Internet Securities Services and Mobile Securities Services Security

Chong Hing Securities Limiited (CHS) is serious about Internet Securities Services and Mobile Securities Services security and strongly recommends you to learn more about the protection and the security tips we have put in place for you.

I. Be Vigilant of Fraudulent Websites and Emails
II. What We Have Done to Protect You in Using Internet Securities Services / and Mobile Securities Services Safely
III. How to Secure Yourself when Using Internet Securities Services and Mobile Securities Services
IV. Common Online Fraud
V. Frequently Asked Questions

I. Be Vigilant of Fraudulent Websites, Emails and Mobile Application

  • You should access Internet Securities Services or Mobile Securities Services by entering the CHS website address directly or using a bookmark. Never access our website or provide your personal information (including your password) through any hyperlinks or attachments embedded in emails or from websites.
  • You are reminded to be vigilant of any fraudulent website in disguise of CHS. The CHS website address is www.chsec.com.hk.
  • We NEVER send emails with hyperlinks to transaction pages, nor ask customers for their account numbers, internet logon accounts, passwords or any other personal information by email.
  • You are reminded NOT to access Internet Securities Services and/or Mobile Securities Services through hyperlinks embedded in any emails or Internet search engines.
  • Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information). If unusual process of your computer is noticed, we suggest you to log out Internet Securities Services immediately, and perform virus scan to your computer by the anti-virus software (with the most updated virus definition file).

II. What We Have Done to Protect You in Using Internet Securities Services and Mobile Securities Safely

  • We adopt the 256-bit Secure Socket Layer (SSL) encryption to assure the confidentiality of your personal and transaction data during transmission on the Internet.
  • Our web servers are protected by firewalls to prevent unauthorized access.
  • If you forget to logout from Internet Securities Services and/or Mobile Securities Services, your online access will be disconnected automatically after a short period of inactivity to prevent unauthorized transaction.
  • If five consecutive incorrect logon attempts were detected, your Internet Securities Services and/or Mobile Securities Services would be suspended immediately.

III. How to Secure Yourself when Using Internet Securities Services and Mobile Securities Services

1. Take Precautionary Measures while You Are Using:

Internet Securities Services

  • Do not logon to Internet Securities Services using public computers at public areas such as cyber cafes or bars.
  • When using Wi-Fi connection, use trusted Wi-Fi networks or service providers instead of public Wi-Fi. Enable security protection such as Wi-Fi Protected Access (WPA, a security protocol to secure wireless computer networks).
  • Do not access Internet Securities Services through hyperlinks embedded in any emails, SMS, applications, social networking sites, suspicious pop-up window or internet search engines.
  • Ensure other Internet browser windows are closed before logon to Internet Securities Services.
  • Ensure that you are connecting to our Internet Securities Services website https://online1.chsec.com.hk.
  • Make sure no one can see your Customer Reference Number, Logon Name and password when logging on to the Internet Securities Services.
  • Always check the date and time of your last Internet Securities Services logon and contact us if you are in doubt.
  • If you log into your internet securities account and encounter any suspicious situation (e.g. computer respond is extraordinarily slow, the login procedure is awkward or requiring you to enter additional information), please stop login and inform CHS immediately.
  • After logon to Internet Securities Services, please logout before visiting other Internet sites.
  • Do not leave your computer unattended before logout.
  • Always use the "logout" button to exit and close the browser upon finish using Internet Securities Services.
  • Check your account balance and transactions regularly and notify us immediately if you detect any errors or unauthorized transactions.

Mobile Securities Services

  • Ensure that you are connecting to our Mobile Securities Services website https://mobile.chsec.com.hk
  • Don't install applications on your mobile device from mistrusted sources.
  • Install and update the latest anti-virus and anti-spyware software regularly on your mobile device, whenever they are available.
  • Be cautious of anyone trying to view your login credentials when you access Mobile Securities Services via your mobile device in public area.
  • Don’t save your mobile securities account ID and password in your mobile device.
  • Avoid sharing your mobile device with others and use your own mobile device to log on Mobile Securities Services.
  • Set a passcode for your mobile phone that is difficult to guess and activate the auto-lock function to prevent unauthorized access of your mobile device.
  • Use the latest versions of operating system and browser. Don't use any jailbroken or rooted mobile device which may have security loopholes to log on to Mobile Securities Services.
  • User cellular network provided by your mobile device’s operator instead of public Wi-Fi.
  • Use default browsers originally provided by mobile device rather than newly installed browsers downloaded from other sources.
  • Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) not in use. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings.
  • Regularly remove all caches and browsing history stored in your mobile device.
  • Delete sensitive SMS message if it is no longer required and clear the browsing history regularly.
  • Make sure no one can see your Logon Name and password when logging on to the Mobile Securities Services.
  • Always check the date and time of your last Mobile Securities Services logon and contact us if you are in doubt.
  • After logon to Mobile Securities Services, please logout before visiting other Mobile applications.
  • Do not leave your mobile device unattended before logout.
  • Always use the "logout" button to exit upon finish using Mobile Securities Services.
  • Check your account balance and transactions regularly and notify us immediately if you detect any errors or unauthorized transactions.
  • Check emails issued by CHS in a timely manner and verify your transaction records. Inform CHS immediately in case of any suspicious situations.
2. Safeguard Your Password, User ID, My Logon Name and Personal Information
  • Change your password immediately when using your Internet Securities Services first time and destroy any documents containing password information.
  • Keep your Password, Customer Reference Number, Logon Name and personal information secret and in a secure place.
  • Do not disclose your password, User ID and Logon Name to anyone (including our staff and the police). Avoid disclosing your personal information such as HKID card number, telephone number and date of birth.
  • Do not keep any login information of your Internet Securities account together with the one-time password sent from CHS.
  • Choose a safe password.
  • To strengthen security level of Chong Hing Internet Securities Services and / or Mobile Securities Services, format of the logon password must be in 8-20 alphanumeric characters.
  • Set a password that is difficult to guess and different from the ones for other services. The login password should be changed regularly and should never be stored on computers, mobile phones or placed in plain sight.
  • Change your password regularly or in case it may have been compromised.
  • Use different passwords for different services.
  • Do not allow anyone else to operate your Internet Securities Services and / or Mobile Securities Services account.
  • When you are using others' computer or mobile device to perform transactions, ensure that you have cleared the cache after logging out for assurance your password is not copied or stored in the computer or mobile device.
  • Do not permit the mobile device which is used for two factor authentication to come into the possession or control of any other person or leave it unattended.
  • Do not download or install programs received from SMS in your mobile device.
  • Protect your computer or mobile device with password if the computer or mobile device is left unattended.
  • Keep updating us with your latest contact information.
3. Secure Your Computer or Mobile device
  • Ensure you are using supported versions of OS and applications by suppliers, and enable the auto-update feature to obtain and apply security patches regularly from trusted sources.
  • Install a personal firewall, anti-spyware and anti-virus software to detect, real-time, any intrusions, spyware and viruses on your computer, and enable the auto-update feature to obtain the latest spyware and virus definition files.
  • Avoid downloading or installing programs, files or emails from unreliable sources.
  • Disable the "Auto Complete" feature of your browser. This feature, if enabled, memorises the data (including online passwords) that you input automatically.
  • Do not share computers. If you must share, set your own password to block access to your accounts.
  • Disconnect from the Internet or Mobile App when you are not using it.

If you suspect:
(1) You have provided personal information or conducted transaction through a suspicious CHS website or a purported CHS email,
(2) Your password for operating Internet Securities and / or Mobile Securities services have been compromised, lost, or stolen,
(3) Unauthorized transactions have been conducted over your accounts,
Please inform CHS immediately.

IV. Common Online Fraud

Advance Fee Scam

This kind of fraud involves dubious letters and email messages offering the recipient a generous reward for handling a large lump sum of funds. These funds often claimed to be anything from corporate profits, bribes, unspent government funds or unclaimed funds belonging to a deceased person. Sometimes, to convince the recipient that the funds do exist, the cheater even create a bogus bank website that shows a huge credit balance of a specified account.

The transactions typically require the recipient(s) to pay an advance fee to complete the deal. However, such fee will be lost forever. Also, the recipients' personal details or banking information may be used in other types of frauds.

Lottery Fraud

This kind of fraud involves dubious letters and email messages congratulating the recipient(s) of winning a prize in a lottery. To obtain the prize, the recipient has to provide his / her personal particulars and bank account details. The recipient may also be requested to pay a handling fee to complete the transaction. However, such fee will be lost forever. Also, the recipients' personal particulars and banking information provided may be used in other types of frauds.

Online frauds are emerging to an endless stream, customers are advised to safeguard their personal and banking information at all time.

If you suspect yourself fall victim to any online frauds, please report to the police immediately!

V. Frequently Asked Questions

1. How do I choose a safe password?

Do's
Don'ts
  • Do choose a password that is different from your Customer Reference Number, Logon Name or account numbers.
  • Do set a difficult-to-guess password.
  • Do ensure that your password is easy to remember only by yourself.
  • Do not use your date of birth, HKID card number, telephone number or any combinations of your English name as your password.
  • Do not use two or more consecutive identical characters, e.g. "88", "aa", etc.
  • Do not use sequential numbers or characters, e.g. "1234", "abcd", etc.
  • Do not share the same password you have used for accessing other web services.

 
2. How do I delete the cache information in Internet Explorer upon finish using Internet Securities Services?
  • Click "Tools" at the top of the browser and select "Internet Options".
  • Select the "General" tab and then the "Temporary Internet files".
  • Under "Browsing history", click "Delete".
  • In the Delete Browsing History dialog box, select "Temporary Internet files", click "Delete", and then click "OK".
3. How can I be sure that I am connecting to CHS Internet Securities Services website?

You can click the yellow padlock icon at the right side of the address bar to examine the digital certificate of our Internet Securities Services website. The Digital Certificate is issued by Symantec (chained to Symantec Class 3 Secure Server CA - G4) and the website address should be shown in the certificate as online1.chsec.com.hk.

4. What is 256-bit Secure Socket Layer (SSL)?

256-bit SSL is a cryptographic protocol. It provides strong cryptographic capability to encrypt your personal and transaction information during transmission on the Internet such that no unauthorized parties can access and read the information.

5. What is two-factor authentication?

Two-factor authentication uses two different factors namely, "something you have" (e.g. mobile phones) and together with "something you know" (e.g. password), to authenticate a user identity. Your physical possession (such as mobile phone) is difficult to be stolen on the Internet. Therefore, conducting high-risk transactions online using two-factor authentication offers a better protection.

6. Why I need to install a firewall?

A firewall protects unauthorized intrusion into your computer from the Internet and thus it can strengthen the online safety.

7. Where can I obtain additional information about using the Internet Securities and Mobile Securities safely? 8. How do I contact CHS for any enquiries?

Please contact our Customer Services Hotline (852) 3768 9818 or send email to cs@chsec.com.hk. We will answer your enquiries as soon as possible.