's information and internet activities will be redirected to unauthorized organizations that allow them to store and analyze your internet activities/ information. |
To further protect your e-banking security, access to inMotion, inVest, FX Go and CNCBI Token would be suspended if potential risks had been detected on your device.
Potential risks may include: |
|
Malware apps and/or apps from unofficial sources were installed on your device; and |
|
Mobile apps which have requested for excessive permission settings (e.g. screen sharing, screen mirroring or remote control function) |
|
|
If your access to inMotion is suspended, you should: |
|
Turn off the accessibility settings of the installed apps on your device |
|
Disabled the USB debugging in developer mode of Setting |
|
Delete or uninstall suspicious apps on your device |
|
|
In addition, Android device users will also use the secure keyboard provided by the Bank when entering their passwords on inMotion. |
|
Install mobile security, anti-virus or anti-spyware software programs onto your Devices from authorized stores before you download other programs in your Devices. |
|
Only download and install Apps provided by trusted and verified developers from official Apps stores. If you see a prompt asking you to install an “APK”, or a new keyboard, do not install it unless you are completely sure it is safe. |
|
Do not download any freeware version of software onto the Devices that will be used to access the Bank’s Internet banking services. |
|
Do not download any Point-to-Point (P2P) sharing software (e.g. WinMX, Foxy, BitTorrent…etc ) onto the Devices that will be used to access the Bank’s Internet banking services. |
|
Do not install Internet Accelerator program. |
|
Do not visit the Bank’s website while there is any software that has the ability to monitor the current internet session of your Devices and uninstall any suspicious software that has the ability to track your internet sessions. If you suspected that your Devices, which had been used to access the Bank’s Internet banking services, may have been affected by malware, please report to the Bank immediately. If possible, turn off the affected device and use another device to contact the Bank. |
|
Regularly update your anti-virus/ anti-spyware software to ensure that your Devices is installed with the latest version. |
|
Do not browse suspicious websites or click on the hyperlinks and attachments in suspicious emails, instant message, SMS messages, webpages or social media pages/posts. |
|
Evaluate Apps' requested permissions and accessibility carefully before installation; and maintain proper configuration of mobile devices (e.g. disallow installation of Apps from unknown source, etc.). Be aware of what permissions you grant apps during installation, especially if they are sensitive such as “notifications”, “accessibility” or “send/view SMS” in Android. Do not give unnecessary permissions. |
|
Avoid using any public/shared computers or devices such as those located at cyber cafes or public libraries |
|
Avoid using public Wi-Fi to access internet/ mobile banking services. |
|
Regularly update your operating system, mobile applications and browser to ensure that your Devices is installed with the latest version. |
|
There are some fraudulent websites or mobile application created by Internet fraudsters that mimics the look of a particular bank's website to capture your login credentials and / or sensitive personal information such as Login ID, passwords, other personal information or transaction details etc. Some of them will attract people to their sites through scam emails. Therefore, it is crucial to make sure that you are connecting with a genuine website of the Bank. |
|
Do not access the Bank’s website and Internet banking services, or provide your personal information through any hyperlinks, QR code embedded in email, pop up window and search engine. |
|
You should use mobile application (App) installed in your Devices or entering the bank’s website address in the browser of your Devices directly to access the Bank’s Internet banking services. |
|
Check the security certificate of the Internet banking services website that was issued to ‘ibanking.cncbinternational.com’ for Personal Internet Banking or Business Internet Banking and ‘corponline.cncbinternational.com’ for Corporate Online Banking. You can retrieve the security certificate of the website by clicking the "padlock" icon in the address bar of the browser. |
|
Minimum system requirements: Google Chrome 120.0.6099.130 browser version or above; Firefox 27 browser version or above; Safari 7 browser version or above. |
|
For Windows 7 or above, please choose "Network and Internet" in “Control Panel”, click "Internet Options" and go to the tab "Advanced". Under the item "Security", make sure TLS 1.2 (or above version) are all activated. |
|
Please take note that the Bank observes a well-adopted practice of not seeking sensitive personal information (including i-banking login ID, login passwords or one-time passwords) through phone calls, voice messages, SMS/instant messages or emails. Fraudsters may make bogus phone calls, voice messages, SMS/instant messages and emails purported to be from the Bank in which most of them appear to come from a lawful source. Such communications may trick recipients, including citing irregularities regarding the customer’s transactions or accounts, to reveal their personal information such as login ID, passwords, credit card numbers, bank account numbers, one-time passwords, etc., or even inviting them to visit fraudulent website, call a bogus bank hotline number or contact an operator for account authentication requesting for provision of such information. They may also pose as invitations to group chats about investment and/or banking products, or requests for third-party software downloads or fund transfers.
In cases of voice message phone calls, SMS/instant messages or email scam, the fraudsters could hack into the victim's computers, mobile phones, mobile devices or email account, checked the victim's business correspondence with business partners. They send voice message phone calls, SMS/instant messages or email to the victim using the same or similar contact or email account of his business partner and claim that the payment bank account had been changed and further request the victim to deposit the payment for goods into the fraudster's designated bank account or require customers to provide Internet banking login credentials or sensitive personal information (including Login ID, passwords or one-time passwords). If you receive any suspicious voice message phone calls, SMS/instant messages or emails, you should confirm the identity of the purported business partners or the authenticity of the requests by means of telephone before remittance so as to prevent from being deceived. |
|
Beware that the Bank will not make phone calls, or send voice messages, SMS/instant messages or emails to customers requesting for the account and personal information such as login ID, login passwords, HKID number, one-time passwords, address, etc. |
|
Beware that the Bank will not send SMS/instant messages or emails to customers with embedded hyperlink or QR code which redirects to its Internet banking services. |
|
Do not disclose your sensitive personal and account information via phone calls, voice messages, SMS/instant messages or email messages. |
|
Never follow a link within SMS/instant messages or emails to logon the Bank’s Internet banking services. |
|
Unsolicited phone calls, voice messages, SMS/instant messages or emails from individuals purporting to be affiliated with the Bank proposing a private business opportunity or seeking cash transfers or account details should be ignored or reported to the Bank. |
|
If in doubt about any phone calls, voice messages, SMS/instant messages, emails or other communication that you receive which purports to be from the Bank or anyone affiliated with the Bank, please contact the Bank. |
|
We employ one of the highest levels of security to protect customer's accounts and personal data. |
|
All information transmitted via the Bank’s Internet banking services is protected by Transport Layer Security (TLS) 1.2 256-bit encryption which could prevent unauthorized users from reading the information. |
|
|
The only way to access your account via the Bank’s Internet banking services is to enter a correct Login ID and Password. Each Login ID is unique and multiple user logins are not allowed. |
|
Following the 4th consecutive login failure caused by incorrect password, online access of the Bank’s Internet banking services account will be suspended instantaneously. |
|
|
CNCBI Token, SMS OTP and Device binding are the 2nd factor used for identity authentication for transactions on inMotion/Personal i-Banking/inVest/Business i-Banking. |
|
For certain high-risk transactions, you are required to input the security code in order to strengthen transaction security. |
|
|
To prevent any unauthorized access, the Bank’s Internet banking services will be automatically logoff after a period of inactivity. |
|
|
To ensure highest internet security, we will provide you with Last Logon Information (last successful logon date & time) once you have logged on the Bank’s Internet banking services. |
|
In case of improper logout (e.g. close the browser directly without clicking the "Logoff" button/ Internet disconnection while visiting Internet bank services’ website, etc), an alert message will be displayed in Internet banking service’ welcome page to alert user that he has not logout Internet banking service properly last time. |
|
|
In order to improve our Internet banking services to you, the Bank may use cookies and/or other similar files or programs which may place certain information on your computer’s hard drive or on your mobile device when you visit our website or use inMotion, inVest or FX Go. |
|
The Bank is committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements of Personal Data (Privacy) Ordinance with respect to the management of personal data. To find out more about the use of cookies and the information-collecting practices, please read the Bank’s Privacy Policy Statement. |
|
To ensure highest security while using the Bank’s Internet banking services, customers are recommended to take a number of safeguard measures for their own protection. At the same time, customer should be acknowledged about the risks associated with authentication factors such as biometric authentication, CNCBI Token and device binding.
Risk you should know about using biometric authentication login service.
- Biometric authentication relies on unique physical characteristics like fingerprints and facial recognition. Risks include but not limited to
1) Possibility of false positives: Unauthorized individuals gain access.
2) Data leaks: Biometric data can also be stolen or compromised if not properly secured.
Risk you should know about using CNCBI Token & Device binding.
- CNCBI Token and Device binding require the use of specific devices or applications.
The loss or theft may provide a way for attackers to access the user’ account or initiate fraudulent transactions.
|
|
Recommend to use a combination of numbers, upper and lower case letters for your login ID or password. Avoid using repetitive or consecutive digits in your password. |
|
Avoid using an easy-to-guess password. Do not associate your password with your personal data, such as your login ID, name, birthday or phone numbers. |
|
Make it a habit to change your password periodically. We recommend our customer to change the password at least once every 3-6 months. |
|
Keep your login ID and password confidential at all times and never disclose to any person or web site that you do not know or cannot verify. Memorize your password and try not to write your password down anywhere. |
|
Avoid using the same details that you use to access other services (e.g. ATM PIN, Phone Banking PIN, Email, etc.) to access the Bank’s Internet banking services. |
|
Do not store your login ID or password in the browsers, in the computers or mobile device in plain sight. |
|
Always log off properly when you finished using the Bank’s Internet banking services |
|
Destroy the original printed copy of the password (if any). |
|
Do not allow anyone else to use your login ID or password. |
|
|
Install and update personal firewall and/or latest security application, mobile security software, anti-virus application and anti-spyware application regularly on your Devices from a trusted source. |
|
Keep and safeguard your Devices properly and avoid sharing with others. |
|
Avoid using any public/shared computers or devices such as those located at cyber cafes or public libraries |
|
Ensure your entry of login ID, passwords, PINs or one-time password are not watched by someone standing around or behind you. |
|
Do not store or keep sensitive information such as your passwords, account numbers, PINs etc. in your Devices. |
|
Set a passcode for your Devices that is difficult to guess and activate the auto-lock function. Do not disclose the passcode of your Devices to anyone. |
|
Don't use any Devices with any pirated hacked, fake and/or unauthorized applications or in which the software lockdown has been overridden or root access to its software operating system has been obtained (such as, but without limitation, a "jailbroken" or a "rooted" mobile devices). |
|
Download and install mobile applications (e.g. inMotion / inVest / FX Go etc.) from Apple App Store, Google Play, Huawei AppGallery or Baidu App Search. |
|
Use encrypted or trusted Wi-Fi networks or service providers. Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) not in use and remove any unnecessary Wi-Fi connection settings. |
|
Do not leave your Devices unattended. Always log off properly when you finished using. |
|
Make sure you are using the latest versions of OS, browsers and applications of your mobile devices. Enable the auto-update feature to obtain and apply security patches regularly from trusted sources. |
|
Carefully read and evaluate permission requests from apps and websites before installation. |
|
Check and maintain proper configuration of mobile devices, including but not limited to disallowing installation of Apps from unknown source. |
|
|
Always use the "Logout" button to exit instead of closing the window or mobile application directly when you finish using the Bank’s Internet banking services. |
|
• Always check the date and time of your last visit to our Internet banking services. |
|
Do not leave your Devices unattended before logout Internet banking services. |
|
Please ensure that your entry of Login ID and Password cannot be watched by someone standing around or behind you when you login. |
|
Check your account balances and statements regularly to identify any unusual transactions. |
|
Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information). |
|
Check the Bank’s SMS message / email / notifications in a timely manner and verify your transaction records. Contact the Bank to update your contact information record immediately if there is any change such that important notifications can be delivered to you timely. |
|
Please use your own personal email address and mobile phone number as the notification channels for Internet banking services and do not use the same email address or mobile phone number with others. |
|
Set a reasonable transfer limit; only requests to increase the transfer limit when it is needed. |
|
|
Do not register other people's fingerprints or appearance as part of the Touch ID or Face ID of your mobile device. |
|
Do not disable the “Require Attention for Face ID” function in your mobile device settings. If it has been disabled, do not use Face ID for this Service. |
|
It is not recommended to use Face ID for this Service if you have a twin sibling or siblings who look very alike as your siblings may be able to access to this Service using Face ID. |
|
It is not recommended to use Face ID for this Service if you are in puberty stage or your facial features may be undergoing a rapid stage of development as you may not be able to access to this Service using Face ID. |
|
Once the Service is activated, any registered fingerprint(s) / Face ID of the device can be used as an authentication mean to login inMotion / inVest/ FX Go. |
|
Do not disclose the passcode of your mobile device to anyone. |
|
When you change to a new mobile device, activate the Service on your new mobile device. The Service will be deactivated automatically on your previous mobile device. |
|
Keep your mobile device properly and lock it with relatively complicated passcode. |
|
Access the function in a secure place to prevent from exposing the account information to others, especially when using this Service in public area. |
|
If you lose your mobile device with this activated Service, please contact us and deactivate the Service immediately. |
|
|
Ensure the accuracy of the registered information (including the mobile phone number registered for SMS OTP authentication) from time to time. Contact the bank to update immediately if you have changed your mobile phone number. |
|
Ensure your mobile phone is switched on with satisfactory connection status and sufficient memory to receive SMS when receiving OTP. Please make sure your mobile phone has turned off SMS forwarding function when receiving the SMS One Time Password. |
|
Do not disclose the SMS OTP to anyone |
|
Verify the SMS OTP ID showing on Internet banking and your mobile phone for ensuring the transaction operating before entering the SMS OTP. |
|
Check the bank SMS message in a timely manner and verify your transaction records. If you have any doubt on the SMS received, contact us immediately and should stop inputting any password or transaction. |
|
|
Please download and install the WeChat Application provided by trusted and verified developers from official Apps stores. |
|
Never use WeChat Pay in a mobile device with any pirated hacked, fake and/or unauthorized applications or in which the software lockdown has been overridden or root access to its software operating system has been obtained (such as, but without limitation, a "jailbroken" or a "rooted" mobile device). |
|
Please make sure you are using supported versions of OS and applications of your mobile devices. Enable the auto-update feature to obtain and apply security patches regularly from trusted sources. |
|
Set your WeChat Pay payment password that is difficult to guess and do not disclose such payment password to anyone. |
|
To prevent unauthorized access to your WeChat wallet, do not leave your mobile device unattended. Always log off properly when you are finished making WeChat Pay payment. |
|
Log in to your WeChat account via another mobile phone or device and initiate the unbinding in case of loss of mobile devices. |
|
|
Upon receipt of the "Security Device", please login to Internet banking immediately and follow our instructions to activate the "Security Device". |
|
Customers are required to input specific transaction information (e.g. un-registered account number) into the "Security Device" to generate a one-time Security Code for designated transactions. |
|
Please keep your "Security Device" in a safe and secure place. You should not allow anyone to use your "Security Device" or leave it unattended. |
|
Never reveal the secure code generated from the Security Device |
|
|
Please download the FREE CNCBI Token Application from Apple App Store, Google Play or Huawei AppGallery. |
|
Don't install apps on your mobile devices from mistrusted sources. |
|
Use default browsers originally provided by the mobile devices rather than newly installed browsers downloaded from other sources. |
|
Don't store your CNCBI Token password, Internet banking Login ID and Password on your mobile devices |
|
Don't disclose or forward your SMS OTP for CNCBI Token activation / push notification / CNCBI Token password to anyone. |
|
Avoid sharing your mobile device with others and use your own mobile device to register CNCBI Token. |
|
Don't leave your mobile device unattended after logon to this app. |
|
Always quit the app when you are finished CNCBI Token transactions with it. |
|
|
Don't store your security code on your mobile devices. |
|
Don't disclose or forward your security code to anyone. |
|
Avoid sharing your mobile device with others or use others’ mobile device to activate device binding and security code. |
|
Verify the transaction incurred before approval the instruction or entering the security code. |
|
Don't share your log-in credentials and disclose/forward your SMS OTP to anyone. |
|
|
Avoid using repetitive or consecutive digits in your password. |
|
Avoid using an easy-to-guess password. Do not associate your password with your personal data, such as your login ID, birthday or phone numbers. |
|
Change your password periodically or at least once every 3 to 6 months. |
|
Keep your login ID and password confidential at all times and never disclose to any person or web site that you do not know or cannot verify. Memorise your password and try not to write your password down anywhere. |
|
Avoid using the same details that you use to access other services (e.g. ATM PIN, Internet Banking PIN, email, etc.) for access to the Bank’s Phone banking services. |
|
Do not store your login ID or password in the browsers, in the computers or mobile device in plain sight. |
|
Destroy the original printed copy of the password (if any). |
|
Do not allow anyone else to use your login ID or password. |
|
Notify the Bank as soon as practicable when you identify unusual or suspicious transactions on your account. |
|
Inform the Bank as soon as reasonably practicable when you find or believe that your login ID or password for accessing the Phone banking services have been compromised, lost or stolen. |
|
Ensure that your contact details registered with the Bank for the purpose of receiving important notifications from the Bank are up-to-date to allow relevant notifications to be delivered to you on a timely basis. |
|
If you find: |
|
any unusual, suspicious or unauthorized activities/ transactions in relation to your Internet banking service; or |
|
your password or PIN is compromised, lost or stolen; or |
|
your security device, computer, mobile devices used to access your Internet banking service is compromised, lost or stolen; |
Please contact our customer hotline at (852) 2287-6767, or visit the nearest CNCBI branch immediately. |
|
You are reminded to take security measures as recommended by the Bank from time to time. You shall be liable for all losses if you have acted fraudulently. You may also be held liable for all losses if you have acted with gross negligence (such as knowingly allow your Device, PIN or password to be used by others); or failed to inform the Bank as soon as reasonably practicable after you find or believe that any unauthorized transactions have been conducted over your account(s), or that your Device, PIN or password for accessing the Internet banking services have been compromised, lost or stolen. Please be noted that this may apply if you fail to follow the safeguards as advised by the Bank from time to time if such failure has caused the losses.
However, unless you act fraudulently or with gross negligence such as failing to safeguard your Device, PIN or password for accessing the Internet banking service, you shall not be responsible for any direct loss induced. If you have any enquiries on any dispute transactions or any complaints, you may call our customer hotline at (852) 2287-6767 for further investigation and handling.
Hong Kong Monetary Authority encourages the public to study the following public educational materials and security tips on e-banking services:
https://www.hkma.gov.hk/eng/key-functions/banking-stability/consumer-corner/strengthening-financial-consumer-protection/consumer-education-programme/ |
|
|
Be served by our professional staff at our branches, or opt for self-service banking via our automated channels — the choice is yours.
Tap into the vast resources and network of our parent bank China CITIC Bank and our ultimate shareholder, CITIC Group Corporation.
Essential links
| | |