Security Tips

In response to recent scams on malware in the market, in which fraudsters are found to deceive customers using mobile device to install application with malicious intention including online banking login credentials.

For the sake of protecting customers’ interest, WeLab Bank application’s screenshot and recording functions for Android devices will be temporarily suspended since 24 November 2023 until further notice. If you need to obtain transfer records with third parties, please retrieve them from the registered email address inbox and capture screens for record. Sorry for the inconvenience caused and thank you for your understanding and cooperation in helping.

Information Security Tips

  1. Stay vigilant: don’t click on any unfamiliar links.
  2. Direct access: Always type our URL directly into your browser and look for the padlock icon to ensure a secured connection.
  3. Verify before transferring: Double-check transaction details, including payee name, amount, and account numbers, and consult the recipient if anything seems unclear. Better safe than sorry!
  4. Stay informed: Receive notifications about your bank and Debit Card transactions. You can also check them on WeLab Bank App's home screen and eStatements. If you notice anything suspicious, contact us immediately for assistance.
  5. Secure network usage: Avoid using public Wi-Fi when accessing your bank account or using the WeLab Bank app.
  6. Protect personal information: Exercise caution when sharing personal details on social networking platforms or social media. Fraudsters may attempt to compromise or steal your identity using information like your name, email address, date of birth, and mobile number.
  7. Beware of phishing scams: Stay alert for suspicious SMS, emails, social media messages, or instant messaging attempts.
  8. Recognize phishing tactics: Fraudsters often impersonate telecommunications companies, chain retail store membership programs, online shopping platforms, courier companies, online payment service providers, government officials, etc. They may entice you with offers, promotions, or requests for account verification or personal details. Be cautious of clicking links, downloading unofficial apps, or providing login credentials, debit/credit card information or personal data. Fraudsters may record these information to steal your money.
  9. Report suspicious messages: If you receive any suspicious messages, refrain from replying or opening links or attachments. If you receive SMS, emails, social media messages, or instant messages claiming to be from WeLab Bank and asking for sensitive personal information or account details, please contact our customer service hotline immediately for verification.
  10. Logout your account: When not in use, ensure you have logged off and closed the WeLab Bank app.
  11. Be cautious with your account: Avoid logging into your account from someone else's phone and be careful about sharing your mobile device with others.
  12. Strengthen mobile security: Set up auto-lock and use a passcode or biometric lock to prevent unauthorized access to your mobile phone and its content.
  13. Trusted app sources: Only install apps from official sources like the Apple App Store or Google Play Store, or from WeLab Bank official website. Understand each app's permission requirements before installation. If any suspicious permission rights are sought, refrain from installing the mobile application. Maintain the proper configuration of mobile devices and prohibit the installation of mobile applications from unknown sources.
  14. Keep software updated: Regularly update the WeLab Bank App, as well as your mobile phone's operating system and browsers, to ensure you have the latest patches and security features.
  15. Use updated anti-malware apps: Install and utilize reliable anti-malware apps to enhance your device's security.
  16. Avoid rooted or jailbroken phones: These modifications remove crucial protection layers that guard your data and device from mobile threats.
  17. Please do not forward any notifications sent to you by WeLab Bank, including but not limited to text messages, emails, and push notifications.
  18. Clear your browser’s cache, especially when using public or shared computers. Clear browser cache: Especially when using public or shared computers, maintain privacy by clearing your browser's cache regularly.
  19. When we detect suspicious activity in your account, we will notify you via email and push notification/SMS. Please proceed to verify your email address within the WeLab Bank Apps to ensure timely receipt of important notifications. If there are any updates to your contact information used for receiving important notifications (such as phone/email address/address), please update them as soon as reasonably practicable within the WeLab Bank Apps. (Settings > Personal Information)
  20. Update regularly: Please be reminded to review and update your personal information regularly.

Check SMS sender address

To help the public verify if an SMS sender address is authentic for combatting fraudulent activities, the Office of the Communications Authority (OFCA), along with the telecommunications and bank industry, has established the SMS Sender Registration Scheme.

  1. To make it easier for you to identify if an SMS is sent from us, we are using registered sender IDs with prefix "#", i.e. “#WeLab.Bank”, to send SMS messages to you.
  2. If you receive an SMS message that is not from "#WeLab.Bank", which asks you to provide any sensitive personal information or account details, it is recommended not to reply or open any links or attachments. Should you have any enquiries, please call us immediately for verification.
  3. The registration requirement does not apply to local users who utilize one-card-multiple-number or one-card-dual-number mobile services provided by non-Hong Kong operators.
  4. No matter the SMS is started with “#” or not, customers should read the content carefully before clicking the link.

Security Tips for Anti-malware:

  1. Our enhanced anti-malware tool restricts WeLab Bank access when it detects log-in attempts from mobile devices that are likely infected with malware or have settings that make it prone to security vulnerabilities. If you see some prompts on the WeLab Bank app, such as "Malicious program using accessibility permissions detected" or "Detected screen is sharing". This means that for security reasons, we will suspend your use of the WeLab Bank app. If you wish to continue using the WeLab Bank application, please turn off the relevant settings or delete the related applications.

Security Tips for Password Enforcement

  1. Keep it fresh: Change your password regularly and follow our in-app guidance for creating strong passwords and mobile security key.
  2. Avoid storing your password on mobile devices or sharing with others.
  3. Stay unique: Don't use personal information like your name, birthday, phone number, or ATM PIN in your password.
  4. Do not forward any one-time password that we sent you.

Security Tips for WeLab Mastercard Debit Card

  1. Beware of any phishing scam SMS, email or instant messaging. (Refer to the tips above)
  2. Do not share or write down your card information or authentication factors (including card numbers, CVV/CVC code, PIN or OTP), with anyone you do not know unless you know it is a legitimate request, whether physically or digitally.
  3. Keep your card safe in a secure location and avoid leaving your card exposed and unprotected.
  4. Report to our customer service hotline or log in to our WeLab Bank App (Press the "Debit Card" icon on the front page > "Lost Card") immediately if your card or mobile device is lost or stolen.
  5. Read the content of the SMS OTP or in-App confirmation (such as merchant name and amount) before authorising the transaction. Do not forward the SMS OTP to others.
  6. Double-check your transactions through your in-app transaction history or your monthly statements and report any discrepancies immediately via customer service hotline.
  7. When using your card in an ATM, stay alert on any unusual external object/devices attached to the ATM, as these may be devices used to steal your card PIN.
  8. Do not add your WeLab Mastercard Debit Card to any mobiles and digital wallets that do not belong to you.
  9. Use only reputable websites when making online purchases.
  10. Be discreet when using your card credentials to avoid any unauthorized people from finding out your card details or authentication factors.
  11. Use an RFID-blocking protector to prevent defrauders from scanning sensitive data from your card while standing close to you.
  12. Set your own Card-not-Present transaction limit for your peace of mind and to ensure that every online purchase is safe and secure.
  13. In case you suspect your Debit Card has been misused, please contact our Customer Service Hotline immediately or log in to the WeLab Bank App and click on the Debit Card icon on the homepage > Report Lost Card, Freeze Card, and/or Report Unauthorized Transaction.

Security Tips for OpenAPI

  1. Never share your account details or login credentials with any unauthorized third party. WeLab Bank will not disclose any of your personal and account information without your consent.
  2. Before you choose to use any products or services from Third Party Services Providers ("TSPs"), please be aware that the TSPs may not have the same privacy standards and data storage standards as the Bank. You should also ensure that you have read and understood TSP’s service agreement and are aware of the information it requests and the permissions you are granting to it to use that information.
  3. When you choose to use TSP mobile application or web application, please download the TSP applications from official sources, such as Apple App Store or Google Play Store to prevent suspicious application.
  4. Please watch a short video clip from Hong Kong Monetary Authority regarding "Using banking services via websites/applications of third-party service providers": https://youtu.be/igHxqJGRXLI (Chinese version only).
  5. We will periodically update the Bank's website with the list of our official TSP partner(s), please visit our website regularly for the latest information. If you are unsure whether a TSP is authorized by the Bank, please contact us via customer service hotline for more information.

Security Tips for money transfer:

  1. If the recipient's phone number/email address/FPS identifier is classified as "High Risk" by Scameter when you make a transfer to another person, you will see a high-risk alert. Please reconsider and decide carefully if you want to continue with the transfer. If you need any assistance, you can contact us by calling our Customer Service hotline at (852) 3898 6988 or email us at [email protected].
  2. If the recipient's phone number/email address/FPS identifier is classified as "High Risk" by Scameter, when you make a transfer to this recipient, you will see a high-risk alert. Please reconsider and decide carefully if you still would like to continue with the transfer.
  3. Always double-check the recipient's full name and account number are correct before initiating any transfer. WeLab Bank, as the payee institution, has already implemented mandatory name matching process irrespective of the transaction amount to avoid unintended losses.

Beware of Fraudsters Pretending to be WeLab Bank Staff:

  1. You may receive calls, SMS, social media or instant messaging claiming to be from WeLab Bank and for instance, inviting you to apply for a personal loan or a credit card, or even requesting you to provide any sensitive personal information (including your bank account number, username, login password etc.). We do not notify customers of account irregularities through pre-recorded phone calls nor request customers to provide sensitive personal information through SMS, email, social media or instant messaging. If you receive a suspicious call or message, don't panic! First step is to try to authenticate the caller by asking for their department name and office number as well as how they got your phone number and account information. If they are unwilling to share this information, hang up the phone! Do not share any information.
  2. If you have any doubt about the authenticity of marketing and promotional activities and materials claiming to be organised or provided by WeLab Bank and third parties engaged by or collaborating with WeLab Bank, you can call our customer service hotline to verify the authenticity.
  3. You can visit https://www.hkma.gov.hk/eng/smart-consumers/beware-of-fraudsters/ to learn some smart tips from the Hong Kong Monetary Authority on fraud prevention when dealing with bogus calls, fraudulent SMS and emails.
  4. Contact us via customer service hotline and report to the Hong Kong Police immediately if you have shared any personal details with the fraudster, providing information to our customer service such as caller's phone number and details of information that was shared for our case investigation. If you have shared your online banking password to the fraudsters earlier, change it immediately.
  5. To safeguard your interests and personal privacy, please keep your sensitive personal information safe at all times.

If you are in doubted of the received call or message, or you have any concerns, please call our customer service hotline at (852) 3898 6988 and report to the Hong Kong Police.