loading

Internet Security

Security measures by the Bank

For DS-Direct Internet Security, please click here.

 

Dah Sing Bank provides the following measures to ensure your banking information and account details are secure when you are using our e-Banking service:

 

Transport Layer Security (TLS) Encryption
TLS encryption is employed to ensure confidentiality. TLS is an updated and more secure version of Secure Socket Layer (SSL). It is internationally recognized standards on information security. All data and information transmitted between you and our Bank through the Internet is encrypted by TLS encryption.

 

Firewalls
We also use firewalls to protect the inside of Dah Sing Bank's systems by refusing any unauthorized access.

 

Automatic time out
Online services will be automatically logged off when there is no activity for 10 minutes (for Dah Sing e-Banking ("e-Banking") / Dah Sing Mobile Banking ("Mobile Banking") / Dah Sing i-Securities ("i-Securities") / Dah Sing Securities Trading ("Securities Trading")) and 15 minutes (for 328 Business e-Banking / 328 Business Mobile Banking) in order to reduce the risk of others accessing your information from your unattended computer.

 

The Validity of Dah Sing e-Banking / Mobile Banking / Phone Banking Services
For security reason, customers who haven't logged into Dah Sing e-Banking service, Mobile Banking or Phone Banking service for the past 60 consecutive months (i.e. 5 years) or above, all such e-Banking, Mobile Banking and Phone Banking services would be cancelled. To apply for such services again, customers should visit our branch in person.

 

Security Team
To fight against computer hacker, Dah Sing Bank Security Team which keeps track of any attempts to break into our security systems in order to ensure safe security.

 

Last Login Information
Dah Sing e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking services also provide you with the information required for you to stay vigilant. Each time you login, we provide information related to your last login session. If you find any discrepancies, please contact us immediately.

 

Channel for customers to report actual and /or suspected security incidents
Customers should promptly call our Security Incident Hotline at 3101 3111 to report the incidences If they notice any unusual activities in their accounts (e.g. find or believe their PIN or devices have been compromised. Lost or stolen, or that unauthorized transactions have been conducted over their account etc).

 

Security measures to be taken by customers

To avoid unauthorised access to your account(s), you should refer to the security advice provided by the Bank from time to time and pay attention to the following points:

 

Access your Dah Sing e-Banking / Mobile Banking service

  • You should not access or login your Dah Sing e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking via third party websites and / or App.
  • You should not provide your login information including ID and password etc to any third party websites and / or Apps.

 

Personal Identification Number (PIN)
Customer shall login Dah Sing e-Banking / Mobile Banking service by entering the correct combination of your e-Banking Login ID / User ID and Password. For security reason, system will log the number of login attempts, your e-Banking / Mobile Banking service will be temporarily suspended if you incorrectly key in your PIN for three consecutive times after the first input of incorrect PIN. Customer is required to contact us to resume the service during office hour.

 

Your only way to access 328 Business e-Banking / 328 Business Mobile Banking is to provide the correct combination of your Group ID, User ID, PIN and SMS One-Time Password / fingerprint, Face ID, facial map or security passcode (if you have activated Security Authentication for 328 Business Mobile Banking). For security reason, your PIN will be temporarily suspended if you repeatedly key in your PIN wrongly and exceeded the preset maximum number of login attempt.

 

Protect your PIN and personal information
The PIN (includes password for Dah Sing e-Banking / i-Securities / Securities Trading / 328 Business e-Banking, etc) are used to secure your online transactions on e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking, etc. You shall take all reasonable steps to keep the PIN and any other device (including but not limited to personal computers and mobile devices) used for accessing the e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking safe, secure and secret to prevent fraud. In particular, you shall:

  • not disclose your PIN in any occasion or to anyone else including your relatives, friends, to anyone. You are suggested to memorize your PIN and destroy the Password notification, then change your Password after first successful login to the e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking.
  • avoid using easily accessible personal information as your Password, such as your birthday, HKID number, passports, address, phone number, or similar numbers or words that can be found in any dictionary of any language.
  • not use same set of User ID and Password registered with other Internet sites and systems.
  • not allow any person to use your PIN.
  • Set a Password that is difficult to guess and different from the ones for other services. The Password should be changed regularly.
  • Use both lowercase and capital letters with a combination of letters, numbers, and special characters.
  • not write down your Password on any device (e.g. mobile device) for accessing the e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking, etc or anything usually kept with or near the device or any personal belongings such as handbag or wallets.
  • not use your Password for accessing other services (for example, connection to the Internet or accessing other websites).
  • not write down or record your Password.
  • regularly change your Password, e.g. change the password every 30 days.
  • contact our Bank immediately if you believe that your Password has been compromised, lost or stolen and please change your Password immediately to prevent unauthorized access to your e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking, etc.
  • avoid using "Remember your password" options on Internet browsers. Do not click "yes" to "Remember your password" options on computers.

 

Never disclose your Password and personal information
Dah Sing Bank will never contact you and ask you for your Password and personal information for e-Banking, Phone Banking, or ATM services through any means such as e-mail, over the phone or in person. These include your Login ID/Group ID, User ID, Password, account number, identification/passport number, address, phone number etc. Watch out for suspicious phone calls, email messages, SMS or phishing sites requesting for passwords and/or other personal information. On the other hand, Dah Sing Bank will never disclose such information in our e-mails other than your name for personalization purpose, nor ask you to confirm any personal data by replying to our email.

 

Protect your computer

  • Install a personal firewall on your computer. Personal firewall software is designed to prevent hackers from accessing the computer it is installed on. Installing a personal firewall is recommended especially if you are using roadband connection. You should contact your computer or software provider for a suitable personal firewall. When installing such software, follow the manufacturer's recommendations for a 'conservative' accesses control.
  • Install and regularly update virus detection software. Virus detection software scans your computer and your incoming email for viruses and then deletes them. You can download anti-virus software from the websites of reliable software companies or buy it in retail stores. To be effective, anti-virus software must be updated routinely. As a matter of precaution avoid opening any emails with attachments that you are not expecting, even if they are from known people.
  • Be very cautious about opening attachments in e-mails from unfamiliar or suspicious sources which may be a virus or worm.
  • Avoid visiting suspicious websites or downloading software or file from such websites.
  • If any unusual screens pop up and/or the computer responds unusually slow, please log out from e-Banking / i-Securities / 328 Business e-Banking service and scan the computer with the most updated version of virus protection software.

 

Protect your online transactions

  • Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information) and whether anyone is trying to peek at your password.
  • Do not access e-Banking / i-Securities / 328 Business e-Banking services from public places or from shared computers such as those in cyber cafes. You never know what malicious programs might be installed on the PC you use there.
  • Avoid using public Wi-Fi to access the e-Banking / Mobile Banking / i-Seucrities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking services.
  • Always log out your e-Banking / i-Securities / 328 Business e-Banking services session by clicking the 'Logout' button to ensure you end the session securely on your computer. Simply closing your browser will not log you out from the internet banking service.
  • When you've finished using the Internet, always disconnect. Avoid leaving your connection on, especially with broadband access, unless you're accessing the Internet.
  • Always check the date and time of your last visit to e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Business Mobile Banking services (we track it at all times and display it on the Welcome Page). If you suspect anything unusual, please contact Dah Sing Bank immediately.
  • Please take attention to review the transactions before confirmation. When your instructions have been accepted and confirmed online, they cannot be reversed or cancelled.
  • For your protection, kindly check your Bank statement regularly and report any unusual transaction to the Bank immediately. For statement information and customer enquiries, please call customer service hotline during office hours.
  • Check the SMS messages and other messages sent by the Bank in a timely manner. Verify your transaction records and inform the Bank immediately in case of any suspicious transaction identified.
  • Do not forward telephone calls or SMS to devices or phone numbers provided by unknown others. When travelling abroad, it is advisable to use the same SIM card and cellphone in receiving phone calls and SMS instead of forwarding all SMS to another mobile phone or SIM card.

 

Alert to Email Scam
Email is one of the main communication channels for both personal and commercial dealings. Nowadays, fraudsters would hack into email accounts, and cheat victims by all possible means to make remittances to them. Some victims have suffered significant amount of losses from such email scams. You shall stay alert to suspicious emails and raise your awareness in preventing this kind of scam, such as taking the initiative to confirm the true identities of recipients by telephone, facsimile or other means before effecting remittances so as to prevent such kind of scam. Please read "Security measures to be taken by customers" and preventive measures to mitigate the risk of hacking.

 

Make sure you are connected with Dah Sing Bank
Recently, there are some fraudulent sending phishing emails to customers of financial institutions. Such phishing emails will direct customers to website that mimics the look of the financial institution's website to capture their usernames, PIN and other personal and confidential banking information. Thus, it is important to make sure that you are connecting with Dah Sing Bank. To stay away from connecting with a fake website, never start an e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Mobile Banking session through hyperlinks embedded in emails, Internet search engines, suspicious pop-up windows or any other doubtful channels. Always logon directly from your browser or select from your favourite if you have already added www.dahsing.com to your list of favourite Internet sites. This will avoid you from being sent to a fake website. Remember: No e-mail from Dah Sing Bank will contain a hyperlink to our e-Banking / Mobile Banking / i-Securities / Securities Trading / 328 Business e-Banking / 328 Mobile Banking logon page.

 

To ensure that you are connecting with Dah Sing Bank, look for the closed security padlock at the bottom right corner of your Web browser before you enter your User ID and Password or important personal information. A closed security padlock indicates a secure connection. Clicking the closed padlock will show you the digital certificate details.

 

Sample screen shot of Internet Explorer's certificate for your reference:

Dah Sing e-Banking

 

328 Business e-Banking

 

Note: After clicking the security padlock and you find the certificate contains any message different from what is illustrated above, please contact Dah Sing Bank for more information or assistance.

 

To prevent logging into to the fraudulent online services, please do not click any link in emails or from other websites for logging into Internet banking services.

 

If you find the website of the bank suspicious, you should not enter any information (including usernames, PIN) to the website and contact Dah Sing Bank immediately.

 

Security measures for specific services

Security Tips for Mobile Banking, Securities Trading, 328 Business Mobile Banking and Security Authentication

  • You shall take all the above mentioned reasonable steps to keep your password of e-Banking / Securities Trading /328 Business e-Banking used for accessing Mobile Banking / Securities Trading / 328 Business Mobile Banking safe, secure and secret to prevent fraud.
  • Your should only store your own fingerprint(s) / Face ID / facial map on your device in order to maintain the highest security level of Security Authentication to login to Dah Sing e-Banking / Mobile Banking / i-Securities / 328 Business Mobile Banking services and authorize the online transaction. When you activated Security Authentication, any fingerprint / Face ID / facial map stored on your mobile device, now or in the future, can be used for Fingerprint Authentication / Face ID Authentication / Facial Recognition. Therefore, you should not store or allow any third-party fingerprint(s) / Face ID / facial map to be stored on your mobile device.
  • Immediately logout from Mobile Banking / Securities Trading / 328 Business Mobile Banking after using the service.
  • Do not to click on links from malicious SMS or MMS messages which may be a virus or worm or malware.
  • Read and evaluate the requested permissions carefully before installation of any Apps.
  • Check what Apps are running in the background mode and stop unnecessary Apps from running.
  • Regularly login to check the account balances, stock holdings, order activity and transaction history.
  • Only use authorized or official Apps from recognized suppliers on your mobile device.
  • Do not jailbreak, root or pirate your mobile device. Only use legitimate and unaltered operating system.
  • Keep the operating system of your mobile device and Apps up-to-date. Only download and upgrade your operating system and Apps from official App stores or reliable sources.
  • Properly configure your mobile devices, e.g. disallow installation of Apps from unknown source etc.
  • Safeguard your mobile device and do not leave your mobile device unattended.
  • Do not share your mobile device with any other person or pass to other person for safekeeping.
  • Activate the automatic locking function of your mobile device and set an unlock password on that is difficult to guess.
  • In public areas, please use secure network to connect with the Internet on the mobile device. Avoid using public Wi-Fi to access Mobile Banking / Securities Trading / 328 Business Mobile Banking service.
  • Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) when not in use. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.
  • Please contact our Customer Services Representatives immediately if your Fingerprint Authentication / Face ID Authentication / Facial Recognition / Security Passcode Authentication-enabled mobile device is lost or stolen and your Dah Sing e-Banking / Mobile Banking / i- Securities / 328 Business Mobile Banking / Security Authentication service may be suspended to prevent unauthorized access.
  • For further information, please click here to access the Government's Cyber Security Information Portal.

 

Security Tips for Dah Sing JETCO Pay
Customers shall take the following security measures for using Dah Sing JETCO Pay, include:

  • Always keep your Mobile PIN, Dah Sing e-Banking login ID and Activation Code secure and secret. Never store them on your mobile handset. Also, don't write down or disclose them to other persons or parties.
  • Set Mobile PIN that cannot easily be guessed by anyone and should be different from other services. Change your Mobile PIN regularly.
  • Don't forward your One Time Password (OTP) and push notification to anyone.
  • Do not to click on links from malicious SMS or MMS messages which may be a virus or worm or malware.
  • Only proceed to checkout through QR Code at reliable retail merchants. On the confirmation screen, JETCO shall show the transaction details for your verification. You must check all the information with due care. In case of any doubt, you should terminate the transaction at once.
  • Don't leave your mobile device unattended after logon to the Dah Sing JETCO Pay App. Always quit from the App when you have finished Dah Sing JETCO Pay transactions.
  • Avoid sharing your mobile device with others and use your own mobile device to register Dah Sing JETCO Pay service.
  • To prevent unauthorized access to your mobile device and Dah Sing JETCO Pay App, activate the automatic locking function with a secure password.
  • Read and evaluate the requested permissions carefully before install the Dah Sing JETCO Pay App or any App.
  • Download and upgrade the Dah Sing JETCO Pay App from official App stores or reliable sources only. Please be aware of the search keywords when download the App. Please search the keyword of "Dah Sing JETCO Pay"in Apple App Store or Google Play Store to download the App.
  • Delete Dah Sing JETCO Pay App on your old mobile device before you donate, resell or recycle it.
  • Properly configure your mobile devices, e.g. disallow installation of Apps from unknown source etc.
  • When using Wi-Fi Internet connection, use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible. Use secure network and avoid using public Wi-Fi to access Dah Sing JETCO Pay service.
  • Review and where necessary update your registered mobile number in Bank's record. If your personal contact details have been changed, please contact the Bank for update immediately.
  • SMS notifications will be sent by the Bank after you have successfully registered the Small-value Transfer service or Dah Sing JETCO Pay service via the App. Check the corresponding SMS messages sent by the Bank in a timely manner. Verify your transaction records and inform the Bank immediately in case of any suspicious transaction identified.
  • Check and verify the transaction details via the "Transaction Info" in Dah Sing JETCO Pay App regularly. After you have successfully "Send Money" and "Collect Money", you should verify the corresponding transaction via Dah Sing e-Banking or Mobile Banking services.

 

Security Tips for WeChat Pay Hong Kong
Customers shall take the following security measures for using WeChat Pay Hong Kong, include:

  • Always keep your WeChat Pay Hong Kong payment password and Dah Sing e-Banking login ID and password secure and secret. Never store them on your mobile handset. Also, don't write down or disclose them to other persons or parties.
  • Set WeChat Pay payment password that cannot easily be guessed by anyone and should be different from other services. Change your WeChat Pay Hong Kong payment password regularly.
  • Don't forward your One Time Password (OTP) and push notification to anyone.
  • Don't leave your mobile device unattended after logon to the WeChat App. Always log out from the App when you have finished WeChat Pay Hong Kong transactions.
  • Avoid sharing your mobile device with others and use your own mobile device to register WeChat Pay Hong Kong service.
  • To prevent unauthorized access to your mobile device and WeChat App, activate the automatic locking function with a secure password.
  • Download and upgrade the WeChat App from official App stores or reliable sources only. Please be aware of the search keywords when download the App. Please search the keyword of "WeChat" in Apple App Store or Google Play Store to download the App.
  • Delete WeChat App on your old mobile device before you donate, resell or recycle it.
  • When using Wi-Fi Internet connection, use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible. Use secure network and avoid using public Wi-Fi to access WeChat service.
  • Review and where necessary update your mobile number registered with the Bank. If your personal contact details have been changed, please contact the Bank for update immediately.
  • SMS notifications will be sent by the Bank after you have successfully activated the Small-value Transfer Service, bound Dah Sing Bank account with WeChat Pay Hong Kong Service and carried out payment from the bound Dah Sing Bank account via the App. Check the corresponding SMS messages sent by the Bank in a timely manner. Verify your transaction records and inform the Bank immediately in case of any suspicious transaction identified.
  • Check and verify the transaction details via the "Transactions" in WeChat Pay Hong Kong regularly. After you have successfully carried out payment via the Dah Sing Bank account bound with WeChat Pay Hong Kong, you should verify the corresponding transaction via Dah Sing e-Banking or Mobile Banking services.

 

Internet Privacy Policy Statement

It has been our policy and priority to safeguard any information provided by our customers. We will strictly comply with the requirements of the Personal Data (Privacy) Ordinance. That means the internationally recognized standards of personal data protection will be followed or even exceeded where possible. It has been our commitment to train and enforce our staff to practise this Privacy Policy.

 

In visit to our website, we collect no personal data from any customer for only browsing, except updating the statistics on the number of visitors. Throughout the website, only the necessary information for applications / enquiry will be collected, and the customers will be informed of the purposes and uses, retention period, possible transfer and disclosure and the right of access to and correction of the collected information on the respective screens. In order to ensure the security and confidentiality of personal data we collect, encryption techniques have been applied for data transmission. We will not collect any information from customers without notice.

 

Once we obtain customer's personal information, only the authorized staff are permitted to access to that information, and such information will not be revealed to any external organizations without customer's agreement unless it is required to do so by law. From time to time, we may send promotional materials regarding our products to customers according to the collected information. We will stop sending the materials to customers when they show us their preferences by writing or talking to us.

 

When you visit the Bank's website or click on our online advertisements, cookies would be stored in your device. "Cookies" is a small-text file retrieved by the site, as part of our interaction with your browser. The Bank uses "cookies" to capture the information of your web pages visited, session identifiers and language preferences of Internet Banking login site while no personal information is captured in the cookies. The information gathered by cookies may be used for session management, storing user preferences and tracking of web traffic statistics in which web visitors have visited and are interested in. Most web browsers are initially set up to accept cookies. You can choose to "not accept" by changing the settings on your web browsers. If you disable cookies in your web browsers, you will not be able to login Internet Banking and access some of the site functions. No personally identifiable information will be transferred to third party.

 

For further information, please click here.

 

Contact Us

We will continuously assess ourselves to ensure that our customer privacy is properly respected and protected. For details, please refer to the Notice to Customers relating to Customers' Data. Should you have any questions, please write or talk to our Data Protection Officer:

Dah Sing Bank Limited, GPO Box 333, Hong Kong
Fax: 2511 8566

 

*The Chinese version of this Internet Security is for reference only. If there is any conflict between the English and the Chinese versions, the English version shall prevail.

 

 

For Hong Kong Monetary Authority (HKMA) Major Tips on Protection of Your Computers and Mobile Phones, please click here.