Important Information
Statement on Prevention of Fraudulent Websites
Protection Offered to Customer
How to Ensure Online Transaction Security?
Using Two-Factor Authentication Tools
Frequently Asked Questions
|
- Users are reminded to stay vigilant to anything abnormal when logging into online banking service (e.g. unusual pop-up screens, slow browser response, multiple requests for password input, etc.).
- The bank will not enquire user’s account number, password and other personal information by email, SMS, or by phone. The bank will not ask users to log into online banking services through hyperlinks embedded in any emails.
|
- User should keep vigilance against any fraudulent websites which try to feign as WLB Online Banking (Corporate) ’s website https://ecbs. wlbank.com.mo .
- Unless user is certain that he/she is connected to the website of WLB, particulars like his/her online banking user ID as well as passwords should not be provided.
- The Bank adopts the extended validation (“EV”) Secure Socket Layer (“SSL”) certificate. User can click the digicert icon or check the right side of the browser address bar, which shows a green sign, to verify the website by checking the certificate details including “domain name as issued to”, ”issued by” and “Validity” fields. Please note that the layouts would be different in accordance to different browsers. For details of the EV SSL certificate, please refer to the website of digicert, which is the issuer of the certificate.
The following screen shots are the two check up methods of our security certificate information in Internet Explorer 11:
Method 1:
Click “digicert” icon displayed on login page
Check certificate information in digicert website (e.g. whether the site name shown on the certificate information screen and the URL of WLB Online Banking (Corp.) currently navigating by user are same as “ecbs. wlbank.com.mo”)
- Under no circumstances, the Bank would send out any emails to ask for or verify customers' personal information, including but not limited to account number, user PIN, account balance, user’s ID card number or passport number. User should not access online banking services of his/her corporate or organization through hyperlinks embedded in emails sent to him/her from any unknown source. It is always prudent to type in the Bank’s web address into the browser address bar to ensure the security of user information.
- The Bank would not, for any reason, request user to change his/her password on the page directed from any hyperlink.
- Should user has any queries relating to the statement, or encounter any suspicious cases, please feel free to contact the Bank.
|
- T The certificate of WLB Online Banking (Corp.) is issued to the site " ecbs. wlbank.com.mo, Banco Well Link, S.A. Macao " by digicert
- With the use of 256 bit Secure Socket Layer (SSL) encryption, the Bank ensures the security of user data during transmission as well as the prevention in any steal of password by third party.
- The Bank’s web servers are protected by firewall systems to prevent unauthorized access.
- The Bank’s system will monitor each login attempt. If there are several consecutive login attempts with incorrect password for a user, the user’s online service will be suspended immediately.
- In the event that user forgets to logout from the Online Banking service, his/her online access will be disconnected automatically after a reasonable period of inactivity to prevent unauthorized transaction.
- Simultaneous login of the same User ID via another computer is not allowed.
- The Bank will not ask for user password via any means.
- Extra code (6 digits) is generated randomly on the login page for preventing any hacking program perform continuous retrials of password inputs.
- When user logs on WLB Online Banking (Corp.) and enter the main page, user’s last successful and last unsuccessful login time would be displayed. Should user find any abnormal login record, please immediately change his/her password and contact the Bank.
|
Create and keep user’s password and personal information in proper ways
- Do not use easy-to-guess numbers or words as password, and avoid selecting the same password that user has used for accessing other web services.
- Do not disclose the user IDs and passwords of corporate/organization customer’s online banking service as well as the users’ personal information, such as ID card number, date of births, etc to anyone (including bank staff and the police).
- Please memorize password and never write down or record password in a way that can be accessed easily by someone else.
- Please change password regularly.
- If user suspects his/her password has been stolen and used by someone else, please contact the Bank immediately.
- User should disable the browser setting about storing his/her inputted user name or password. Cancellation methods vary in response to the browser, please understand and set it on his/her own.
The following screens are the example of disabling setting about storing inputted user name or password in Internet Explorer 8:
Step 1: Select the IE browser menu path: Check “ ”icon→【Internet Options】
Step 2: Select the “Content” from the “Internet Options” dialogue and click “Settings” button listed in the “AutoComplete” section.
Step 3: Uncheck the “User names and passwords on forms” option
Protect user’s computer against hackers and viruses
- Download and install updates and patches for computer’s operating systems and browsers regularly.
- Install firewall systems on user’s computer.
- Install anti-virus software on user’s computer. Update the virus definition file and perform virus scanning regularly.
- Avoid downloading or installing programmes from unreliable sources or opening suspicious files or emails. This helps protecting user’s personal data from hackers' programmes or viruses.
- While user is using network computer to access internet and sharing files as well as printers with other persons, user should be aware of the settings about the sharing authority in preventing other outsiders to browse the user’s computer and delete user’s files illegally from internet.
- Should user accesses WLB Online Banking (Corp.) via wireless network, security settings enhancement would be needed.
Take precautionary measures while using online banking service
- Do not access online banking service from a shared computer in public such as cafes or bars with Internet access.
- Do not login online banking service through hyperlinks embedded in any emails or search engines.
- Close all other Internet browsers before accessing online banking service. Do not open other Internet browsers or visit any other websites while user is using online banking service.
- Make sure no one is around the user when he/she login the online banking service in preventing the disclosure of user ID and account details to others.
- Check the user’s last success login and failure login record every time when he/she login to WLB Online Banking (Corp.). Check the account balance and transaction records regularly. Should user discovers anything suspicious, please contact the Bank immediately.
- Click the "logout" button to exit from the system once user has finished his/her online transactions. Please always clear the cache and history in user’s browser after using WLBNET (Corp.).
The correct logout procedure is:
Step1: Click “Logout” button;
Step2: Click “Confirm” to logout.
The below screens are illustrating the logout steps in Internet Explorer 11:
- Do not leave the computer before logout online banking service.
|
- To enhance the security level of WLB Online Banking (Corp.), the Bank has adopted the two-factor authentication tools that allow user to safeguard the use of online banking service. The authentication tools, that the Bank adopted include: "Login Password", plus the "e-Certificate" issued by eSignTrust.
- Two-factor authentication refers to the use of two different kinds of information, that is, the information (For Example: a user name and password) user has already known, plus the tools that user has (For Example: e-Certificate adopted by WLB Online Banking (Corp.)) in order to verify the user's identity.
How to use the e-Certificate
- Upon corporate/organization customer applies for WLB Online Banking (Corp.), customer should indicate the use of two-factor authentication tools for usage preference. Apart from using e-Certificate for performing online transactions, customer can also opt to inputting e-Certificate authentication during login in gaining greater protection to customer’s financial information. Besides, some advance functions of WLB Online Banking (Corp.), such as Batch Payment Service, Batch Direct-Debit Service Settlement Service etc., would require customer to adopt "e-Certificate" authentication.
- When user uses e-Certificate to login WLB Online Banking (Corp.) or perform online transactions, the system would run Java applet in user’s computer. Once Java configuration in user’s computer has been reset or user has not chosen to trust such application forever, the browser of user’s computer, for security concern, may have the below security information alert showing the information of application issuer and the relative authenticated details in assisting user to identify the truthfulness of such application.
What is e-Certificate Pin?
- "E-Certificate Pin" is a Password supplied by Post Office - eSignTrust upon the certificate issuance for verification of the identity of online banking user. When users of coroporate/organization customer apply their e-Certificates from Post Office - eSignTrust, each of them will be asked to input the respective 8-digits numeric Password, which is the "e-Certificate Pin".
If the "e-Certificate" is invalid, lost or user forgets the Pin, what should be done?
- User should visit the eSignTrust as soon as possible for the necessary renewal or replacement of his/her "e-Certificate". User can also visit eSignTrust's website www.esigntrust.com or call their hotline at (853) 2833 0338 to contact their service staff.
|
What is Secure Socket Layer (SSL) 256-bit encryption?
- WLB Online Banking (Corp.) uses SSL 256-bit encryption, which is an online security standard being used presently for commercial application. All data transmitted via online banking services is protected by this technology to ensure data security.
How can user ensure the support of 256-bit encryption during the use of online banking services?
- For MS Internet Explorer Version 7.0 or later versions, the browser has supported 256-bit encryption. If user’s browser does not support 256-bit encryption, please change to use the browser that the Bank recommended earlier for ensuring the use of encryption technology is in place.
How can user install “e-Certificate” driver properly?
- E-Certificate has to be operated under Windows with Internet Explorer and the equipment has to install the Card Reader Package provided by eSignTrust as well as Sun Java Runtime (Java 7 should be installed while the Browser is Internet Explorer 9 or above)
- No matter the e-Certificate is operated in 32-bit or 64-bit Windows, user has to install Java 32-bit version which is provided in eSignTrust Card Reader Package or is downloaded by user his/her own.
What precautions should user take when user setup his/her password?
- Should not set date of birth, ID card number, telephone number or any combinations of user’s English name as password.
- Should not set 3 or more consecutive identical characters, e.g. "333", "bbb", etc.
- Should not set sequential numbers or characters, e.g. "123", "abc", etc.
- Should not set user ID as password.
How often should user change his/her password?
- User is advised to change password regularly, or at least every 90 days.
How can user contact the Bank in case of having any question?
- User may contact the Bank's Service Hotline: (853) 2878 5222
Why should user update operating systems and browsers regularly?
- User should check and download patches provided by software vendors to fix security bugs of the operating systems or web browsers. This helps preventing unauthorized access or attacks of computer viruses or hackers.
What is a firewall?
- A firewall is a programme that helps protecting user’s computer and user’s data from unauthorized access via the network.
Why should user update his/her anti-virus software regularly?
- New computer virus appears from time to time. To protect user’s computer from the latest virus, user should update the virus definition file regularly. Most anti-virus software supports the automatic update or download of virus definition file. For details, please refer to the user manual of relative anti-virus software.
What is Trojan Software?
- Trojan software could stay in user’s computer system and capture user’s personal information when user login the online banking service. It can even record every input from user’s keyboard in order to obtain user’s login ID and password. If user discovers anything unusual when using online banking service, please do not input any information or password and contact the Bank immediately.
What is Spyware?
- Spyware can monitor and record user’s online activities (e.g. the websites user has visited), and send such information to unauthorized parties without user’s consent. To protect user’s interest, please do not install freeware in the computer with which user accesses Online Banking services.
Why should user be careful when receiving emails?
- Viruses, Trojan software and hacker programmes can be distributed via emails. Virus like "Worms" can even reproduce and deliver infected emails to the recipients in user’s address book. Hence, user should not open any unknown or suspicious emails but should instead delete them immediately. Please do not login online banking service through embedded links in any emails. User should also perform virus scanning before opening any email attachment.
How should user setup the security settings of Wireless LAN?
- Do not place the Access Point (AP) too close to doors and windows.
- Turn off the power supply and disconnect from the wireless network after finish the use.
- Do not use the default SSID, enable the Wired Equivalent Privacy (WEP) encryption or other encryption technology and change the password for WEP keys regularly. Do not disclose the security setting of customer’s wireless network to any third party.
Precautionary measures for using Internet
- Disconnect from Internet after user has finished using online banking service.
- Encrypt and secure user’s electronic storage media to protect user’s personal data from unauthorized access.
- Do not save or keep user’s password in user’s browser, and disable the "Auto-Complete" feature to prevent others from obtaining user’s information via the browser.
- Disable the "File and Printer Sharing" function and setup the proper access rights of user’s computer to avoid unauthorized access to user’s data via the network.
- Do not download any illegal or unauthorized software to prevent computer virus infection or Trojan software. Remember to perform virus scanning before opening any attachment files.
|
