Back

eBanking Security Advisory

Protect yourself from scammers and fraudsters.

Chinabank Mobile App Security Features

AUTOMATIC TIME OUT

To reduce the risk of unauthorized access to your account, our system will automatically log you out from your session after a period of inactivity.

OAC & OTP

A One-time Activation Code (OAC) will be sent to your registered email address for your initial login. For your subsequent logins, a One-time Password (OTP) will be sent to your registered mobile number to authenticate your financial transactions.

ALERTS

We automatically generate SMS or email alerts to notify you each time a successful transaction is performed.

 

Chinabank Online Security Features

ENCRYPTION

Chinabank Online implements TLS (Transport Layer Security) encryption technology that will protect your confidential information. You are using encryption if the website address begins with https:// and you see a closed padlock beside the URL in the address bar.

FIREWALL & INTRUSION PREVENTION SYSTEMS

We put in place security controls that are consistent with industry best practices to protect our online banking infrastructure. Among these controls are state of the art firewalls, intrusion prevention systems and other security technology that aims to safeguard against potential malicious activities.

TRANSACTION AUTHENTICATION

For your online financial transactions to proceed, you are required to enter our nominate ID and your transaction password which is different from your login password. This is for your added protection since every financial transaction is being duly authenticated and authorized. For your Auto-Credit Arrangement (ACA), and Fund Transfer transactions initiated in Chinabank Online Corporate to proceed, you will be required to enter the system-generated One-Time Password (OTP).

AUTOMATIC TIME OUT

To reduce the risk of unauthorized access to your account, our system will automatically log your out from your session after a period of inactivity.

 SECURE LOGIN

Chinabank Online requires you to create a strong password. For Chinabank Online Corporate, aside from your company’s Corporate ID, your nominated user ID and password, we require you to enter the One-Time Password (OTP) to complete the login process

ENROLLMENT OF 3RD PARTY ACCOUNTS IN CHINABANK ONLINE CORPORATE

To ensure that funds are transferred to the intended recipient, enrollment of the transferee account is required for all types of fund transfer transactions.

The Chinabank Mobile App has policies and procedures in place to help prevent the misuse of data and to reduce the risk of fraud:

  • We ensure that only employees who are servicing accounts have access to your data
  • We employ segregation of duties for certain high value transactions

PRACTICE AND SECURITY ASSESSMENT

We regularly conduct extensive vulnerability assessment, penetration testing and attack simulations on our critical systems to proactively find and remediate vulnerabilities. 

  • Independent ethical hacking reviews conducted by outside security firms
  • Ongoing scanning and monitoring to protect against known security risks
  • Application vulnerability assessments
  • Internal security assessments and use of technology to monitor and maintain a safe and stable environment
  • Regular mandatory security training of employees

 

Be Aware

The best way to protect yourself against social engineering is to always be AWARE:

Ask yourself first before you post anything on social networking sites – birthdays, addresses, contact numbers, family, job, schedules, travels, location, affiliations, “likes” or anything that can be used for identity theft, whereabouts tracking or fraud perpetuation. 

Watch out for unexpected/ unexplained/ unusual calls or emails. Confirm authenticity of anyone with whom you communicate – get contact number from your card, statement, etc. and be wary of the information you share. 

Always check your privacy settings on social networking sites. 

Refrain from clicking on links embedded in emails and be particularly conscious of embedded links, emails or text messages that ask for password verification. 

Ensure that your personal information are disclosed only to those whom you intend to share it with – people or organizations that legitimately require these information.


Fraud Response

Chinabank will never ask for your personal information such as birth date, account number, credit card number, CVV, ATM PIN, and One-Time Password (OTP) through call, text, or email. 

If you receive any suspicious calls, texts or emails, kindly report immediately to our Customer Contact Center at (632) 888-55-888 or email us at online@chinabank.ph. 

For customers outside the Philippines, you may dial our international toll-free numbers.

Security Tips

  • Download only the official Chinabank Mobile App from Google Playstore or Appstore 
  • Review your bank account statements regularly 
  • Use unique passwords to access your account 
  • Keep informed of current cybersecurity threats 
  • Always check and ensure the correct online banking URL is indicate din your browser before entering your user ID and password 
  • Close all your browser sessions and launch a new one prior to accessing your account online 
  • Always log out after completing your transactions 

 

  • Respond to emails or SMS asking for your personal information 
  • Include your personal information in your outgoing emails or text messages 
  • Share your user IDs, passwords, and PINs with anyone 
  • Store your login credentials or account numbers on your digital devices 


  • Access the Chinabank Mobile App and Chinabank Online ONLY through a trusted and password protected network 
  • Always log in to Chinabank Online from the Chinabank public web site. The URL or web address of the Chinabank public web site is http://services.chinabank.ph 
  • Install security patches and keep your phone’s Operating System updated. 
  • Keep your antivirus/malware protection software updated 
  • Maintain firewall to prevent unauthorized access. 
  • Keep all your devices password or PIN protected 
  • Follow public safe WiFi practices: 
    • Enable your firewall 
    • Use HTTPS whenever possible 
    • Consider using a VPN 
    • Turn off sharing. Don’t make your WiFi network public 
    • Choose your network wisely 
    • Forget the network after you are done using it 
    • Turn WiFi off when you are not using it 
  • Disable the `Auto-Complete' feature in your browser so it will not remember passwords. Always click "No" when requested/prompted to remember your password on a specific computer 

 

  •  Install software or run programs of unknown origin. Only download from trusted sources. 
  • Store or retain user ID and password when prompted by the browser as an option 
  • Leave your device unattended 
  • Use shared devices for conducting confidential financial activities 
  • Create strong PINs and passwords you can easily remember 
  • Use a combination of lower and upper case letters, numbers and special characters 
  • Change PINs and passwords regularly or whenever you suspect they have been compromised 
  • Disable the `Auto-Complete' feature in your browser so it will not remember passwords. Always click "No" when requested/prompted to remember your password 
  • Cover your hand when you enter your PIN at the ATM and POS Terminals 
  • Ignore emails, texts or calls requesting for your PINs and/or passwords
  • Don't choose PINs and passwords that can be easily associated with you such as your initials, birth date, or telephone/mobile number 
  • Never share your PINs and passwords with anyone. Memorize your PINs and passwords and avoid writing them down or keeping a digital copy. 
  • Don’t use sequential numbers (12345) or the same digit more than twice (12322) 
  • Avoid using the same PINs and passwords across different platforms and services 

SIM Card Swapping is a fraud attack that obtains personal confidential information through Phishing or a scheme using a fake promotion or incentive. 

Securing the SIM and personal information allows the fraudsters to request a new number from the telco provider and get access to your bank and e-money accounts. 

  • Never click untrusted websites, email, or text messages that contain suspicious links. 
  • Never disclose bank and personal information to unknown callers. 
  • Transact through our Chinabank’s official hotline and email address ONLY. 
  • Your mobile number gets deactivated 
  • You are getting alerts on the usage of your digital accounts linked to your mobile number that you did not perform 
  • Update your Digital Banking credentials 
  • Contact and report to your bank 
  • Contact and report to your Telco provider 

Skimming is a method used by criminals to capture data from the magnetic strip on the back of an ATM Card. Once your details have been "skimmed", a counterfeit card can be created and used to withdraw funds at an ATM or make purchases on your account. 

  • Inspect the front of the ATM for any unusual or non-standard appearance like scratches, marks, loose wires, glue, or tape residues that could be indicators of tampering. 
  • Touch the keypad, customer card entry slot, and lighting diffusers to check if they are a little loose or are fake overlays. 
  • Do not use ATMs that look tampered with. If you suspect that an ATM has a skimming device, please report it immediately to the concerned bank or branch. 
  • Don't leave your ATM Card lying around the house or office desk. If your ATM card is lost or stolen, notify us immediately. If you are enrolled on Chinabank Online or Chinabank Mobile App, use the "Tag ATM Card as Lost/Stolen" function by going to “Account Services” > “Suspend Card” 
  • Avoid using ATMs in isolated or dimly- lit places. 
  • Cancel your transaction and take your ATM Card immediately if you notice something suspicious while transacting. 
  • Never count cash in public. Wait until you are in a secure place. 
  • Always take your receipts or transaction records issued by the ATM. This can be helpful when confirming the data in your monthly statement and is also a good way to guard against fraud. 

"Phishing" refers to emails or text messages (SMS) sent by syndicates to trick you into clicking a link and providing sensitive information such as your online banking user ID and password. Syndicates then use this information to make unauthorized transfers from your account.

  • Don’t open email attachments from unfamiliar senders and never click on links from these emails. Most importantly, don't enter your user ID or passwords on any of the links provided. 
  • Verify first with the officer of your branch of account if you receive emails or text messages that: 
    • ask you to enter or submit your bank account details or login information, or to visit a website to update your personal information 
    • seem to come from a reputable source, such as your hardware, software, or internet service provider but is asking for your personal information or informing you of a prize you reportedly won 
    • contain attachments from an unfamiliar source or appear to come from the bank 
  • Take note that Chinabank does NOT solicit details regarding online banking thru email and does NOT require you to supply your user ID and passwords apart from transacting on the genuine Chinabank Online site. 
  • Remember that Chinabank Online does NOT require both login and transaction password simultaneously – the log in password is inputted first and the transaction password is required only when conducting financial transactions. “Phishing Sites” ask you to input both login and transaction passwords on the same page. 
  • Contact us immediately if you suspect you've been sent a fraudulent email or text message. 

 

How can we help you today?

Get fast answers to your queries. Check out our help center.

Visit our FAQs page