DS-Direct Internet Security

Dah Sing Bank DS-Direct Services Security Measures

DS-Direct Services provide the following security measures to ensure your banking information and account details are secure when you are using our DS-Direct Services:

Transport Layer Security (TLS) Encryption

TLS encryption is employed to ensure confidentiality. TLS is an updated and more secure version of Secure Socket Layer (SSL). It is internationally recognized standards on information security. All data and information transmitted between you and our Bank through the Internet is encrypted by TLS encryption. When you are using e-Banking Service, to ensure your online transaction information is encrypted, please look for the 'lock icon' in the address bar of your internet browser.

Personal Identification Number (PIN)

Your only way to access your account via DS-Direct service is to enter the correct combination of your Group ID, User ID and PIN. For security reason, your PIN will be temporarily suspended if you incorrectly key in your PIN and exceed preset maximum number of login attempt.
During the Internet Banking logon process, Dah Sing Bank will not ask customers to enter any numbers displayed on the web to the security device to obtain security code.

Firewalls

We also use firewalls to protect the inside of Dah Sing Bank's computer systems by refusing those entries that were unauthorized.

Automatic time out

DS-Direct service will be automatically logoff when there is no activity within the control time period in order to protect you against unauthorized access.

Security Team

To fight against computer hacker, Dah Sing Bank Security Team which keeps track to any attempts that would break into our security systems in order to ensure safe security. If you suspect there are unusual activities in your account, please promptly call the Security Incident Hotline at (852) 3101 3111 to report the incidence.

Last Logon Information

DS-Direct Services also provide you with the information required to be vigilant. Each time you logon, we provide information related to your last banking session. If you find any discrepancies, please contact us immediately.

Biometric Authentication service (Fingerprint/face print/app-specific Passcode Authentication/authentication token)

You must be a valid user of our DS-Direct Mobile Banking service;
You must install our DS-Direct mobile app on a designated mobile device;
You will need to register and activate the Biometric Authentication Service (i.e. fingerprint/face print/app-specific Passcode Authentication/authentication token) with your designated mobile device and choose at least one authentication means from fingerprint or face print or app-specific Passcode Authentication;
You must register the Biometric Authentication Service through the Bank's DS-Direct Mobile Banking by using your Group ID, User ID, password and a One-time password (OTP) and choose to use either fingerprint or face print or app-specific Passcode or authentication token for the purpose of login your DS-Direct Mobile Banking and/or DS-Direct Corporate Internet Banking and confirmation of transaction signing authorisation;
You understand that upon the successful registration of the biometric authentication or app-specific passcode authentication or authentication token on your designated mobile device, any fingerprint(s) or face print that is/are stored on your designated mobile device can be used for the purpose of the biometric authentication service. You must ensure that only the fingerprint(s) or face print of authorised person(s) is/are stored on your designated mobile device and keep safe of your designated mobile device, app-specific passcode, password, One-Time Password (OTP) and authentication token; Due to security reasons, you must not use another person’s biometric authentication or register biometric authentication on a "jail-broken" mobile device.
Upon the successful registration of fingerprint or face print authentication, any fingerprint(s) or face print that is/are stored on your registered designated mobile device can be used for Biometric Authentication. In this regard, you must ensure that the biometric credentials, i.e. fingerprint(s) or face print, stored on your registered designated mobile device are your own and should not allow anyone else to store his/her biometric credentials on your registered designated mobile device and that you only use your own biometric credentials to login the Dah Sing DS-Direct Mobile Application and/or confirm transaction signing.You must take all reasonable precautions to keep safe and prevent fraudulent use of your registered designated mobile device. You should notify us as soon as reasonably practicable if you know or suspect that your registered designated mobile device has been lost or stolen or that any unauthorised transactions have occurred.
Not to use ‘Face Print’ for authentication purpose if you have an identical twin sibling or you are an adolescence while your facial features may be undergoing a rapid stage of development, in which case you are recommended to instead use non ‘Face Print’ biometric authentication or app-specific Passcode authentication or authentication token to login and or confirm transaction signing authorisation in Dah Sing DS-Direct Mobile Application;
If you has activated Biometric Authentication Service in Dah Sing DS-Direct Mobile Banking Application and to enable the use of such Biometric Authentication to login and or confirm transaction signing authorisation in Dah Sing DS-Direct Mobile Banking Application (and any other mobile applications that we may support from time to time (for compatible devices only)), you must ensure that only your biometric credentials are stored on the registered designated mobile device.

Bank Services relating to Faster Payment Service

By using Faster Payment Service, please pay attentions to below information:

You must present genuine owner or authorised user of Proxy ID and accounts.
You can only register your own Proxy ID for your own accounts or set up eDDA for your own accounts.
You have to ensure that all the information provided by you for registration or amendment of Proxy ID (or any related records) or for any eDDA setup is correct, complete, up-to-date and not misleading. You have to notify us as soon as reasonably practicable of any changes or updates to such information by such means or in such manner specified by us from time to time.
You are fully responsible for using the correct and up-to-date Proxy ID and related records in giving each payment or funds transfer instruction.
You must comply with all Regulatory Requirements that govern your use of the Bank Services, including collecting, using and handling the personal data and other information relating to any other person in compliance with the Regulatory Requirements protecting data privacy. You must not use the Bank Services for any unlawful purposes or any purposes other than those authorised or contemplated in the rules, guidelines and procedures of HKICL.
You are fully responsible for giving instructions and information changes or updates to us on a timely basis for amending your Proxy ID (or related records) or any eDDA setup, including without limitation changing your Default Account, or terminating any Proxy ID or eDDA. You acknowledge that keeping your Proxy ID, eDDA and all related records up-to-date is critical for ensuring effective execution of payment and funds transfer instructions and for avoiding incorrect payment or transfer due to incorrect or outdated Proxy ID, eDDA or related records.
For any payment or funds transfer, once you confirm the details of a transaction and submit instruction to us, such instruction and any resulting transaction is final, irrevocable and binding on you.
For any Proxy ID registration or eDDA setup, once you submit an instruction to us, such instruction is irrevocable and binding on you. You may amend or cancel any Proxy ID or eDDA setup in accordance with the procedures and requirements prescribed by us from time to time.

Security Measures by Customers

To avoid unauthorized access to your account(s), you should refer to the security advice provided by the Bank from time to time and pay attention to the following points:

Take good care of your User ID, PIN and Device

The PIN of DS-Direct service is used to secure your online transactions. You shall take all reasonable steps to keep the PIN and any other device (including but not limited to personal computers, mobile devices) used for accessing DS-Direct Services safe, secure and secret to prevent fraud. In particular, you shall:

not disclose any personal information including logon PIN or OTP to any person through any means such as e-mail, over the phone or in person. (Not even to the Bank's employee, no Bank staff will ever ask for your PIN or OTP). You are suggested to memorize your PIN and destroy the PIN notification, then change your PIN after first successful login to the DS-Direct service.
avoid using easily accessible personal information as your PIN, such as your birthday, HKID number, phone number, or similar numbers.
not use same set of User ID and PIN from other internet sites.
not allow any person to use your PIN.
not write down your PIN on any device for accessing DS-Direct service or anything usually kept with or near the device.
not use your PIN for accessing other services (for example, connection to the internet or accessing other websites).
not write down or record your PIN without disguising it.
regularly change your PIN via our DS-Direct service (e.g. 1 month).
contact our Bank immediately if you believe that your PIN has been compromised, lost or stolen.
not share your devices with others and use your own devices to register the biometric authentication service (fingerprint / face print / app-specific passcode authentication / authentication token)
make sure that only your biometric data are stored on your permitted mobile device registered for the biometric authentication service which should be securely and safely kept at any time.

Never disclose your PIN and personal information

Dah Sing Bank will never contact you and ask you for your PIN and personal information for DS-Direct Services. These include your User ID, Credit Card Number, PIN, OTP, account number, identification/passport number, address, phone number etc.
On the other hand, Dah Sing Bank will never disclose such information in our e-mails other than your name for personalization purpose, nor ask you to confirm any personal data by replying to our email.

Protect your computer

Install a personal firewall on your computer. Personal firewall software is designed to prevent hackers from accessing the computer it is installed on. Installing a personal firewall is recommended especially if you are using a broadband connection. When installing such software, follow the manufacturer's recommendations for a 'conservative' accesses control.
Install and regularly update virus detection software. Virus detection software scans your computer and your incoming email for viruses and then deletes them. You can download anti-virus software from the websites of software companies or buy it in retail stores. To be effective, anti-virus software must be updated routinely. As a matter of precaution avoid opening any emails with attachments that you are not expecting, even if they are from known people.
Be very cautious about opening attachments in e-mails from unfamiliar sources, and avoid visiting or downloading software from suspicious websites.
If any unusual screens pop up and/or the computer responds unusually slow, customers are advised to log out from the Internet banking and scan the computer with the most updated version of virus protection software.

Protect your online transactions

Do not access DS-Direct service from public places or from shared computers such as those in cyber cafes. You never know what malicious programs might be installed on the PC you use there.
Always exit using the 'Logout' button to ensure you end each DS-Direct session securely.
When you've finished using the Internet, always disconnect. Avoid leaving your connection on, especially with broadband access, unless you're actively using it.
Always check the date and time of your last visit to DS-Direct service (we track it at all times and display it on the Welcome Page). If you suspect anything unusual, please contact Dah Sing Bank immediately.
Please take attention to review the transactions before confirmation. When your instructions have been accepted and confirmed online, they cannot be reversed and cancelled.
Review the transaction records regularly and report to the bank immediately if identify any suspicious transactions in the bank accounts.
Follow the Internet banking logon instructions and security tips published by the banks when conducting Internet banking transactions.
For your protection, kindly check your Bank statement regularly and report any unusual transaction to the Bank immediately. For statement information and customer enquiries, please call customer service hotline during office hours.

Alert to Email Scam

Email is one of the main communication channels for both personal and commercial dealings. Nowadays, fraudsters would hack email accounts, and cheat recipients by all possible means to make remittances. Some victims have suffered significant amount of losses in some cases. You shall be alert to suspicious emails and raise your awareness in preventing this kind of scam, such as taking the initiative to confirm the true identities of recipients by telephone, facsimile or other means before remittances so as to prevent such kind of scam. Please read "Security Measures by Customers" (above) to mitigate the risk of hacking.

Make sure you are connected with Dah Sing Bank, Limited

Recently, there are some fraudulent websites that mimics the look of the financial institution's website to capture your usernames, PIN and other personal and confidential banking details. Thus, it is important to make sure that you are connecting with Dah Sing Bank.
To stay away from connecting with a fraud website, never access the internet banking accounts through hyperlinks embedded in email, Internet search engines, suspicious pop-up windows or any other doubtful channels to start a DS-Direct session.
Customers should connect to a bank website through typing the authentic website address in the address bar of the browser or by bookmarking the genuine website and using that for subsequent access. If customers find the website of the bank suspicious, they should not enter any information (including user ID, password and OTP) to the website and should report to the bank immediately. Always logon directly from your browser or select from your favourite if you have already added DS-Direct Service to your list of favourite internet sites. This will avoid you from being sent to a false site.
Remember: No e-mail from Dah Sing Bank will contain a hyperlink to our internet banking logon page.

To ensure that you are connecting with Dah Sing Bank, Limited, look for closed security padlock

at the bottom right corner of your Web browser before you enter your User ID and Password or important personal information. A closed security padlock

indicates a secure connection. Clicking the closed padlock will show you the digital certificate details.

Sample screen shot of Internet Explorer's certificate for your reference:

Note: After clicking the security padlock and you find the certificate contains any message different from what is illustrated above, please contact Dah Sing Bank, Limited for more information or assistance.

Security Tips for Dah Sing DS-Direct Mobile Banking

You shall take all the reasonable steps to keep Dah Sing DS-Direct PIN used for accessing Dah Sing DS-Direct safe, secure and secret to prevent fraud.
Always logout Dah Sing DS-Direct immediately after using the service.
Check what Apps are running in the background mode and stop unnecessary Apps from running in the background.
Regularly login to check the account balances and transaction history.
Please use authorized or official Apps from recognized suppliers on your mobile device.
Do not jailbreak, root or pirate your mobile device. Moreover, those devices cannot be used to access our services. The operating system must be legitimate and unaltered.
Keep the operating system of your mobile device and Apps up-to-date.
Do not leave your mobile device unattended.
Enable the automatic locking function of your mobile device and set unlock password.
Only use secure network to connect your mobile device to the internet.
Bank will not send emails to customers with embedded hyperlinks or QR code to the transactional websites or Internet Banking Mobile Apps.

Security Tips for Faster Payment Service (FPS)

You shall be responsible for taking the reasonable steps to ensure the safe use of Faster Payment Service (FPS), including:

When you have successfully registered FPS proxy identifier, transferred funds or received funds. The Bank will send you SMS or email notifications promptly. You should check it in a timely manner. If any suspicious activities are found, you should contact the Bank immediately.
Carefully verify the payment details (either input by yourself or by scanning the FPS QR Code) of each transaction before payment submission.
If you would like to use the FPS QR code for funds collection, please note that the QR Code have embedded your registered FPS proxy identifier (i.e. FPS ID). Thus, third party information is readable by scanning the FPS QR Code. Please only show it to others when necessary.
Avoid sharing with others to use your mobile device or using others’ mobile device to register FPS service and make transactions.
Do not allow to store or automatically fill in your usernames, passwords, account numbers and other sensitive information on your mobile phone, including the storage in any applications.
If it is found or believed that your mobile devices have been compromised, lost or stolen, or these is/are unauthorized transaction(s) in your account, and your account has been used for unauthorized transactions, you should contact the Bank immediately.

Internet Privacy Policy Statement

It has been our policy and priority to safeguard any information provided by our customers. We will strictly comply with the requirements of the Personal Data (Privacy) Ordinance. That means the internationally recognized standards of personal data protection will be followed or even exceeded where possible. It has been our commitment to train and enforce our staff to practise this Privacy Policy.

In visit to our website, we collect no personal data from any customer for only browsing, except updating the statistics on the number of visitors. Throughout the website, only the necessary information for applications / enquiry will be collected, and the customers will be informed of the purposes and uses, retention period, possible transfer and disclosure and the right of access to and correction of the collected information on the respective screens. In order to ensure the security and confidentiality of personal data we collect, encryption techniques have been applied for data transmission. We will not collect any information from customers without notice. In addition, we will not gain access to any personal information stored inside the mobile devices when checking if the mobile devices have been jailbroken.

Once we obtain customer's personal information, only the authorized staff will be permitted to access to that information and it will not be revealed to any external organizations without customer's agreement unless it is required to do so by law. From time to time, we may send promotional materials regarding our products to customers according to the collected information. We will stop sending the materials to customers when they show us their preferences by writing or talking to us.

We use "cookies" as part of our interaction with your browser. "Cookies" is a small bits of information retrieved by this site. We may use this information to measure response rates to banner ads and e-mail offers, and to advise you of products, services, and other marketing materials which we think you may have greatest interest in. If you wish, you can disable these cookies by changing the setting of your browser. However, you will be unable to access certain sites where you will be accessing your confidential account information because cookies are essential part of site administration and security.

For more details, please click here

*The Chinese version is for reference only. If there is any conflict between the English and the Chinese versions, the English version shall prevail.