Fraud Cases Against BOCNET Customers are Effectively Curbed

With the joint effort of people from all walks of life, fraud cases against BOCNET customers are effectively curbed. As of today, Bank of China has assisted public security authorities to close off 524 phony websites, uncovered over 90 e-banking fraud cases, cracked down three criminal gangs and seized over 30 criminal suspects, which is a violent strike on lawbreakers' overweening arrogance.

Since November 2010, some lawbreakers send fraudulent SMS to mobile phone users in the guise of Bank of China and make phony websites to cheat customers. Same as telecommunication frauds and Internet frauds that happened in the past, these lawbreakers cudgel their brains to gain customers' security authentication information by claiming they are staff of Bank of China, and then they commit crimes with such information.

Lawbreakers' major fraud method is as follows: Firstly they make phishing websites similar to the portal of Bank of China and home page of BOCNET, and such website and home page are usually called "phony websites". Secondly, they register domain names which are similar to that of Bank of China domestic or abroad, such as WWW.

BOC**.COM. Thirdly, they use a common mobile phone number to send SMS to tens of millions of mobile phone users and falsely claim they are staff of Bank of China, they coax users to log on phony websites on the pretext of upgrade of BOCNET or replacement of expired e-Token, and then they obtain online banking customers' security information such as user ID, password and e-Token.

Finally, they use such information to transfer customer' funds.

After occurrence of such cases, Bank of China resolutely adopted measures to carry out risk disclosure and security education to customers, took technical monitoring measures, actively assisted public security authorities to crack down criminal activities, and helped supervisory and law-enforcing authorities to shield off fraudulent SMS and phishing websites. By taking these measures, Bank of China has tried all the efforts to protect the customers' funds security.

I. Using Bank of China SMS Transaction Code in an all-round way to help customers to confirm transactions

Bank of China will apply Bank of China SMS Transaction Code authentication services to all transfer transactions to other' accounts, and the online banking security will be strengthened by the joint effort of e-Token, dual channels and two-factor authentication. Bank of China SMS Transaction Code contains payee name, payee's account number, transaction amount and other key information, and the transfer transaction can be completed only after customers acknowledge such information and enter Bank of China SMS Transaction Code.

This method effectively reminds customers and protects their funds security.

II. Announcing phishing website reporting process and closing such websites quickly

In order to quicken the speed of reporting phishing websites, Bank of China formulated and announced the process of quick reporting and disposal of phishing websites, so as to ensure that people from all walks of life and Bank of China staff can report the fraud to the customer services center of Bank of China or the special mailbox as soon as possible; if it is out-of-work time, informers can report the suspected activities through SMS, and the internal reporting channel is further defined and made clear.

Meanwhile Bank of China assists public security authorities to obtain evidences, increase the efficiency of shutting down phony websites, and mobilize social forces to shut down such websites more forcefully, which cuts off lawbreakers' channel of obtaining customers' authentication information.

III. Assisting public security authorities to persistently crack down frauds and crimes through Internet cheating

In order to effectively curb Internet fraudulent activities, Bank of China has communicated with public security authorities on the issue of phishing websites and frauds for many times, and has always actively assisted public security authorities to specially crack down external frauds such as phishing website cheating. At the same time, Bank of China established a special working group to assist the fraud case detection of public security authorities.

IV. Strengthening e-banking risk disclosure and security education on customers

In order to improve anti-fraud consciousness of the public, Bank of China, on the basis of persistently carrying out routine risk disclosure to e-banking customers, greatly intensifies the density of risk disclosure and security education, and it has sent over 60 million SMS on risk disclosure to customers. It established a BOCNET security zone on its home page of website, and customers can learn comprehensive BOCNET security protection knowledge in this zone so long as they log on its website. It announces security reminders on the home page of BOCNET system to remind online banking customers to take care of their authentication information and ensure safe use of online banking services. In addition, Bank of China announces security reminders to customers through the self-service voice system of customer services hotline 95566 and stresses that customers should log on www.boc.cn and not be credulous of any SMS or call that is not sent by 95566. Meanwhile, Bank of China actively releases anti-fraud knowledge through mass media. Since the late January, Bank of China has released and reproduced hundreds of articles on security education on multiple mainstream Internet media.

Bank of China has always paid much attention to online banking risk prevention and control. When customers are using the BOCNET, no matter it is at the customer end or the bank end, or even in the process of data transmission, comprehensive measures are adopted by Bank of China to protect customers' funds and information security.

Bank of China adopts strict security design, and its technical security measures and control process completely meet regulations of the state's supervisory and regulatory departments. When customers are logging on the online banking system, Bank of China verifies customers' identity by "user ID + password + e-Token"; when customers are transferring money to others' accounts and conducting online payment, Bank of China also assists to verify customers' identity by e-Token and Bank of China SMS Transaction Code.

Furthermore, BOCNET also adopts a set of security measures including reserved welcome message, logon protection, transaction limit control and logout for session timeout to protect customers' transaction security.