Internet banking

Personal finance
Online trading
Cyber security

Internet banking can be a convenient and flexible way to manage your money. It allows you to perform banking transactions like checking your bank account and credit card balances, making transfers between accounts as well as paying bills whenever you can access the internet safely.

Protect yourself when banking online

While enjoying the ease of internet banking, there are important things to remember to protect yourself when banking online:

  • Never disclose your personal logon and security details such as account number, PIN and security code to anyone including bank staff and the police.
  • Avoid accessing your bank account with public computers (eg cyber cafes) and close all browser windows before logging on to internet banking.
  • Monitor and report any unauthorised and unusual transactions in your statement and contact your bank immediately if you suspect that you have been a victim of online fraud.
  • Never respond to any unsolicited e-mail that asks you to validate your logon or account details.
  • Never use hyperlinks in emails or internet search engines to log on to internet banking.
  • Always disconnect from the internet when not using it.
  • Install reputable anti-virus or security protection programme on your computer.
  • Always shred confidential/personal information before disposing.

Common online banking risks

  How to reduce risks? Watch out for
Identity theft

Identity theft is when someone steals your personal information, such as your name, ID card number, credit card or bank account number to obtain benefits in your name.
  • Never give out personal information on the telephone or on social media platforms.
  • Use a shredder to destroy bills or other documents that contain your personal information.
  • Only use secure websites when making online financial transactions.
  • Contact your credit card or utility companies if statements and utility bills do not arrive regularly by post.
  • Ask a trusted person to collect your incoming postal mail if you go away on holiday.
  • Any suspicious activity or unauthorised transactions in your accounts or on your social media websites.

Keylogging is a type of software or hardware device used by criminals to record every keystroke you make on your computer, including usernames, passwords, e-mails and the websites you access.
  • Use an anti-virus programme that has a regularly updated keylogger protection database.
  • Always use a firewall.
  • Consider using a virtual keyboard.
  • Never use an untrusted computer to access your online accounts.
  • Update your browser to the current version.
  • If you use a PC in a public environment, like an office, check if someone has attached a keylogging device between your keyboard and the computer.
  • Any suspicious activity or unauthorized transactions in your accounts or on your social media websites.

Phishing is a form of online fraud involving e-mails claiming to be from your bank or other reputable company. Criminals attempt this ruse to set up beneficiaries on your accounts then transfer your money to their account.
  • Never respond to e-mails that ask you to go to a website and update your details and input personal data. Your bank will never send you an unsolicited e-mail asking for this information.
  • Never click on the links, and delete the message immediately.
  • Set time periods
  • Any e-mails purporting to be from your bank, credit card issuer, on-line shopping or payments websites such as eBay or PayPal, or any other site that asks for personal information.
  • Any suspicious activity or unauthorised transactions in your accounts or on your social media websites.
Mobile Phishing

There are a variety of ways phishing scams can be deployed via mobile. The most common method is for a fraudulent company to contact random people via email claiming to represent their financial institution.
  • Read through the terms of the app and permissions required by the app, be sure you understand the risks disclosed to you.
  • Ensure you only download apps from official, and authorised app stores.
  • Be especially vigilant when contacted by unknown parties claiming to represent your financial institution and inviting you to download "a new security app" for your smartphone. This may be harmful malware capable of corrupting your phone and intercepting important activity, such as mobile banking sessions or SMS tokens.
Mobile Device Malware

Malware, short for malicious software, is software specifically created to access your technological devices covertly, often with the intention of stealing your information for profit. Malicious software like trojan horses can be installed without your knowledge when you follow a link, open an attachment or download software from a fraudulent email or text message.
  • Don't download software until you've verified its security and privacy features.
  • Install anti-malware software that's specifically designed for your mobile.
  • Be suspicious if you get lots of unsolicited emails or text messages - it could mean you have a malicious programme on your phone.
  • From time to time, your mobile manufacturer or dealer may release software updates for your phone. Keep an eye out for these and install them regularly.


Although technology is making banking more convenient, it's also important to be aware of the risks.The Hong Kong Police Force's Technology Crime Division explains a number of common online crimes to be aware of, and also offers a range of tips for smart netizens. You can also learn more about internet banking security on the HKMA's website.