Octopus Online Service Safety Guide

Similar documents
Best Practices Guide to Electronic Banking

Web Cash Fraud Prevention Best Practices

7. How do I obtain a Temporary ID? You will need to visit HL Bank or mail us the econnect form to apply for a Temporary ID.

Mobile Security for Android devices

3 Citi Wallet Service - FAQ. 1) Get Started Q1. How can I become a 3 Citi Wallet user?

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Business Online Banking & Bill Pay Guide to Getting Started

Terms and conditions of use for the Online and Mobile Banking Service

PIN / Password Security

FAQs about Mobile Banking. Mobile Banking is a channel to access Cyberbanking service through BEA App or a web browser of your mobile device.

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

FAQ. Usually appear to be sent from official address

Frequently Asked Questions on One Page Internet Banking

Frequently Asked Questions (FAQ)

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Mobile Banking App Guide (ios and Android Apps) Mobile Banking App Guide (ios and Android)

Taking control of your finances... 5 Use these tips to manage your finances

Guide to Getting Started. Personal Online Banking & Bill Pay

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

The Bank of East Asia, Limited, Macau Branch BEA Macau iphone Application FAQs for Mobile Banking Service (for iphone, ipod touch, and ipad users)

Consumer Banking User Guide. Getting Started

YOUR GUIDE TO ANZ INTERNET BANKING

Cyber security tips and self-assessment for business

Page 1 of 6 Bank card and cheque fraud

Personal Online Banking & Bill Pay. Guide to Getting Started

ANZ FASTPAY USER GUIDE

Keeping your healthcare information secure: Simple security and privacy tips

Payment Systems Department

1. Security of your personal information collected and/or processed through AmFIRST REIT s Web Portal; and

Guide to credit card security

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

ANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS

HSBC Expat Mobile Banking

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Privacy Information - Privacy and Cookies Policy In Full

Guide to Personal Online Banking. Great Things Happen!

Course Outline (version 2)

digital banking application

Seite 1 von 20

Mobile Banking App Terms of Use

Safety and Security. April 2015

Security and Fraud Awareness

A guide to the Cyber Essentials Self-Assessment Questionnaire

1.1. HOW TO START? 1.2. ACCESS THE APP

Revision of HSBC Bank Malaysia Berhad ( HSBC Bank ) Universal Terms and Conditions

A guide to the Cyber Essentials Self-Assessment Questionnaire

Why was an extra step of choosing a Security Image added to the sign-in process?

Discussion Ppt To work on completing questions you need your book and exercise copies

/ 1. Online Banking User Guide SouthStateBank.com / (800)

It s still very important that you take some steps to help keep up security when you re online:

BEST PRACTICES FOR PERSONAL Security

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

(1) Top Page. Before Using GCMS Plus. Chapter3. Top Page. Top Page is the initial screen displayed after you log in. My Menu

NEW MAYBANK APP FAQ GENERAL

Online Services User Guide

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

Client Resources. participant guide

ELECTRONIC BANKING & ONLINE AUTHENTICATION

CONTENTS INTERNET BANKING GUIDE

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

ECDL / ICDL IT Security. Syllabus Version 2.0

MTR CORPORATION. User Guide for E-Tendering System R3.16 TABLE OF CONTENTS SYSTEM REQUIREMENT... 1 NEW SUPPLIER / CONTRACTOR REGISTRATION...

Internet Banking. Getting Started Guide New Zealand

ANZ TRANSACTIVE ADMINISTRATOR GUIDE

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

SECURE USE OF IT Syllabus Version 2.0

Grenada Co-operative Bank Limited. User Guide

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

INTERNET SAFETY IS IMPORTANT

PLEXUS PAY PORTAL YOUR HOW-TO GUIDE

Simple and Powerful Security for PCI DSS

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]


Mobile Banking Frequently Asked Questions

Your security on click Jobs

/ 1. Online Banking User Guide SouthStateBank.com / (800)

Online Banking Service FAQ(Corporate)

2 User Guide. Contents

Installation guide Swisscom Mobile Security for Android Devices

Century Bank Mobile. Android and iphone Application Guide

Welcome to First Security Mobile

EU Login Version 1 7 March 2017

PRACTICING SAFE COMPUTING AT HOME

Internet Banking. Getting Started Guide Australia

SECURE2U. [Type text]

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

Corporate Internet Banking Service FAQ

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

iphone User Guide & Manual

Online Security and Safety Protect Your Computer - and Yourself!

Cyber Security Practice Questions. Varying Difficulty

Customer can access the service through Internet and Mobile browser.

Newcomer Finances Toolkit. Fraud. Worksheets

User guide Handelsbanken s card reader

ADP Security Management Service

Internet Banking User Guide

FFIEC CONSUMER GUIDANCE


Transcription:

Octopus Online Service Safety Guide This Octopus Online Service Safety Guide is to provide you with security tips and reminders that you should be aware of when using online and mobile services provided by Octopus Cards Limited ( us, we, our, our company, OCL ) 1. When using online services provided by OCL 1.1. Do not use untrusted mobile devices or public computers to access our services. 1.2. Access the OCL website only by entering http://www.octopus.com.hk in your web browser. 1.3. Only download Octopus mobile applications through links from the OCL website http://www.octopus.com.hk or authorised app stores Google Play Store or Apple App Store. 1.4. To use Smart Octopus, only download authorised mobile payment applications from authorised app stores. 1.5. When carrying out online transactions provided by us via an Internet browser, a padlock image will appear. When you click on the lock, a digital certificate issued to our company will be shown. 1.6. When carrying out services with Octopus cards and products ( Octopus ), you are required to provide the Octopus number and the bracketed digit for validation and authentication. You can use your registered Octopus ( Registered Octopus ) for making online payments after successful registration. 1.7. Remember to close the services and log out (if applicable) after you have finished using it. 1.8. We will not display your personal information in any emails or short messages (SMS) sent by OCL, or ask you to confirm any personal data or credentials such as password by replying to an email or SMS sent by OCL. 1.9. When using Octopus Online Payment 1.9.1 During the purchase process, the online merchant may request information such as your name, email address, phone number and shipping address for the fulfilment of your purchase. Unless otherwise specified, such data will not 1 / 9

be shared with or kept by OCL. 1.9.2 Except for issuing a receipt for a charitable donation, OCL will not collect your personal information when you use the online payment service. 1.9.3 If you wish to request a receipt for your charitable donation, you may choose to provide your name, email address, phone number and postal address, through us, to the charity organisation. 1.9.4 Before confirming a payment, verify the payment details including the recipient, amount and donation type/bill type (if applicable). 1.10. When using Octopus O! epay ( O! epay ) Service 1.10.1. Only apply your O! epay account through designated channels. 1.10.2. When applying for an O! epay account, OCL may ask you to provide information such as your name, email address, phone number, and an image of an identification document. These data are securely stored in our servers for the purposes of O! epay application and customer service. Details of the purpose(s) and use of your personal data can be found in the Conditions of Issues of Octopus. 1.10.3. To use the O! epay Fund Transfer with Bank Service, OCL will ask you to provide information such as your bank and bank account number, and use your full name and O! epay account number for setup and operation of the service. These data are securely stored in our servers for operating the service. Details of the purpose(s) and use of your personal data can be found in the Terms and Conditions Relating to Fund Transfer with Banks under Octopus O! epay Service. 1.10.4. Do not disclose your password to anyone. Do not write it down and please change it regularly. Choose a strong password with alphanumeric combinations that is difficult to guess. 1.10.5. OCL will never ask for your password when communicating with you. 1.10.6. Please be ensured that we only rely on ios / Android to store and authenticate your biometric data (e.g. fingerprint) and will not capture or store any of these data. 1.10.7..Before enabling fingerprint, ios Touch ID or other biometric data for login to your O! epay, please ensure such data includes no others to prevent any unauthorised access to your O! epay account. 1.10.8. Review requests from others carefully. When other users invite you as a friend, the mobile number will be shown for your review prior to approval. Please make sure the other user is someone you know and is trustworthy. 2 / 9

1.10.9. You will receive payment requests and payment reminder notifications only in the Octopus App. Such notifications will not be sent to you through email or SMS. You can review each payment request in the transaction history section under O! epay of the Octopus App. 1.10.10. Before accepting a payment request or sending a P2P payment, review the payment details carefully, including the recipient and the payment amount. All payment transactions of O! epay are final and irreversible upon confirmation of the payment instruction. 1.10.11. If you want to changed your mobile phone number or other personal information, please call the Octopus Customer Service Hotline at 2266-2222 at your earliest convenience, to update your record with us. 1.10.12. If you have changed your email address, you should update your email address through your Octopus App as soon as possible, to avoid missing any important notifications. 1.10.13. Please input your mobile number carefully, in order to receive SMS notification alerts for your O! epay account. 1.10.14. Check your O! epay account and Registered Octopus transactions regularly. If you have any question or find any suspicious activity, please immediately call the Octopus Customer Service Hotline at 2266-2222. 1.10.15. You can keep your O! epay account monthly statement by downloading it through the Octopus App. 1.11. When using Smart Octopus 1.11.1. Always access your authorised mobile payment service user account through an official or authorised app, or through the authorised mobile payment service provider s website. 1.11.2. Always use an authorised mobile payment application for your Smart Octopus. 1.11.3. When applying for a new Smart Octopus, OCL may request information such as your name and mobile number. Information you provide will be securely stored in our servers for refund purposes only. Read the Conditions of Issue to learn more. 1.11.4. Your name and mobile number will be required if you apply for a refund of your Smart Octopus via the OCL website. The mobile number will be required for you to receive an SMS verification code during the refund application. 1.11.5. If you have changed your mobile number, please call Octopus Customer 3 / 9

Service Hotline at 2266-2222 at your earliest convenience to ensure your contact information is up-to-date. 1.11.6. Keep the authentication password (if applicable) for your authorised mobile payment application in good custody. Do not write it down and change it regularly. Choose a strong password with alphanumeric combinations, which is difficult to guess. OCL will never ask for your password. 1.11.7. If you are using a mobile device that supports iris or fingerprint authorisation, you may choose to use it to authorise online transactions or other Smart Octopus functions. Be aware that Octopus relies on your authorised mobile pament service provider to store and authenticate your iris/fingerprint data; Octopus does not capture or store any of such data itself. 1.11.8. Before applying the iris or fingerprint authorisation, ensure it only covers the Smart Octopus user. This is to prevent any unauthorised usage of the Smart Octopus. 1.11.9. Check your registered Smart Octopus transactions regularly. If you have any question or find any suspicious activity, please immediately call the Octopus Customer Service Hotline at 2266 2222. 2. What is OCL doing to protect you? 2.1. Our servers and infrastructure are protected by firewall and intrusion prevention/detection systems to prevent unauthorised access. 2.2. All communications between our servers, your device and Octopus are transmitted with industry recognised encryption standards. 2.3. If a transaction is not completed within a set period of time, it will be cancelled automatically. 2.4. Our system logs the usage of each Octopus for online services. If there are five attempts at inputting non-matching Octopus number, the online functions of the Octopus will be suspended for 24 hours. 2.5. To ensure transactions are carried out securely, the mobile application provided by OCL may block your access if your mobile device has been detected as rooted or jail-broken. We will not access other information in your mobile device when detecting your device s status. 2.6. For Octopus Online Payment 2.6.1. The merchant information and transaction amount are shown on the Octopus App or website, allowing you to check the merchant name and amount prior to 4 / 9

making a payment. 2.6.2. When using an online payment service with Octopus PC Reader: (i) The service is provided to you on a website via an https connection. Make sure there is a padlock displayed on your browser when using the Octopus Online Payment service. When you view the certificate, it will show OCL as the owner. (ii) Transport Layer Security is used when you use Octopus Online Payment. Your information input in Octopus Online Payment is encrypted before transmission through the Internet. No one except us or an authorised party with the key will be able to read it. Octopus Online Payment uses 128bit encryption which conforms with industry encryption standards for secure information transmission through the Internet. (iii) When using web-based Octopus online payment, the domain for payment transactions is https://www.online-octopus.com. 2.7. For O! epay Service 2.7.1. You can access your O! epay account from two registered devices at any time. 2.7.2. When using O! epay, we will display the last login attempt and status. If you find any suspicious activity, please call Octopus Customer Service Hotline at 2266-2222 immediately for investigation. 2.7.3. When using the service, your login session will expire after a set period of idle time. 2.7.4. When you contact us to enquire about the operation of your O! epay account, we will ask for the authentication code of your O! epay app or personal information to authenticate your identity. for the protection of your account information. 2.7.5. A verification code will be sent to your registered mobile number through SMS when you login from a new mobile device or increase your daily transaction limit. The SMS will include the verification code and the purpose of that transaction. Please review the SMS content before entering the verification code in the Octopus app. If you receive any suspicious SMS relating to the service, please report to us immediately for investigation, by calling the Octopus Customer Service Hotline at 2266-2222. 2.7.6. If you have subscribed to SMS forwarding service from your mobile network operator, the SMS will not be forwarded, regardless of the service setting. You are also reminded not to forward the SMS verification code to other mobile devices. 2.7.7. We will temporarily suspend your account if we detect a series of unsuccessful login attempts. If you find your account locked, please contact our Customer 5 / 9

Service Hotline at 2266-2222 for assistance. 2.7.8 We will provide updates on your account activities by push notification messages/emails. For important transactions such as device registration/deregistration, and adding payee/friend, notifications will be sent via both push notifications and to your registered email address. Please check these activities in a timely manner and if suspicious activities are found, please immediately call the Octopus Customer Service Hotline at 2266-2222. 2.7.9 After you have added a new friend or register a new Octopus to your O! epay Account, a daily summary will be sent to your email address. Please check such activities in a timely manner and if suspicious activities are found, please immediately call the Octopus Customer Service Hotline at 2266-2222. 2.7.10 We will never ask customers to validate their personal and/or account related information (e.g. ID number or login password) by emails or through any hyperlinks embedded in such emails. 2.8. For Smart Octopus 2.8.1. Each authorised mobile payment service user account can only link with one Smart Octopus. 2.8.2. Like other Automatic Add Value Service (AAVS) users, Smart Octopus holders can enjoy the lost card reporting service and request a refund via the designated channels. 2.8.3. You can opt to provide your name and mobile number to us at provision of your Smart Octopus. The information will be used for refund process. A verification code will be sent to the mobile number you provided to verify your identity in case of refund. 2.8.4. You will be asked to provide your Smart Octopus number and personal information to verify your identity if you contact us to enquire about your Smart Octopus operation. 2.8.5. You will receive a notification via your registered email account in case you transfer your Smart Octopus to a new mobile device. You are required to login to your authorised mobile payment service user account with the new device before transferring the Smart Octopus to it. 2.8.6. A push notification with transaction information will be sent to you after each transaction. You will be able to view a maximum of 40 transaction records at the Smart Octopus enquiry page at your device s authorised mobile payment application. You are advised to check your transaction records in a timely manner. 6 / 9

2.8.7. Please note that the verification code SMS will not be supported under the SMS forwarding instruction of your device or from your mobile network operator. You are also reminded not to forward the SMS verification code to other mobile devices. 2.8.8. OCL will never ask customers to validate their personal and/or account-related information (e.g. registered email or login password) via email or hyperlinks embedded in emails or SMS. 3. What to do to protect yourself? 3.1. Do not leave your Octopus unattended. This protects you against unauthorised registration and usage of online payment. 3.2. Do not leave your mobile device unattended. Otherwise, someone may steal the device and use the Smart Octopus installed in it, and/or retrieve the information you have stored in it without you realising. 3.3. Enabling the screen lock function of the mobile device can prevent your personal information, such as messages, browser history and your contact list being accessed by others. 3.4. Use the remote locate and remote erase features, if available, so that if your mobile device is lost you can locate it or erase the information it contains. 3.5. Do not click on any links attached in emails or SMS that ask you to start a payment transaction. 3.6. When using an online service on your mobile device, be extra careful regarding the security arrangement, as it may not be on the same level as online services provided through personal computers. 3.7. When setting your password: - Avoid using the same password you use to access other services. - Do not use easy to remember personal information, such as your contact numbers, date of birth, HKID card number or licence number as part of your password. - Use a combination of upper, and lower case letters and numbers to make the password difficult to guess. - Do not write down your password or store your password on any computer or mobile device. Change your password regularly. 3.8. When using O! epay, beware of any abnormal login process, suspicious popups or request for additional personal information. Logout off your O! epay account after using it. 7 / 9

3.9. Registration of partial Octopus number is required as a safety precaution for online payment and enquiry. For added protection, you may consider using a protective shield holder, to further protect against potential unauthorised use of your Octopus. 3.10. Registration of Smart Octopus is required as a safety precaution for online payment and fund transfer with O! epay. 3.11. In general, you may turn off wireless connections (e.g. WIFI/Bluetooth/NFC) when not using them, as a safety precaution. 3.12. Check your Octopus transactions. If you find any suspicious transactions, immediately report to us for investigation by calling the Octopus Customer Service Hotline at 2266-2222. 3.13. Use legitimate software from original sources, as this will reduce the chance of contamination by a computer virus or spyware. 3.14. Do not jail-break, root or modify the operating system, as doing so reduces the system stability, making it vulnerable to attacks by computer viruses and spyware that can cause harm or theft of your personal information. We may be unable to provide a service you request on a jail-broken or rooted mobile device. Also, do not use pirated software or software from unknown sources, as this may have been tampered with or infected by spyware or a virus or otherwise altered since the original software package. This may increase the risk of your mobile device being infected by virus, spyware or other software that can harm your device or enable theft of your personal information. 3.15. Regularly update your operating system, to maximise security of the mobile device software. Also use the latest versions of mobile apps. Download and apply security patches to mobile devices when they become available, for prompt protection against known security vulnerabilities. 3.16. Use anti-virus software and update it regularly, to protect your mobile device against computer virus attacks from numerous sources. Moreover, you also need to regularly update the virus definition file, to effectively protect your mobile device. For details, please refer to the Help section of the software. 3.17. Use anti-spyware software and update it regularly, to help block malware or spyware from being installed on your mobile device and tracking your usage behaviour. Some anti-spyware software can also detect and block phishing websites, and help you differentiate official sites from fraudulent ones. 3.18. Use firewall software and update it regularly. This may have been bundled with 8 / 9

your operating system or you may install firewall software from third party suppliers. Keep your firewall software up-to-date regularly, to protect your computer or mobile device from network attacks. 3.19. Using wifi relies on radio signals, so there's a chance that people nearby can access your network without your prior approval. If using your own wireless router, safeguard the connections with password-based secured access or encryption. 3.20. Fake/phishing emails may pretend to be from OCL, and attempt to trick you into providing your personal information. OCL will never ask for your personal information or password through emails or links in the emails. Do not open, reply to or click within these emails. 3.21. Spam emails may include links diverting you to some fraudulent sites. They may be disguised as being from companies you have dealt with previously, and attempt to gain your trust and obtain your information. Be extra careful when handling spam emails, and maybe minimise the number of them reaching your inbox by using the spam block / filter function of your email client or online email service provider. 3.22. Beware of look-alike websites, which fraudsters and scammers set up resembling websites you trust, asking for your personal or private information. Be very careful to ensure the pages you visit are actually of your trusted companies by checking their URLs. 3.23. For smart tips and an educational video provided by the Hong Kong Monetary Authority, please refer to this link. 9 / 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback