Security Tips

In response to recent scams on malware in the market, in which fraudsters are found to deceive customers using Android to install application with malicious intention including online banking login credentials.

For the sake of protecting customers’ interest, WeLab Bank application’s screenshot and recording functions for Android devices will be temporarily suspended since 24 November 2023 until further notice. If you need to obtain transfer records with third parties, please retrieve them from the registered email address inbox and capture screens for record. Sorry for the inconvenience caused and thank you for your understanding and cooperation in helping.

Information Security Tips

  1. Don't click on any links that you are not familiar with.
  2. Always type our URL directly into your browser. Look for the padlock icon next to our URL to ensure you're on our secure site.
  3. Check your transaction details (including payee name, amount and account numbers) when making transfers. If anything is unclear, it is best to check with the recipient before you make the transaction. Better be safe than sorry!
  4. We'll send you notifications about your bank and Debit Card transactions. You can also check this in the app's home screen and your eStatements. Get in touch with us immediately if you see something suspicious, we're here to help!
  5. Don't use public WiFi when you're accessing your bank account or using your WeLab Bank app.
  6. Be careful when sharing your personal information on social networking platforms or social media. Information such as your name, email address, date of birth and mobile number may be used by fraudsters (aka "bad guys") to compromise or steal your identity.
  7. Beware of any phishing scam SMS, email, social media or instant messaging.
    1. Fraudsters often use SMS, email, social media or instant messaging pretending to be telecommunications companies, chain retail store membership reward programs, online shopping platform, courier company, online payment service providers, government official, etc. The content will be about redeeming gifts, purchasing goods and services with attractive promotion, verifying accounts, providing account/ personal details for case investigation, etc. Normally, recipients will be instructed to click on the provided link to enter the phishing site or download unofficial mobile application, fill in account login credentials, debit/credit card information, and personal information. Fraudsters will record the information you have inputted, and then uses your information to steal your money.
    2. If you receive any suspicious messages, it is recommended not to reply or open any links or attachments. If you receive any SMS, email, social media or instant messaging claiming to be from WeLab Bank and asking you to provide any sensitive personal information or account details, please call our customer service hotline immediately for verification.
  8. Don't leave your mobile unlocked when you're not around. We suggest you tap "log off" to close the WeLab Bank App.
  9. Be careful about sharing your mobile phone with others. Don't try to log into your account from someone else's phone.
  10. Setup auto-lock and use a passcode/ biometric lock to prevent unauthorized access to your mobile phone and its content.
  11. Don't install apps onto your mobile from unknown sources other than official sources like the Apple App Store or Google Play Store. Make sure you understand the permission requirements for each app before you install them.
  12. Regular update to the latest version of WeLab Bank app, and ensure your mobile phone operating system and browsers on your mobile phone has been updated with latest patches.
  13. Install and use the updated anti-malware apps.
  14. Don’t use a rooted or jailbroken mobile phone. This removes a very important protection layer that guards your data and device from mobile threats.
  15. Don't use SMS forward services.
  16. Clear your browser’s cache, especially when using public or shared computers.
  17. When we detect suspicious activity in your account, we will notify you via email and push notification/SMS. Please proceed to verify your email address within the WeLab Bank Apps to ensure timely receipt of important notifications. If there are any updates to your contact information used for receiving important notifications (such as phone/email address/address), please update them as soon as reasonably practicable within the WeLab Bank Apps. (Settings > Personal Information)

Security Tips for Password Enforcement

  1. Change your password regularly.
  2. Don't store your password on your mobile devices, write it down or share it with others.
  3. When creating your password, don't use personal information such as your name, birthday, phone number, ID number, ATM PIN.
  4. Follow our in-app advice when creating your password and mobile security PIN.
  5. Do not forward any one-time password (“OTP”) that we sent you.

Security Tips for WeLab Debit Card

  1. Beware of any phishing scam SMS, email or instant messaging. (Refer to the tips above)
  2. Do not share or write down your card information (including card numbers, CVV/CVC code, PIN or OTP), with anyone you don’t know unless you know it’s a legitimate request, whether physically or digitally.
  3. Keep your card safe in a secure location and avoid leaving your card exposed and unprotected.
  4. Report to our customer service hotline or login our WeLab Bank App (Press the “Card” icon on the front page > “Lost Card”) immediately if your card or mobile device is lost or stolen.
  5. Read the content of the SMS OTP or in-App confirmation (such as merchant name and amount) before authorising the transaction. Do not forward the SMS OTP to others.
  6. Double check your transactions and report any discrepancies immediately via customer service hotline - you can do so through your in-app transaction history or your monthly statements.
  7. When using your card in an ATM, stay alert on any unusual external object/devices attached to the ATM, as these may be devices used to steal your card PIN.
  8. Do not add your WeLab Debit Card to any mobiles and digital wallets that do not belong to you.
  9. Use only reputable websites when making online purchases.
  10. Be discreet when using your card credentials to avoid any unauthorized people from finding out your card details.
  11. Use an RFID-blocking protector to prevent defrauders from scanning sensitive data from your card while standing close to you.

Security Tips for OpenAPI

  1. Never share your account details or login credentials with any unauthorized third party. WeLab Bank will not disclose any of your personal and account information without your consent.
  2. Before you choose to use any products or services from Third Party Services Providers ("TSPs"), please be aware that the TSPs may not have the same privacy standards and data storage standards as the Bank. You should also ensure that you have read and understood TSP’s service agreement and are aware of the information it requests and the permissions you are granting to it to use that information.
  3. When you choose to use TSP mobile application or web application, please download the TSP applications from official sources, such as Apple App Store or Google Play Store to prevent suspicious application.
  4. Please watch a short video clip from Hong Kong Monetary Authority regarding "Using banking services via websites/applications of third-party service providers": https://youtu.be/igHxqJGRXLI (Chinese version only).
  5. We will periodically update the Bank's website with the list of our official TSP partner(s), please visit our website regularly for the latest information. If you are unsure whether a TSP is authorized by the Bank, please contact us via customer service hotline for more information.

Beware of Fraudsters Pretending to be WeLab Bank Staff

  1. You may receive calls, SMS, social media or instant messaging claiming to be from WeLab Bank and for instance, inviting you to apply for a personal loan or a credit card, or even requesting you to provide any sensitive personal information (including your bank account number, username, login password etc.). We do not notify customers of account irregularities through pre-recorded phone calls nor request customers to provide sensitive personal information through SMS, email, social media or instant messaging. If you receive a suspicious call or message, don't panic! First step is to try to authenticate the caller by asking for their department name and office number as well as how they got your phone number and account information. If they are unwilling to share this information, hang up the phone! Do not share any information.
  2. If you have any doubt about the authenticity of marketing and promotional activities and materials claiming to be organised or provided by WeLab Bank and third parties engaged by or collaborating with WeLab Bank, you can call our customer service hotline to verify the authenticity.
  3. You can visit https://www.hkma.gov.hk/eng/smart-consumers/beware-of-fraudsters/ to learn some smart tips from the Hong Kong Monetary Authority on fraud prevention when dealing with bogus calls, fraudulent SMS and emails.
  4. Contact us via customer service hotline and report to the Hong Kong Police immediately if you have shared any personal details with the fraudster, providing information to our customer service such as caller's phone number and details of information that was shared for our case investigation. If you have shared your online banking password to the fraudsters earlier, change it immediately.
  5. To safeguard your interests and personal privacy, please keep your sensitive personal information safe at all times.

If you are in doubted of the received call or message, or you have any concerns, please call our customer service hotline at (852) 3898 6988 and report to the Hong Kong Police.