简体中文 | ENGLISH | Accessible Browse


Online Banking

 
 

Online Banking

 
 


Security Mechanism(Corporate Service)


 

Please give a brief introduction to the security mechanism of BOC Online Banking (corporate service)

A: The security mechanism is reflected in the following aspects:

Secure authentication method: the user may select the E-Token or USB-Key as its security authentication tool based on its specific needs. Meanwhile, key transactions should be authenticated by the second factor.

User ID and password: every user has a set of sound customer information management mechanism, and logs on with his/her own user name and password.

BOC E-Message SMS notification: when the online banking system is logged on, the password is modified, or the system is locked up due to password input error, a SMS notice will be automatically sent to the mobile phone designated by the customer according to his/her setting.

Strict hierarchical management: it provides a financial management system, including entrustment and authorization, in line with the requirements of enterprises on financial management.

Strict function privilege restriction: every operator is subject to strict service function restriction according to his/her role.

Strict account limit restriction: every account may have a strict single or daily accumulated payment limit restrictions.

E-mail notification of transaction results: according to the transaction results and customer’s setting, BOC will send payment notice and collection notice e-mails respectively to you and the payee.

Please give a brief introduction to the E-Token.

A: E-Token is an electronic device with embedded battery, password generation chip and display screen, which automatically updates dynamic passwords on a regular basis according to specific computing method. The system based on the dynamic password technique is also known as One-Time-Pad (OTP) system, i.e. the identity password of user is changing, and one password will cease to be in force if it has been used one time, and at the next time the logon password will be a different one. As an important two-factor authentication tool, E-Token is widely used in security certification. E-Token may greatly enhance the logon and transaction security of online banking.

Please give a brief introduction to the advantages of E-Token.

A: E-Token is not only secure but also convenient. E-Token, also known as OTP system, updates password once every 60 seconds, and has the advantages that every password is used only one time in course of authentication and will be changed in the next authentication, so that lawbreakers are unlikely to pass themselves off as legal users and that the users do not need to remember the password. The use of E-Token is quite simple without installation of driver. The 6-digit dynamic password is displayed in number. The user may key in the dynamic password displayed in the E-Token according to the prompt of online banking system.

Please give a brief introduction to the security mechanism of USB-Key used in online banking of BOC.

A: BOC adopts dual-certificate (encryption certificate/signature certificate) and dual center (certification center and key center) mechanism centering on CA certification, and takes all-directional security means to ensure the security of transactions handled by online banking users. BOC adopts international standard encryption algorithm to ensure the online banking transactions are undeniable, exclusive, confidential and complete. BOC utilizes USB-Key to encrypt and store the USB-key and related key, so as to prevent digital certificate from being stolen, and strictly authenticates identity of online banking users and BOC Online Banking website by user password, image validation code and USB-Key, in order to guarantee the legality of the identity of users and BOC corporate Online Banking website.

Please give a brief introduction to the advantages of USB-Key.

A: BOC online banking adopts driver-free USB-Key to encrypt and store digital certificate and related key of the users. When enabling online banking services for a customer, the operating outlet will notify the customer of the information about downloading related certificate, and customer may easily download the certificate by himself/herself without installation of any driver program for the USB-Key.

What is the update frequency of dynamic password and how many numbers does a password have?

A: Dynamic password is updated once every 60 seconds with a length of six digits.

How long is the effective period of an E-Token? How to deal with an E-Token that has passed its expiration date?

A: The effective period of an E-Token is three years starting the ex-factory date (The expiration date is shown on the back of E-Token). The E-Token will be no longer in force upon expiration.

What is the relation between E-Token and user?

A: Every E-Token has a sole serial number (marked on the back of E-Token). When a user applies for the E-Token, BOC will establish an exclusive coincidence relation between E-Token and user name, certificate type and certificate number.

How to apply for E-Token?

A: Users may carry their effective identity certificates (corporate customers need to provide organization registration code certificates and application) to apply for E-Token at the outlets designated by BOC and pay relevant fees. Upon review and approval, BOC will issue E-Token to users.

Why the E-Token is locked up? How to deal with it?

A: When a user logs on or verifies transactions by dynamic passwords, if failing in verification for 10 successive times, the system will automatically lock up the E-Token of the user and refuse the user’s logon in order to prevent your E-Token from being maliciously tried and protect your fund security. Thereafter, in case the E-Token is locked up, the user can not log on even he/she keys in the correct password and will be advised the lockup information when logging on the online banking. After the E-Token is locked up, the user shall fill in the application form, and carry valid identity certificate and E-Token (and a power of attorney if not personally) to unlock the E-Token at an outlet of BOC.

How to report loss of, cancel the loss reporting of and renew the E-Token?

A: In case of loss of the E-Token, the user shall fill in an application form, and carry his/her valid identity certificates (and a power of attorney if not personally) to report loss of the E-Token to any outlet designated by BOC. Handling of loss reporting: BOC will suspend the E-Token and disallow its access to online banking system. After the loss reporting, the user may renew the E-Token or cancel the loss reporting, after which the original E-Token will be in force again without applying for a new E-Token. If the user needs to renew the E-Token, he/she shall fill in an application form, and carry his/her valid identity certificates to apply for a new E-Token at an outlet designated by BOC after paying related fees. If the user needs to cancel the los reporting, he/she shall fill in an application form and carry valid identity certificates (and a power of attorney if not personally) and the relevant E-Token to handle it at any outlet designated by BOC.

  [ Close Window ]
Personal Banking Login
Personal Banking(VIP) Login
Corporate Banking Login



   Online Banking
   Mobile Banking
   Global Web Site
   Home Banking



 
  Site Map | Contact Us | Term & Conditions | Copyright | 京ICP证 060399
 
Copyright © BANK OF CHINA(BOC) All Rights Reserved.