home about us security information customer services
tradital version simplified version english version text size small medium large

Home

Security Information
 
If you wish to browse the internet and use the convenient online credit card services safely, please pay attention to the following security measures while surfing the net and using the electronic financial services:

Preventing online frauds
Using 'Online Services'
Protecting your computer
"SMS Alert" service
Two-factor Authentication Devices

 
Preventing online frauds
 
 
Fake websites
 
Customers are reminded to be vigilant of any fraudulent websites which seek to pass off as www.boci.com.hk
Do not disclose your online account or personal information unless you are completely sure that you are connected to www.boci.com.hk
Do not open e-mails from unknown sources or follow any suspicious URL links in the emails. Do not enter into suspicious websites.
You should type in the web address of BOC Credit Card (International) Ltd ("Card Company") (www.boci.com.hk) into the browser address bar.
   
Phishing emails
 
Beware of fraudulent emails that pretend to be sent from the Card Company. Inform us immediately if you receive any fraudulent emails under our company name.
Do not open emails or email attachments from unknown sources. Do not reply to suspicious emails, follow the URL links or disclose any sensitive information.
Under no circumstances will the Card Company send you any emails to inquire or confirm with you your personal information including but not limited to your credit card account number, online account password, account balance, HKID card number or passport number.

If you wish to verify the genuineness of the URL links or any other websites attached in the emails sent from the Card Company, you only need to check whether the domain of the URL or other websites belong either to:

www.boci.com.hk - BOC Credit Card, or
www.bochk.com - Bank of China (Hong Kong)
 
Using 'Online Services'
 
 
Online Services provides various security measures to protect your financial information:
 
Personal password - Whenever you log in to the Online Services, you have to input the correct user name and password.
Changing password reminder - We suggest you change your password on a regular basis. If it remains unchanged for more than 90 days, Online Services will send you a reminder automatically.
Secure Socket Layer (SSL) 128 digit cryptography - We adopt the internationally recognised standard, SSL cryptography, by which the information transmitted between the Online Services and you will be encrypted to ensure information security.
Automatic disconnection for prolonged inactivity - In order to protect your interests, your online access to Online Services will be disconnected automatically after prolonged inactivity. In such a case, you may use the service again by re-entering your user name and password.
Service suspension upon incorrect password input ,your online account will be suspended instantly if there are five consecutive login attempts with incorrect passwords. You then have to contact our customer service officer to reactivate your online account by calling our 24-hour customer service hotline at (852) 2853 8828.
Every time when you login to the Online Services, the system will show your last login and logout record. You should check the details carefully, and inform us at once in case of any discrepancies.

Certificate - Check the validity of the certificate by the following methods to verify if you have correctly linked to the Online Services:

Internet Explorer

  1. Click the "security lock icon" at the bottom right corner
  2. Check if the following certificate is within a valid date and the information below is displayed:
 
24 hour system monitoring
   
We strongly suggest you adopt the following measures to ensure safety when using the online financial service¡G
 

Properly set up and keep your personal password:

  1. Create a password with more than 6 characters containing a combination of both random letters and numbers.
  2. Do not use easy-to-guess numbers or words as your password, such as your birthday, ID card numbers, telephone numbers, names or other personal information that can be easily accessed.
  3. You should avoid using your online services password as your password for other services such as your online account, bank account, emails etc.
  4. Do not disclose your Online Services or other online financial service password to anyone (including card center and bank staff and police).
  5. Please memorise the password. If you write down the password, please keep it in a safe place away from the User ID and account number.
  6. Change your password regularly. For the sake of your information security, if your password has not been changed for more than 90 days, our system will remind you automatically.
  7. If you suspect your password has been disclosed, please inform us immediately.
Do not share your account with other people.
Do not access Online Services from a shared computer in public (such as cyber cafe, internet bar, libraries, etc.)
Remember to keep your transaction records. When you have completed your online transaction, note down the reference numbers or transaction numbers. You can also make a print copy or save it as a file for future reference.
You can click the lock or the key below the browser to check the certificate to ensure that you are connected to the Online Services.
Do not use links embedded in emails to access Online Services.
Close other browser windows before accessing Online Services.
Do not leave your computer unattended before logging off from the online banking service. Every time when you finish using the Online Services, you must click the 'Logoff' button to exit the system.
Remember to turn off the "automatic completion" of your browser and the "file and print share" function of your Windows to prevent others from retrieving your personal information, including password, via the network or public computers that can get access to the online banking service.
 
Protecting your computer
 
 
You may consider to adopt the following measures to protect your personal computer¡G
 
Avoid letting other people use your personal computer. You should set your personal password for your personal computer if needed.
Install a firewall system and anti-virus software.
Regularly download and install updates and patches for your anti-virus software, computer operation system and browser.
Do not use computer software or programmes that are illegal, unreliable or from a suspicious source.
Keep safely all the devices for accessing the online financial service, such as ATM card, smart card with digital certificate, other storage media, PIN etc.
Consider using cryptography to protect sensitive data before transmitting it through a public network or the internet.
Have your system and data backed up regularly and kept properly. The safest and the most effective way to recover your lost data is with back up files.
Perform transactions with renowned or reliable online stores only.
Heed all security hints provided by this website regularly.
   
 
"SMS Alert" service
 
 
  To better protect customers, BOC Credit Card provides them with a free "SMS Alert" service. Whenever your credit card is used, our alert system will immediately evaluate the related transaction. A SMS message will be sent to the main cardholder's cell phone if deemed appropriate. If you cannot recognize the transaction as your own, please immediately call our 24-hour customer service hotline: 2853 8828. If you wish to amend your mobile number on record with us or wish to register for this service using a new mobile number or wish to unsubscribe to this service, please also call hotline: 2853 8828.
   
 
Two-factor Authentication Devices
 
 
 

BOC Credit Card provides ¡§Security Device¡¨ and SMS-based One-time Password (OTP) for enhancing identity verification through a two-factor authentication process when you conduct ¡§Designated Transactions¡¨ through ¡§Online Services¡¨. If you use a two-factor authentication tool, please note the following items:

¡§Security Device¡¨

To further enhance the security of online transactions, from 18th November 2012 onwards ¡§Online Services¡¨ adopts the use of a two-factor authentication Security Device.

  • Effective from 18th November 2012, you can apply for a ¡§Security Device¡¨ via ¡§Online Services¡¨. The requested item will be sent by post to your correspondence address registered with BOC Credit Card (International) Limited (¡§The Company¡¨).
  • You are required to activate the two-factor authentication function online before applying for a ¡§Security Device¡¨. Please click here download the application form for registration.
  • Upon receipt of the ¡§Security Device¡¨, please log onto the¡§Online Services¡¨immediately and follow our online instructions to activate the ¡§Security Device¡¨.
  • Customers are not required to install extra software/driver or to enter any one-time password generated by a third party.
  • Customers can choose to log onto the ¡§Online Services¡¨ by entering a one-time Security Code generated by the ¡§Security Device¡¨ to enjoy extra protection for the Online Services.
  • You are required to enter specific transaction information (e.g. registered account number) into the ¡§Security Device¡¨ to generate a one-time Transaction Confirmation Code for Designated Transactions.
  • Please keep your¡§Security Device¡¨in a safe and secure place. You should not allow anyone to use your¡§Security Device¡¨or leave it unattended. If your¡§Security Device¡¨is lost or damaged, please contact our 24-hour Customer Services Hotline at (852)2853 8828.
  • Effect from the 2nd December 2012, ¡§Online Services¡¨ will adopt the ¡§Security Device¡¨ as a two-factor authentication tool to replace the¡§SMS-based One-time Password (OTP)¡¨.

How does the ¡§Security Device¡¨ work?

  • Each ¡§Security Device¡¨ contains a unique serial number, internal information and a clock. Once the ¡§Security Device¡¨ is activated, the internal clock will synchronize with our system. When you press the button on the ¡§Security Device¡¨, a one-time Security Code will be generated according to the information and clock inside the device. The Code, for verifying the identity of customers, is valid within a short time interval. If the time allowed for the entry of the Security Code expires, you have to press the button again to generate another Security Code.

Is there any charge for the ¡§Security Device¡¨?

  • The ¡§Security Device¡¨ is provided free of charge.

How do I use the Security Device?

  • A different Security Code will be generated by the ¡§Security Device¡¨ depending on the nature of the transaction. Customers should follow online instructions to complete authentication procedures.
    1. When performing general transactions (such as activating the Security Device), you should press the button at the bottom right hand of the device. A 6-digit Security Code will be displayed on the LCD screen of the Security Device. The Security Code, valid within a short space of time, is for one-time use only.
    2. When performing ¡§Designed Transactions¡¨, you should press the button at the bottom left hand of the ¡§Security Device¡¨ and enter the numbers highlighted in RED online into the number keys of the Device. After you have input the required information, please press the bottom left button again. A 6-digit Transaction Confirmation Code will be displayed on the LCD screen of the ¡§Security Device¡¨. The Transaction Confirmation Code, valid briefly for a short time, is for one-time use only.

What if the message ¡§BATT¡¨ is displayed on the LCD screen?

  • ¡§BATT¡¨ means that the Security Device battery is flat. The battery normally lasts for 3 to 5 years, depending on your usage. Application for replacement can be made online. Please note that the battery of the ¡§Security Device¡¨ cannot be replaced. Any attempt to remove the components of the ¡§Security Device¡¨ may cause malfunction of the Device.

If the Security Device is lost or damaged, what should I do?

  • If the Security Device is lost or damaged, please call our 24-hour Customer Services Hotline at (852)2853 8828 to report the lost or damage of the Security Device. You can then logon to BOC Credit Card Online Service to apply for a new Security Device.

What should I do if I do not activate the Security Device within 30 days¡H

  • If you do not activate the Security Device within 30 days as requested, please call our 24-hour Customer Services Hotline at (852)2853 8828 to reset the Security Device.

 

SMS-based One-time Password (OTP)

  • The BOC Credit Card SMS (if any) in respect of "One-time Password" and "Notification of Execution of Designated Transactions" will be sent only to your mobile phone number registered with The Company . Such SMS will not be forwarded to any other mobile number even if you have enabled the "SMS Forwarding Service" provided by a Hong Kong service provider.

You are advised to check carefully the transaction details in the OTP SMS for two-factor authentication against any transaction conducted by you via the Online Services. Please do not enter your OTP in any web page in case of doubt.

 

Where to use the ¡§Security Device¡¨

The ¡§Security Device¡¨ provided by The Company is only applicable to¡§Online Services¡¨. If you will register the Internet Banking of Bank of China (Hong Kong) Limited, Nanyang Commercial Bank Limited, Chiyu Banking Corporation Limited in future, your ¡§Security Device¡¨ used for Online Services will be suspended.Please visit any branches of the relevant banks to apply internet banking as well as the registration of two-factor authentication service accordingly.
   
 
     
 
Should you have any question in respect of the above security warning, please call BOC Credit Card 24-hour Customer Service Hotline¡G(852)2853 8828
 
     
 
Print Add to my favorites
Important Notice Hyperlink Policy Sitemap
2007 BOC Credit Card (International) Ltd. All Right Reserved. 2004 BOC Credit Card (International) Ltd. All Right Reserved.