Security Tips
This webpage sets out the security information of the electronic banking services (e-Banking) offered by Livi Bank Limited (thereafter named as “the Bank” or “livi”). E-Banking refers to banking services delivered over the Internet, wireless network, telephone network or other electronic network or devices, including but not limited to the Bank’s Mobile Application (mobile app) and Customer Services Hotline.
Use of mobile application and e-Banking
- You should stay vigilant to anything abnormal when logging into and using e-Banking. (e.g. unusual pop-up screens, unusually slow response, multiple requests for password or security code). In case of doubt, you should terminate the operation and contact us immediately.
- Install updates and patches for the mobile app and the operating systems and browsers regularly from official channels. Do not download software and applications from any untrusted sources.
- Do not download the mobile app or use the e-Banking services via wireless network (i.e. Wi-Fi) that is public or not protected by password.
- For security reasons, do not use jailbroken or rooted mobile devices.
- Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) or Payment Apps not in use. Choose encrypted networks when using Wi-Fi and disable Wi-Fi auto-connection settings.
- Avoid using mobile devices from others to log in e-Banking and sharing your mobile devices with others.
- Activate the auto-lock function of your mobile devices.
- You should notify us for any change of your mobile phone number or email address without delay. You are requested to remain responsible for any unauthorised use of the e-Banking by others before the Bank receives your notification.
- Before making payment by mobile phone number, e-mail address, Faster Payment Identifier (FPS ID) or QR code, you should verify the details of payment request including the payee name carefully. If you have any doubt, please confirm with the payee in advance.
- You should ensure that your devices for accessing e-Banking are not being infected by virus or unauthorized accessed by malicious, corruptive or destructive program, for the retrieval, use and change of the password, biometric credential or personal information.
- You should be aware of the obligations in relation to security for e-Banking and following the relevant security measures specified from time to time by us for the protection of customers. You may bear the risk of suffering or incurring any loss if not taking the security measures that livi recommends.
- Inform the bank immediately if you lose your personal identity documents (e.g. HKID, Passport) or your mobile device to prevent fraudsters from trying to gain unauthorised access your account using your identity.
- Remember to update your contact information such as your mobile number, email address and residential address so that the Bank’s notifications are addressed to the right contact timely.
Selling or lending out your bank accounts may lead to committing money laundering offences
- Through telemarketing or social media, criminal syndicates may lure you into selling or lending your bank accounts to them with the promise of “making a quick buck”, or they may use your personal information to open new accounts. These “stooge accounts” may then be used to receive or launder fraudulent payments or other illegal proceeds.
- Do not sell or lend your accounts to anyone as they may be abused for unlawful purposes. You could be charged for committing money laundering offences, of which the maximum penalty is imprisonment for 14 years and a fine of HKD5,000,000.
Beware of scams! Do not provide bank, credit card, investment, insurance and MPF account or other key personal information via hyperlinks embedded in suspicious messages purported to be coming from our institution!
- Stay vigilant against bogus calls, fraudulent text messages and e-mails. Verify the identity of callers and beware of fraudsters who may impersonate the Bank’s staff or someone you know.
- The “Phishing” fraudsters often send out emails or SMS purportedly from the Bank in order to trick you into providing account details, passwords, personal information or debit card numbers. If you notice anything suspicious, please contact liviCare at (+852) 2929 2998 or (+86) 4001200099 immediately.
- The Bank will not ask for customers’ account number, password or any personal information via emails, text messages, QR codes, search engines, social networking platforms or any third-party websites or Apps. Customers should not disclose their e-Banking credentials and one-time-passwords (“OTP”, e.g. SMS OTP and One-time Withdrawal Code for ATM Withdrawal), to third-parties.
- “Deepfake” refers to the use of artificial intelligence (AI) deep learning technology to synthesize images for manipulation. With the sophistication of deepfake technology, fraud syndicates can collect users' voice and facial features to simulate someone’s likeness for identity and monetary thefts. Whenever possible, refrain from receiving unsolicited video call invitations. If you need to answer, stay vigilant and protect your biometric information during calls to avoid identity theft and financial loss.
- Fraud syndicates can make use of the mimicked images or videos of your friends or relatives displayed in video calls to gain the trust of victims for committing frauds. Before making any transfer or payment, you should verify the details and instructions through trusted channels and carefully verify the authenticity of the other party's identity.
- If the payee's information is flagged as related to a scam report when making a transaction instruction, you should double check the transaction details and verify the trustworthiness of the payee. Should you have any questions, immediately call the Hong Kong Police Force Anti-Deception Coordination Centre’s Anti-Scam Helpline 18222 for assistance. Please click here to visit the CyberDefender webpage of the Hong Kong Police Force for more details of the FPS Suspicious Proxy Alert.
- Effective from 7:00am, 28th January 2024, the Bank started using Registered SMS Sender IDs “#livibank” or “#LIVIBANK” when sending SMS messages to customers who subscribes to local mobile services in Hong Kong. Click here to learn more about the SMS Sender Registration Scheme published by the Office of the Communications Authority.
- To ensure that you are connected to the genuine livi website, please click on the padlock icon at the top of your browser to verify the security certificate of the website.
Protecting your account and credentials
- When setting up passwords or login credentials:
- do not use easy-to-guess personal information, numbers or alphabets;
- do not write down or record any passwords, login credentials or security information without disguising them;
- do not use the same passwords, login credentials or security information for different services.
- Avoid logging in e-Banking in a crowded area and be careful when inputting your password via specific mobile devices. The format of password may be enlarged with clear display. It would indirectly disclose your login information to other people.
- You should be responsible for taking reasonable steps to keep your personal information (e.g. identification documents, documentation containing your personal information such as address proof), devices (e.g. mobile devices), credentials (e.g. e-Banking password, OTP), or Biometric Authentication (e.g. fingerprint and facial features) used for registering, activating or accessing e-Banking and mobile payment app secured and confidential. Avoid disclosing your e-Banking login credentials (including password) or personal information to anyone (e.g. identification document number or copy, date of birth) to any other people.
- If you have enabled “Biometric Authentication” service on your mobile devices, any fingerprint or Face ID that being stored on your mobile device can be used for the purpose of the “Biometric Authentication” service. You must ensure that only your fingerprint or Face ID is stored on your mobile devices, and ensure the security of the security codes as well as the passwords or codes that you can use to store your fingerprint or Face ID and register the “Biometric Authentication” service on your mobile devices.
- If your fingerprint or Face ID record of your designated mobile devices has been changed, your “Biometric Authentication” service will be suspended. You are required to re-register or re-activate the “Biometric Authentication” service.
- You must not use “Biometric Authentication” if you have reasonable belief that other people may share identical or very similar biometric credentials of you. For instance, you must not use facial recognition for authentication purpose if you have identical twin or triplet siblings.
- You must not use “Biometric Authentication” if the relevant biometric credentials of you are or will be undergoing rapid development or change.
Exercise care at ATM withdrawals
- Please avoid being distracted when withdrawing cash so as not to leave banknotes at an ATM unattended or uncollected. Print a receipt for record and count the banknotes immediately after each cash withdrawal.
- Do not remove from an ATM dispenser any uncollected banknotes left behind by a previous user. The banknotes will be automatically retrieved by the machine after a designated period of time.
- Stop using the ATM immediately when noticing any suspicious device near the ATM, such as any pinhole camera or suspicious notice.
Learn more about security tips
- Click here to learn more about security tips on the use of e-Banking published by the Hong Kong Monetary Authority.