Hotline : 

Current Position : Home > BOC MACAU > e-Banking > BOCNET (Personal)
Online Banking

Security Information

1. Statement on prevention of fraudulent websites

You are reminded to be vigilant of any fraudulent websites, which seek to pass off as

Unless you are certain that you connect to the website of our bank, do not provide any particular of your e-banking account.

Screens below are the certificate information in Internet Explorer:


Under no circumstances would send out any e-mail to ask for or verify customers' personal information, including but not limited to account number, PIN, account balance, ID card number or passport number. You should not access your e-banking accounts through hyperlink embedded in e-mail sent to you from any unknown source. It is always prudent to type in our web address into the browser address bar to ensure the security of your personal information.

Should you have any queries relating to the statement, please feel free to contact us.

2. What have we done to protect you?

•  With the use of 128 bits Secure Socket Layer (SSL) encryption, we ensure the security of your data during transmission.

•  Our web servers are protected by firewall systems to prevent unauthorized access.

•  Our system will monitor each login attempt. If there are several consecutive login attempts with incorrect password, the Online Banking service will be suspended immediately.

•  In the event that you forget to logout from the Online Banking service, the system will disconnect your online access automatically after a short period of inactivity to prevent unauthorized transaction.

•  Simultaneous login of the same User Name via another computer is not allowed.

•  We will not ask for customers' account number, password or any personal information via e-mails.

•  At welcome page of our Online Banking service, the personal "Safety Reminder" and "Personal Picture" will be display to ensure that your account works under safety. If personal Safety Reminder and/or Personal Picture have been set, please check your self-defined Safety Reminder and Personal Picture carefully at welcome page after login that helps you to distinguish this website whether counterfeits.

•  Our Online Banking Service provided "Two-factor authentication tools" to bringing maximum protection for your fund. You may apply it from our Bank for using the "Two-factor authentication tool". "e-Token" is ready for you that it is one of the "Two-factor authentication tools". In your request, you can login to Online Banking Services in addition to enter the login password and enter the OTP Passcode generated by "e-Token" which for carry out two-factor authentication. Two-factor authentication tool can also use in some high-risk transactions for confirmation that you can enjoy safe with the enhanced security of Online Banking.

3. What can you do to protect yourself?

a.Create and keep your password and personal information in proper ways

•  Do not use easy-to-guess numbers or words as your password, and avoid selecting the same password that you have used for accessing other web services.

•  Do not disclose your login name and password of your online banking service to anyone (including bank staff and the police). Avoid disclosing your personal information such as ID card number and date of birth.

•  Please memorize your password and never write down or record your password in a way that can be accessed easily by someone.

•  Please change your password regularly.

•  If you suspect your password has been disclosed, please contact us immediately.

•  You are recommended to reset the 'AutoComplete' option in your system to avoid the retention your User Name and Password in the browser. In the Internet Explorer window, select 'Tool' menu, then choose 'Internet Options' followed by 'Contents', then 'AutoComplete', and finally reset 'User names and password on forms' and confirm to complete the procedure.

b.Protect your personal computer against hackers and viruses

•  Download and install updates and patches for your operating systems and browsers regularly.

•  Install firewall systems on your personal computer.

•  Install anti-virus software on your personal computer. Update the virus definition file and perform virus scanning regularly.

•  Avoid downloading or installing programs from unreliable sources or opening suspicious files or e-mails. This helps protect your personal data from hackers' programs or viruses.

•  If you access our Online Banking Services via wireless network, please check your network security settings.

•  Always disable 'File and Printer Sharing' option in your computer, especially when you are internet-connected. You should pay attention to set share permissions to prevent others illegally through the internet to browser your computer and delete your file.

c.Take precautionary measures while you are using Online Banking Services

•  Do not access Online Banking Service from a shared computer in public such as cafes or bars with Internet access.

•  Do not login Online Banking Service through hyperlink embedded in any e-mail or search engine.

•  Close all other Internet browsers before accessing Online Banking Service. Do not open other Internet browsers or visit any other websites while you are using Online Banking Service.

•  Make sure no one can see your user name and account details when you login the Online Banking Service.

•  Check your last login and logout record every time you use our Online Banking Service. Check your account balance and transaction records regularly. If you discover anything suspicious, please contact us immediately.

•  Click the "logout" button to exit from the system after you have finished all your online transactions. Please always clear the cache and history in your browser after using our Online Banking Service.

•  Do not leave your computer before logout.

4. Using two-factor authentication tools

For enhance the security level of Online Banking Services, the Bank adopted the two-factor authentication tools that allows you to safer use of Online Banking Services. The Bank offers two-factor authentication tools, that including: "e-Token" and "SMS Passcode".

Two-factor authentication refers to using two different kinds of information, that is, you know the information (For Example: a user name and password), plus you have the tools (For Example: e-Cert, the security devices (e-Token) or mobile phone SMS OTP Passcode) in order to verify the user's identity.

a. How to use the e-Token

When you apply for the Bank's e-Banking services, indicating the need to use two-factor authentication login to Online Banking Services, then you are when you log in using the Online Banking user name and password, also need to enter the OTP Passcode generated by "e-Token" which for carry out two-factor authentication. Your financial information can lead to greater protection. Some online services, such as registration accounts, real-time transfer to a third party, which also requires you to enter the OTP Passcode to confirm, this will provide you with better protection.

•  What is OTP Passcode?

"OTP Passcode" is a numeric Passcode that refers to the established time of frame effectively and only used once. The Passcode from the "e-Token" provides for the verification of the identity of online banking user. When you apply to use the Bank to provide "e-Token" as the two-factor authentication tool, "e-Token" will give you hold, the "e-Token" has a small screen display and generates the regular 6-digit Passcode, which is the "OTP Passcode".

•  Is "OTP Passcode" always effective?

Each "OTP Passcode" will only be effective within a short time, such as more than when the OTP Passcode will be invalidate, and only use once. Because the "e-Token" will periodically generate a new Passcode, you use the latest show the Passcode can be.

•  Can use the OTP Passcode on a friend's "e-Token"?

It is not possible. When you apply to use the Bank's "e-Token" as the two-factor authentication tool, the Bank sent to you "e-Token" on behalf of your identity, only your "e-Token" produces "OTP Passcode" in order to process your online banking services.

b. How to maintain "e-Token"

After applied to use two-factor authentication, the client will receive an "e-Token", and using this instrument you are required to pay nominal fee. In addition to the natural period of validity is free of charge to replace damaged, you spontaneously ask for replacement, or damage due to improper use, or replacement of the due date, are required to pay nominal fee. Further assist you in proper maintenance of "e-Token", let there is the normal operation, please refer to the following considerations.

•  Let the "e-Token" to be stored in a safe place, not easy to be lost or unauthorized taking away.

•  Let the "e-Token" to be stored in dry and temperature stable places frequently. Do not let the "e-Token" exposure to extreme temperatures. If the "e-Token" was placed in the abnormally high or low temperature (for example, car trunk, clothes dryer, where directly affected by sun exposure, etc.) may cause damage the plastic shell, electronic parts failure, etc., and lead to "e-Token" failure.

•  Do not leave "e-Token" dip in water. The reason is "e-Token" design can only be water resistant, but not completely waterproof, "e-Token" will be lapsed after by flooding.

•  Do not leave "e-Token" from the trampling, high altitude dropping or allowed by other stress. "e-Token" designed only to withstand the pressure of everyday common, over-the shock and the weight will cause the "e-Token" damaged.

•  Do not open the "e-Token". "e-Token" has a wide range of anti-tampering features, forced open the "e-Token" will lead to equipment failure.

c. If the "e-Token" failure or lost, how do I to deal with?

•  Such as the loss of "e-Token", you should visit the Bank as soon as possible replacement of the new "e-Token" (are required to pay nominal fee).

•  If you live overseas, could not visit the Bank to replace or get a new "e-Token," or have any inquiries, please call the service hotline at (853) 888 95566 with the Bank's service staff.


If you find an "e-Token" has been lost or stolen, but not as soon as possible, notify the Bank, you will bear all the losses of your legal responsibilities.

d. Keep your "e-Token" in mind

Bring you a more secure online banking service, please bear in mind that:

•  Do not in the "e-Token" adding any personal information, such as the user name or login password, and should ensure that the password with the "e-Token" kept separately.

•  Do not use "e-Token" placed at random, or loan to other people.

•  If you suspect the BOCNET accounts are stolen or found in unusual transactions, please visit the Bank immediately or call the service hotline (853) 888 95566 to require the Bank to assist.

e.Using SMS two-factor authentication Passcode

Can either choose to use "e-Token", the Bank also offers using SMS to send two-factor authentication Passcode method. When you apply for the Bank service, indicating the need to use two-factor authentication log in to online banking services, then you are when you log in using the Online Banking to enter a user name and password in addition. The Bank will send your registered mobile phone SMS, after received SMS, you also need to follow the SMS Passcode on your mobile phone input, so that your financial information can lead to greater protection.

Some online services, such as registration accounts, real-time transfer to a third party etc. require you to enter "SMS Passcode" to confirm that this will provide you with better protection.

You should carefully check "SMS Passcode" issued by the Bank and its SMS data whether you handle the same as online services. If you have any doubts, do not enter the "SMS Passcode" to the webpage. We only send SMS to your registered mobile phone number.

You should also keep the two-factor authentication devices (to receive "SMS Passcode" device), in order to avoid misappropriation of the relevant online transactions.

If you lose the authentication tools / equipment, or suspected of authentication tools / equipment has stolen, or unauthorized accounts have recorded in the transaction, please contact with the Bank.

5. FAQs

a. What is Secure Socket Layer (SSL) 128-bit encryption?

Our online banking service uses SSL 128 bit encryption, which is one of the online security standard for commercial application. All data transmitted via online banking service is protected by this technology to ensure data security.

b. How can I enable 128-bit encryption to use online banking services?

For MS Internet Explorer Version 6.0 or later versions, Fire fox 3 or later versions, the browser have supported 128-bit encryption. If your browser has not supported 128-bit encryption, please change the browser for you to use online banking services, and ensured that it is protected by this technology.

c. What precautions should I take when I set up my password?

•  Do not use your date of birth, ID card number, telephone number or any combinations of your English name as your password.

•  Do not use 3 or more consecutive identical characters, e.g. "333", "bbb", etc.

•  Do not use sequential numbers or characters, e.g. "123", "abc", etc.

•  Do not use your user name or login ID as your password.

d. How often should I change my password?

You are advised to change your password regularly, or at least every 90 days.

e. How can I contact the Bank in case of having any question?

You may contact the Bank at the following hotline numbers according to the nature of your enquiries: Service Hotline:(853)888 95566

f. Why should I update my operating systems and browsers regularly?

You should check and download patches provided by software vendors to fix security loopholes of the operating systems or web browsers. This helps avoid unauthorized access or attacks of computer viruses or hackers.

g. What is a firewall?

A firewall is a program that helps protect your computer and your data from unauthorized access via the network.

h. Why should I update my anti-virus software regularly?

New computer virus appears from time to time. To protect your computer from the latest virus, you should update the virus definition file regularly. Most anti-virus software supports the automatic update or download of virus definition file. For details, please refer to the user manual of your anti-virus software.

i. What is Trojan Software?

Trojan software could stay in your computer system and capture your personal information when you login the online banking service. It can even record every input from the keyboard in order to obtain your user name and password. If you discover anything unusual when using online banking service, please do not input any information or password and contact us immediately.

j. What is Man-In-The-Browser Attack?

Man-In-The-Browser Attack is a kind of Trojan Software. Perpetrator can redirect your instruction to a fraudulent website or instantly modify your instruction placed via Online Banking Services. To protect your interest, please download and install updates and patches for your operating systems and browsers regularly. In the event that anything is found unusual when you are accessing Online Banking services, please contact us immediately and do not input any information or password.

k. What is Spyware?

Spyware can monitor and record your online activities (e.g. the websites you have visited), and send such information to unauthorized parties without your consent. To protect your interest, please do not install freeware in the computer with which you access Online Banking services.

l. Why should I be careful when receiving e-mails?

Viruses, Trojan software and hacker’s programs can be distributed via e-mails. Virus like "Worms" can even reproduce and deliver infected e-mails to the recipients in your address book. Hence, you should not open any unknown or suspicious e-mails but should instead delete them immediately. Please do not login online banking service through embedded links in any e-mails. You should also perform virus scanning before opening any attachment.

m. How should I setup the security settings of Wireless LAN?

•  Do not place the Access Point (AP) too close to doors and windows.

•  Turn off the power supply and disconnect from the wireless network after use.

•  Do not use the default SSID, enable the Wired Equivalent Privacy (WEP) encryption or other encryption technology and change the password for WEP keys regularly. Do not disclose the security setting of your wireless network to any third party.

n. Precautionary measures for using Internet

•  Disconnect from Internet after you have finished using online banking service.

•  Encrypt and secure your electronic storage media to protect your personal data from unauthorized access.

•  Do not save or keep your password in your browser, and disable the "Auto-Complete" feature to prevent others from obtaining your information via the browser.

•  Disable the "File and Printer Sharing" function and set up the proper access rights of your computer to avoid unauthorized access to your data via the network.

•  Do not download any illegal or unauthorized software to prevent infection of computer virus or Trojan software. Remember to perform virus scanning before opening any files from insecure sources.

Related Service