To provide you safe and secure e-Banking services, Hang Seng Bank has implemented the following security measures.
On top of your User Name, you will need your First Password and three random characters from your Second Password to log on Personal e-Banking. The dual-password authentication reduces the chance that hackers or attackers capture your Second Password in full.
If you have a Security Device, you may choose to log on with your First Password and the Security Code generated by the Security Device.
The Security Device protects your information and transactions in Personal e-Banking with two-factor Authentication. This small and portable device can generate one-time Security Codes for verification purposes when you perform the designated transactions.
To meet the Hong Kong Monetary Authority guidelines on internet banking security, you will receive a mandatory SMS notification when you have completed the following transaction in Personal e-Banking:
- Transfers to non-registered 3rd-party accounts
- Bill payment to payee under “e-merchants” category
To conduct the above transactions, you must have your mobile number registered in our record. Please note such SMS message will not be forwarded even if you have subscribed to an 'SMS Forwarding' service provided by telecommunications service providers in Hong Kong.
To review and update your registered mobile number, please visit “Customer Services > Account Maintenance > Personal Particulars” after logging in to Personal e-Banking.
Pre-registration on Bill Payment
If you want to make bill payments to payees under the category of Banking and Credit Card Services, Brokers, Other Financial Institutions and Sports and Leisure, you will require pre-registration at branches.
Secure Session and Encryption
You will notice the URL address begins with “https” when you have established a secure session with Hang Seng Personal e-Banking. Most desktop browsers will display “HANG SENG BANK LTD” either on the URL address bar or near the top of the browser to indicate you are accessing genuine Personal e-Banking service.
If a session is unattended / inactive for a certain period, it will be terminated automatically to prevent unauthorised access to your bank account.