Two-factor Authentication
| General Enquiry | |
| 1. | What is two-factor authentication? |
| A: |
Two-factor authentication uses two different factors namely, "something you have" (e.g. mobile phones, security tokens) and together with "something you know" (e.g. password), to authenticate a user identity. Your physical possession (such as Digital Certificate or mobile phone) is difficult to be stolen on the Internet. Therefore, conducting high-risk transactions online using two-factor authentication offers a better protection. |
| 2. | How does the Bank support the use of two-factor authentication? |
| A: |
The Bank currently supports Digital Certificate and SMS-based one-time password ("OTP") as the method for two-factor authentication. |
| 3. | What types of Internet Banking Services require two-factor authentication? |
| A: |
The following transactions are considered high risk and require two-factor authentication:
|
| 4. | Does the Bank charge the customers for using two-factor authentication? |
| A: |
No. This service is free for charge. |
| 5. | Can I cancel the registered two-factor authentication service? |
| A: |
Yes. You can simply call (852) 3768 6800 to cancel any registered two-factor authentication service. |
| 6. | If any of my two-factor authentication tools is stolen or lost, what should I do? |
| A: |
You should immediately report to the relevant association and call (852) 3768 6800 to cancel any registered two-factor authentication service. |
| SMS-Based One-Time Password | |
| 1. | What is SMS-Based One-Time Password ("OTP")? |
| A: |
SMS-Based One-Time Password ("OTP") is a password sent by the Bank to your registered mobile phone number to strengthen the authentication of your identity. After being generated, each OTP can only be used once and will expire in 100 seconds. |
| 2. | How do I register OTP service? |
| A: |
You can register OTP service using any of the option below: Internet Banking Services (Applicable to "Single Authority" only)
|
| 3. | Is there any service charge to use OTP service? |
| A: |
OTP service is free of charge if you are using the service in Hong Kong. However, your mobile phone service provider may levy charges on international SMS. You are advised to consult your mobile phone service provider for details. |
| 4. | Can I receive OTP overseas? |
| A: |
The Bank will send you OTP regardless where you are. However, your mobile phone service provider may not allow you to receive OTP (in SMS format) overseas. You are advised to consult your mobile phone service provider for details. |
| 5. | Why do I receive a SMS with strange characters? |
| A: |
If you are using the Chinese language version of Internet Banking Services, an OTP with Chinese characters will be sent to your mobile phone. Strange characters may appear if your handset does not support Chinese characters. For details, you may contact your mobile phone service provider or refer to the user manual of your handset. |
| 6. | In case my mobile phone were stolen or lost, what should I do? |
| A: |
You should call our hotline (852) 3768 6800 to suspend the SMS OTP service immediately. |
| Digital Certificate | |
| 1. | What is Digital Certificate? |
| A: |
Digital Certificate is a tool for authenticating the identity of the certificate holder. Please visit http://www.hongkongpost.gov.hk for details. |
| 2. | Which types of Digital Certificate does the Bank support? |
| A: |
The Bank currently supports the following Digital Certificates:
|
| 3. | Is there any charge in using Digital Certificate? |
| A: |
The Bank does not charge our customers in using Digital Certificate. However, your certification authority may levy charges on the usage of Digital Certificate. |
| 4. | How do I register Digital Certificate service with the Bank? |
| A: |
You can register online after logon to Internet Banking Services. |
| 5. | What should I do when the Digital Certificate expired or revoked? |
| A: |
Expired or revoked Digital Certificate cannot be used in Internet Banking Services. You should renew a valid Digital Certificate with the Certification Authority and register again through Internet Banking Services. |
| 6. | In case my Digital Certificate were stolen or lost, what should I do? |
| A: |
You should call our hotline (852) 3768 6800 to suspend the Digital Certificate service immediately. You should also report the stolen or lost case to the certification authority. |
| 7. | What hardware or software is required to use the Bank's Digital Certificate Service? |
| A: |
Hardware Software Hongkong Post provides its Digital Certificate management software. For details, please visit http://www.hongkongpost.gov.hk/product/download/ctlmgr/index_c.html or http://www.hongkongpost.gov.hk/. |
| Security Device for Digital Certificate | |
| 1. | What security device does the Bank support? |
| A: |
The Bank currently supports HongKong SmartID Card, Axalto SmartCard, and Axalto e-gate token. For detail, please refer to http://www.hongkongpost.gov.hk/product/eproduct. |
| 2. | Why I cannot see any instruction on the registration page for Digital Certificate registration? |
| A: |
You need to install and enable Sun Java Virtual Machine (JVM) version 1.5 or above in your computer to proceed with Digital Certificate registration or other high-risk transactions. |
| 3. | Why I cannot choose the desired Digital Certificate device from the list when using Digital Certificate service? |
| A: |
To select the desired Digital Certificate device, you need to install the device properly. Since the installation method of each device differs from each other, please ensure you have installed the software on your computer correctly as instructed in the installation manual. |
| 4. | When should I input my Digital Certificate device password? |
| A: |
You need to input your device password for validation when you plug in and access the Digital Certificate device.For security reason, you are recommended to remove your device after each high-risk transaction. |
Customer Services Hotline:
