You are viewing

Internet Security

Internet Security

Security measures


For DS-Direct Internet Security, please click here.


New safety measure in the Android version of the Dah Sing Mobile Banking and 328 Business Mobile Banking


Starting from 26 May 2024, if we detect your Android device is at risk with apps installed from sources other than your phone's official app stores* and granted excessive permissions for these apps, your access to the Dah Sing Mobile Banking and 328 Business Mobile Banking from this device will be suspended to ensure your account safety.


Check the accessibility settings on your device and assess which app permission is necessary. When in doubt, delete them or turn off the accessibility settings for those apps (Go to device settings > Accessibility).


*Official App Stores include: Google Play Store, Samsung Galaxy Store, Huawei App Gallery, Xiaomi GetApps, LG SmartWorld Store, Amazon App Store, OPPO App Store, VIVO App Store, Meizu App Store, OnePlus Store, HONOR App Market.


We provide the following measures to ensure your banking information and account details are secure when you are using our e-Banking service:


Transport Layer Security (TLS) Encryption

TLS encryption is employed to ensure confidentiality. TLS is an updated and more secure version of Secure Socket Layer (SSL). It is an internationally recognised standard for information security. All data and information transmitted between you and our Bank through the Internet is encrypted by TLS encryption.


Firewalls

We also use firewalls to protect the inside of Dah Sing Bank's systems by refusing any unauthorised access.


Automatic time out

Online services will be automatically logged off when there is no activity for 10 minutes (for Dah Sing e-Banking (e-Banking), Dah Sing Mobile Banking (Mobile Banking), Dah Sing i-Securities (i-Securities) or Dah Sing Securities Trading (Securities Trading)) and 15 minutes (for 328 Business e-Banking or 328 Business Mobile Banking) in order to reduce the risk of others accessing your information from your unattended computer.


The Validity of Dah Sing e-Banking, Mobile Banking or Phone Banking Services

For security reasons, customers who haven't logged into e-Banking service, Mobile Banking or Phone Banking service for the past 60 consecutive months (i.e. 5 years) or above, all such e-Banking, Mobile Banking and Phone Banking services will be cancelled. To apply for such services again, you should visit our branch in person.


Security Team

To fight against computer hackers, Dah Sing Bank Security Team keeps track of any attempts to break into our security systems in order to ensure safe security.


Last Login Information

e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking services also provide you with the information required for you to stay vigilant. Each time you log in, we provide information related to your last login session. If you find any discrepancies, please contact us immediately.


Channel for you to report actual and / or suspected security incidents

You should promptly call our Security Incident Hotline at 3101 3111 to report the incidences if you notice any unusual activities in your accounts (e.g. find or believe their PIN or devices have been compromised. Lost or stolen or that unauthorised transactions have been conducted over your account etc.).


Security measures to be taken by you


To avoid unauthorised access to your account(s), you should refer to the security advice provided by us from time to time and pay attention to the following points:


Access your e-Banking / Mobile Banking service

  • You should not access or login your e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking via third-party websites and / or App.
  • You should not provide your login information including ID and password etc. to any third-party websites and / or Apps.


Personal Identification Number (PIN)

You should log into e-Banking or Mobile Banking service by entering the correct combination of your e-Banking Login ID or User ID and Password. For security reasons, the system will log the number of login attempts, your e-Banking or Mobile Banking service will be temporarily suspended if you incorrectly key in your PIN for 3 consecutive times after the first input of incorrect PIN. You are required to contact us to resume the service during office hours.

Your only way to access 328 Business e-Banking or 328 Business Mobile Banking is to provide the correct combination of your Group ID, User ID, PIN and SMS One-time Password or fingerprint, Face ID, facial map or security passcode (if you have activated Security Authentication for 328 Business Mobile Banking). For security reasons, your PIN will be temporarily suspended if you repeatedly key in your PIN wrongly and exceeded the preset maximum number of login attempts. If you forget your password, you may refer to the solution under the section of "328 Business e-Banking FAQ".



Protect your PIN, One Time Password (OTP) and personal information

The PIN (including password for e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking, 328 Business Mobile Banking etc.) is used to secure your online transactions on e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking, 328 Business Mobile Banking, etc. And the One Time Password (OTP) is to validate your personal identity or authorize us to process specific banking services. You should take all reasonable steps to keep the PIN, OTP and any other devices (including but not limited to personal computers and mobile devices) used for accessing the e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking safe, secure and secret to prevent fraud. In particular, you shall:

  • About your PIN
    • Do not disclose your PIN on any occasion or to anyone else including your relatives, friends, or anyone else. You are suggested to memorize your PIN and destroy the Password notification, then change your Password after first successful login to the e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking
    • Avoid using easily accessible personal information as your Password, such as your birthday, HKID number, passports, address, phone number or similar numbers or words that can be found in any dictionary of any language
    • Do not use same set of User ID and Password registered with other Internet sites and systems
    • Do not allow any person to use your PIN
    • Set a Password that is difficult to guess and different from the ones for other services. The Password should be changed regularly
    • Use both lowercase and capital letters with a combination of letters and numbers
    • Do not store your Username, Password and / or Account Number on any device (e.g. mobile device) for accessing the e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking, etc., or write down on anything usually kept with or near the device or any personal belongings such as handbag or wallets
    • Do not use your Password for accessing other services (for example, connection to the Internet or accessing other websites)
    • Do not write down or record your Password
    • Regularly change your Password, e.g. change the password every 30 days
    • Contact our Bank immediately if you believe that your Password has been compromised, lost or stolen and please change your Password immediately to prevent unauthorised access to your e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking, 328 Business Mobile Banking, etc.
    • Avoid using "Remember your password" options on Internet browsers. Do not click "yes" to "Remember your password" on computers
  • About your OTP
    • Do not disclose or forward your OTP to others
    • Do verify your transaction details carefully, such as merchant name and transaction amount, before inputting OTP as credit card transaction authorization
    • Do check if the Mobile Payment Service is the one you are intending to add your credit card to it before inputting OTP as card-binding authorization
    • OTP will be sent to you to validate your identity for inbound call
    • Do not input the OTP without checking the merchant name and transaction amount
    • Login to Dah Sing eBanking regularly to check the credit card transaction record
    • Please call us immediately if you found or suspected that the OTP is being stolen


Never disclose your Password and personal information

We will never contact you and ask you for your Password and personal information for e-Banking, Mobile Banking, Phone Banking or ATM services through any means such as email, over the phone or in person. These include your Login ID or Group ID, User ID, Password, account number, credit card number, identification or passport number, address, phone number etc. Watch out for suspicious phone calls, email messages, SMS or phishing sites requesting for passwords and / or other personal information. On the other hand, we will never disclose such information in our emails other than your name for personalisation purpose, nor ask you to confirm any personal data by replying to our email.



Protect your computer

  • Install a personal firewall on your computer. Personal firewall software is designed to prevent hackers from accessing the computer it is installed on. Installing a personal firewall is recommended especially if you are using a broadband connection. You should contact your computer or software provider for a suitable personal firewall. When installing such software, follow the manufacturer's recommendations for a "conservative" accesses control
  • Install and regularly update virus detection software. Virus detection software scans your computer and your incoming email for viruses and then deletes them. You can download anti-virus software from the websites of reliable software companies or buy it in retail stores. To be effective, anti-virus software must be updated regularly. As a matter of precaution avoid opening any emails with attachments that you are not expecting, even if they are from known people
  • Be very cautious about opening attachments in emails from unfamiliar or suspicious sources which may be a virus or worm
  • Avoid visiting suspicious websites or downloading software or file from such websites
  • If any unusual screens pop up and / or the computer responds unusually slow, please log out from e-Banking, i-Securities or 328 Business e-Banking service and scan the computer with the most updated version of virus protection software


Protect your online transactions

  • Beware of any unusual login screen or process (e.g. a suspicious pop-up window or request for providing additional personal information) and whether anyone is trying to peek at your password
  • Do not access e-Banking, i-Securities or 328 Business e-Banking services from public places or from shared computers such as those in cyber cafes. You never know what malicious programs might be installed on the PC you use there
  • Avoid using public Wi-Fi to access the e-Banking, Mobile Banking, i-Seucrities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking services
  • Always log out your e-Banking, i-Securities or 328 Business e-Banking services session by clicking the "Logout" button to ensure you end the session securely on your computer. Simply closing your browser will not log you out from the internet banking service
  • When you've finished using the Internet, always disconnect. Avoid leaving your connection on, especially with broadband access, unless you're accessing the Internet
  • Always check the date and time of your last visit to e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Business Mobile Banking services (we track it at all times and display it on the Welcome Page). If you suspect anything unusual, please contact us immediately
  • Please take attention to review the transactions before confirmation. When your instructions have been accepted and confirmed online, they cannot be reversed or cancelled
  • When shopping online, you should understand the background of online store or seller, and also to check the comments of other buyers on the relevant goods or seller. If you find any irrationality or doubt, you should be vigilant. If the selling of the goods requires a license, you should check with the seller before buying. It is also recommended to keep the relevant transaction record including the fund transfer details. Where possible, it is best to pick up the goods in person and inspect before payment
  • For your protection, kindly check your Bank statement regularly and report any unusual transaction to us immediately. For statement information and customer enquiries, please call Customer Service Hotline during office hours
  • Check the SMS messages and other messages sent by us in a timely manner. Verify your transaction records and inform us immediately in case of any suspicious transaction identified
  • Do not forward telephone calls or SMS to devices or phone numbers provided by unknown others. When travelling abroad, it is advisable to use the same SIM card and mobile phone in receiving phone calls and SMS instead of forwarding all SMS to another mobile phone or SIM card
  • Ensure the contact details registered with Dah Sing Bank for the purpose of receiving important notifications are up-to-date to allow relevant notifications to be delivered on a timely basis.  For example, to receive SMS and email notifications for online transactions.


Alert to Email and SMS Scam

Email and SMS are one of the main communication channels for both personal and commercial dealings. Nowadays, fraudsters may use fraud email and SMS or hack into victims' email accounts, computer or mobile device and cheat victims by all possible means to make remittances, credit card information, password, etc. to them. Some victims have suffered significant losses from such email or SMS scams. You should stay alert to suspicious emails / SMS and raise your awareness in preventing this kind of scam, such as taking the initiative to confirm the true identities of recipients by telephone, facsimile or other means before effecting remittances or transactions so as to prevent such kind of scam. Please read "Security measures to be taken by you" and preventive measures to mitigate the risk of hacking.

Please also note the following common characteristics of phishing emails.

  • Emails and SMS from unknown senders, sometimes the email address containing random strings and characters
  • Senders' name, email address and SMS content may be exactly the same as the genuine information of the Bank
  • The email or SMS usually looks like an important notification from the Bank (e.g. "Notification for a huge amount of fund transfer in the customer's account", "Request the customer to activate security authentication function" or "Suspension of a specific banking service" etc.). The recipient will be asked to click the hyperlink or open an attachment in the email
  • Address shown by hovering your mouse over the hyperlinks different from what is displayed
  • Content with spelling mistakes and poor grammar
  • Attachments with suspicious file extension (e.g. *.exe, *.vbs, *.bin, *.com, *.pif or *.bat or others)
  • Requests for disclosing sensitive information (e.g. personal information, credit card number, vertification code or login credentials)

Protect your Personal Digital Keys. Beware of fraudulent links

Protecting you from scam: SMS Sender IDs start with prefix "#" to indicate sender is registered

To help you detect scam SMS, we have implemented new security measures. Beginning on 28 Jan 2024, the majority of our SMS message will be sent using a "Registered Sender ID" that starts with "#". The presence of the "#" prefix guarantees that the SMS is sent by a verified and authorized sender. This will aid you in identifying potential fraudsters and phishing attempts through SMS message.

Please take note of the following enhancement we have made to combat phishing scam SMS:

  • We will send SMS using the "Registered Sender ID" ("#DSB"), ("#DahSing"), ("#DahSing-HK")
  • SMS messages with sender IDs containing "#" that are sent from unknown senders (not Registered Senders) will be blocked by the telecommunications service providers
  • You do not need to apply for any service, install mobile apps, or make any change to your mobile settings in advance

The above measure is not applicable for.

  • 2-way SMS
  • Local subscribers of "Single-Card-Multiple-Numbers"/ "One-Card-Two-Numbers" mobile service provided by non Hong Kong operators
  • Overseas Mobile Number

Identify frauds and cyber pitfalls

Should you have any doubts on telephone number, email address, web address, platform account name or number, payment account etc, please use "Scameter" to assess the risk of fraud and cyber security. Learn more "Scameter" from the promotional video.



Make sure you are connected with us

Recently, there are some fraudsters sending phishing emails and SMS to customers of financial institutions. Such phishing emails and SMS will direct you to websites that mimic the look of the financial institution's website to capture your usernames, PIN and other personal information, credit card number and confidential banking information. Thus, it is important to make sure that you are connecting with us. To stay away from connecting with a fake website, never start an e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Mobile Banking session through hyperlinks embedded in emails, Internet search engines, suspicious pop-up windows or any other doubtful channels. Always key in our website address www.dahsing.com directly from your browser to log in or select from your favourite if you have already added www.dahsing.com to your list of favourite Internet sites. This will prevent you from being sent to a fake website. Remember: No email or SMS from us will contain a hyperlink to our e-Banking, Mobile Banking, i-Securities, Securities Trading, 328 Business e-Banking or 328 Mobile Banking login page.

To ensure that you are connecting with Dah Sing Bank, look for the closed security padlock of your Web browser before you enter your User ID and Password or important personal information. A closed security padlock indicates a secure connection. Clicking the closed padlock will show you the digital certificate details.

Sample screen shot of Internet Explorer's certificate for your reference:

Dah Sing e-Banking

Sample screen shot of Internet Explorer's certificate for Dah Sing e-Banking

328 Business e-Banking

Sample screen shot of Internet Explorer's certificate for 328 Business e-Banking

Note: After clicking the security padlock and you find the certificate contains any message different from what is illustrated above, please contact us for more information or assistance.

To prevent logging into to the fraudulent online services, please do not click any link in emails or from other websites for logging into Internet banking services.

If you find the website of the bank suspicious, you should not enter any information (including usernames, PIN) to the website and contact us immediately.


Security measures for specific services


Security Tips for Mobile Banking, Securities Trading, 328 Business Mobile Banking and Security Authentication


Secure Access and Usage

  • Immediately log out from Mobile Banking, Securities Trading or 328 Business Mobile Banking after using the service
  • Safeguard your mobile device and do not leave your mobile device unattended
  • Do not share your mobile device with any other person or pass to other person for safekeeping
  • Activate the automatic locking function of your mobile device and set an unlock password on that is difficult to guess
  • Do not click on links from malicious SMS or MMS messages which may be a virus or worm or malware
  • Regularly log into check the account balances, stock holdings, order activity and transaction history
  • You should take all the above mentioned reasonable steps to keep your password of Mobile Banking, Securities Trading or 328 Business Mobile Banking used for accessing Mobile Banking, Securities Trading or 328 Business Mobile Banking safe, secure and secret to prevent fraud


Protect your Mobile Device

  • Read and evaluate the requested permissions carefully before installing any Apps
  • Check what Apps are running in the background mode and stop unnecessary Apps from running
  • Only use authorised or official Apps from recognized suppliers on your mobile device
  • Do not jailbreak, root or pirate your mobile device. Only use legitimate and unaltered operating system
  • You should keep the operating system of your mobile device and Apps up-to-date and install anti-virus software on your mobile device. Only download and upgrade your operating system and Apps from official App stores or reliable sources
  • Properly configure your mobile devices, e.g. disallow installation of Apps from unknown source etc.
  • In public areas, please use secure networks to connect with the Internet on your mobile device. Avoid using public Wi-Fi to access Mobile Banking, Securities Trading or 328 Business Mobile Banking service
  • Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) when they are not in use. Choose encrypted networks when using Wi-Fi and remove any unnecessary Wi-Fi connection settings


Safe Usage of Security Authentication

  • Make sure that only your biometric data are stored on your permitted mobile device which should be securely and safely kept at any time. Any password allowing access to changing or adding biometric data on permitted mobile device are protected
  • You should be aware of the possibility of a false match of face ID authentication or facial recognition if you have an identical twin sibling or a sibling who looks like you etc. If you are concerned about this, you are recommended to use Dah Sing e-Banking username and password to access our e-Banking or mobile banking services
  • You should only store your own fingerprint(s), Face ID or facial map on your device in order to maintain the highest security level of Security Authentication to log into e-Banking, Mobile Banking, i-Securities or 328 Business Mobile Banking services and authorise the online transaction. When you activated Security Authentication, any fingerprint, Face ID or facial map stored on your mobile device, now or in the future, can be used for Fingerprint Authentication, Face ID Authentication or Facial Recognition. Therefore, you should not store or allow any third-party fingerprint(s), Face ID or facial map to be stored on your mobile device
  • Please contact our Customer Services Representatives immediately if your Fingerprint Authentication, Face ID Authentication, Facial Recognition or Security Passcode Authentication-enabled mobile device is lost or stolen and your e-Banking, Mobile Banking, i- Securities, 328 Business Mobile Banking or Security Authentication service may be suspended to prevent unauthorised access

For further information, please click here to access the Government's Cyber Security Information Portal.



Security Tips for "FPS" Service

You should take the following security measures for using "FPS" Service, including:

  • SMS notifications or email notifications will be sent by us after you have successfully registered FPS proxy identifier, transferred funds or received funds. Check it in a timely manner. If you suspect anything unusual, please contact us immediately
  • Please be very cautious when someone notifies you that he / she has mistakenly transferred money to your account. You should log into your e-Banking / Mobile Banking and double check when encountering such situation. Even though he / she did accidentally transfer the money to your account, please avoid sending back the funds directly. You should inform us as soon as possible and through the relevant banking institution to co-ordinate the refund so as to protect both parties
  • Carefully verify the payment details (either input by yourself or after scanning a QR Code) of every single transaction before confirming the payment
  • If you would like to use QR code for funds collection, please note that the QR Code may have embedded your registered FPS proxy identifier (i.e. mobile number, email address or FPS ID). Therefore, third-party can read this information by scanning your QR Code. Please only show it to others when necessary
  • Avoid sharing your mobile device with others or use others' mobile device to register "FPS" Service
  • Do not store usernames, passwords, account numbers and other sensitive information on your phone, including the storage within any apps
  • If you find or believe that your mobile devices have been compromised, lost or stolen, or that unauthorised transactions have been conducted, please contact us immediately


Security Tips for WeChat Pay Hong Kong

You should take the following security measures for using WeChat Pay Hong Kong, including:

  • Always keep your WeChat Pay Hong Kong payment password and e-Banking login ID and password secure and secret. Never store them on your mobile handset. Also, don't write down or disclose them to other persons or parties
  • Choose a WeChat Pay payment password that cannot easily be guessed by anyone and should be different from other services. Change your WeChat Pay Hong Kong payment password regularly
  • Don't forward your One-time Password (OTP) and push notification to anyone
  • Don't leave your mobile device unattended after logging into the WeChat App. Always log out from the App when you have finished WeChat Pay Hong Kong transactions
  • Avoid sharing your mobile device with others and use your own mobile device to register WeChat Pay Hong Kong service
  • To prevent unauthorised access to your mobile device and WeChat App, activate the automatic locking function with a secure password
  • Download and upgrade the WeChat App from official App stores or reliable sources only. Please be aware of the search keywords when downloading the App. Please search the keyword "WeChat" in the Apple App Store or Google Play Store to download the App
  • You should keep the operating system of your mobile device and Apps up-to-date and install anti-virus software on your mobile device
  • Delete WeChat App on your old mobile device before you donate, resell or recycle it
  • When using a Wi-Fi Internet connection, use trusted Wi-Fi networks or service providers and enable security protection such as Wi-Fi Protected Access (WPA), if possible. Use secure networks and avoid using public Wi-Fi to access WeChat service
  • Review and update your mobile number registered with us when necessary. If your personal contact details have been changed, please contact us for updating immediately
  • SMS notifications will be sent by us after you have successfully activated the Small-value Transfer Service, bound Dah Sing Bank account with WeChat Pay Hong Kong Service and carried out payment from the bound Dah Sing Bank account via the App. Check the corresponding SMS messages sent by us in a timely manner. Verify your transaction records and inform us immediately in case of any suspicious transactions identified
  • Check and verify the transaction details via the "Transactions" in WeChat Pay Hong Kong regularly. After you have successfully carried out payment via your account bound with WeChat Pay Hong Kong, you should verify the corresponding transaction via e-Banking or Mobile Banking services

Internet Privacy Policy Statement


It has been our policy and priority to safeguard any information provided by you. We will strictly comply with the requirements of the Personal Data (Privacy) Ordinance. That means the internationally recognized standards of personal data protection will be followed or even exceeded where possible. It has been our commitment to train and enforce our staff to practise this Privacy Policy.

When visiting our website, we collect no personal data from you for only browsing, except updating the statistics on the number of visitors. Throughout the website, only the necessary information for applications or enquiry will be collected and you will be informed of the purposes and uses, retention period, possible transfer and disclosure and the right of access to and correction of the collected information on the respective screens. In order to ensure the security and confidentiality of personal data we collect, encryption techniques have been applied for data transmission. We will not collect any information from you without notice.

Once we obtain your personal information, only the authorised staff are permitted to access to that information and such information will not be revealed to any external organisations without your agreement unless it is required to do so by law. From time to time, we may send promotional materials regarding our products to you according to the collected information. We will stop sending the materials to you when you show us you preferences by writing or talking to us.

When you visit our website or click on our online advertisements, cookies would be stored in your device. "Cookies" are a small-text file retrieved by the site, as part of our interaction with your browser. We use "Cookies" to capture the information of your web pages visited, session identifiers and language preferences of Internet Banking login site while no personal information is captured in the "Cookies". The information gathered by "Cookies" may be used for session management, storing user preferences and tracking of web traffic statistics in which web visitors have visited and are interested in. Most web browsers are initially set up to accept "Cookies". You can choose to "not accept" by changing the settings on your web browser. If you disable "Cookies" in your web browser, you will not be able to log into Internet Banking and access some of the site functions. No personally identifiable information will be transferred to third-parties.

For further information, please click here.


Contact Us


We will continuously assess ourselves to ensure that our customer privacy is properly respected and protected. For details, please refer to the Notice to Customers relating to Customers' Data. Should you have any questions, please write or talk to our Data Protection Officer:

Dah Sing Bank Limited, GPO Box 333, Hong Kong
Fax: 2511 8566

*The Chinese version of this Internet Security is for reference only. If there is any conflict between the English and the Chinese versions, the English version shall prevail.

For Hong Kong Monetary Authority (HKMA) Major Tips on Protection of Your Computers and Mobile Phones, please click here.