Scam awareness videos
Smart tips for online banking
Learn some tips to staying safe when banking online:
- Avoid accessing your bank account with public computers
- Never disclose your personal security details, eg. account number, PIN or security code to others
- Do not fall for money-laundering scams. Be wary of any 'business opportunity' that involves receiving or holding money for strangers.
- Report any unusual transactions in your statement immediately
- Always keep the electronic receipt for fund transfer and bill payment transactions
- Memorise your PIN and do not write it down
- Select PINs that cannot easily be guessed by anyone
- Use different PINs for different websites
- Never disclose your PIN to anyone, not even someone claiming to be from the bank or the police
- You should set transfer limits according to your banking needs. Avoid setting high transfer limits if your average transfer transactions are low.
- Do not use a jailbroken Apple® iPhone®, rooted Android™ phone or any other mobile device that has been jailbroken or rooted. These are techniques which remove important security features that have been inbuilt on your device by the mobile operating system manufacturer.
To learn more about online security, please visit the HSBC Group online security page.
HSBC will not display your personal information in emails or ask you to confirm any personal data by replying emails. The only exception is when responding to your enquiry, our customer service officers may contact you via email whereby some personal information is required. In such a case, please note that the email will be sent through and stored in an encrypted form in our secured online banking platform and you are required to logon using your username and password to access such emails.
What HSBC can do
HSBC is committed to protecting the security of our HSBC online banking customers. HSBC issues a Security Device to all HSBC online banking customers to offer better protection from a variety of potentially damaging attacks.
The Security Device has been selected by HSBC as the technology that best meets our customers' need for flexibility and portability, and our business volume requirements. The Security Device meets Bank Negara Malaysia's requirements for two-factor authentication, while providing the following benefits to our customers:
- The Security Device itself generates a security code. As there is no dependency on a third party for security code generation, our customers do not need to rely on another party's service to access online banking
- The generation of the security code is not dependent on capacity issues, signal availability or the geographical location of our customers.
- The Security Device is small, light and portable. It does not require downloads, set-ups, system adjustments, etc
Security Device is a simple and convenient way to protect your bank transactions online. Every time you logon to HSBC online banking, you are required to enter a Security Code generated by this device, in addition to your username and password.
For certain transaction eg. third party account transfers, the code is also required as additional protection.
You will receive an SMS notification for following transactions completed in online banking: Telegraphic Transfer, Demand Draft, Cashier Order, Credit Card payment and Transfer to 3rd Party with HSBC account.
SMS will be sent for transaction amount exceeding the minimum threshold limit.
To review and update your registered mobile phone number, you may logon to HSBC online banking, click "Services" on the Left Hand Menu, select "Update Personal Information" and update the "Mobile" field.
You should update your personal contact details on a timely basis.
When you log in to online banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// or a padlock symbol appears in the lower right hand corner of your browser.
Secure Sockets Layer (SSL) Encryption technology is used within your online banking session to encrypt your personal information before it leaves your computer in order to ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page.
At HSBC, we use 128-bit SSL Encryption, which is accepted as the industry standard level.
Any email service within online banking is similarly protected with encryption technology (unlike your regular email which is usually not secured).
If you forget to log-off after banking online, or your computer remains inactive for a period of time during a session, then our system will automatically log you off. Pages viewed during a secured session are not recorded in your PC's temporary files.
What you can do
There are many ways to enhance your protection on using online banking. HSBC would suggest you to follow the below.
Get the latest security updates and patches
From time to time, vulnerabilities are discovered in operating systems and internet browsers. Before the publisher can release a security patch to correct these weaknesses, they can be exploited by virus writers and hackers to gain unauthorised access to those PCs that have not yet been patched.
To check for patches and updates you should visit the publisher's website, typically in their Download section.
Microsoft users can visit: https://windowsupdate.microsoft.com which can automatically check what is required, and then suggest to download it
Use and update anti-virus software regularly
You may already be using anti-virus software but to be effective the software should be updated on a regular basis with the latest "virus definition" files. If you are unsure how to do this, you should refer to the program's own Help function.
It is a good idea to install anti-virus software if you don’t have any already. There are many effective programs to choose from. But be sure to visit the software provider’s genuine site because there are many fake products claiming to protect your computer but which may actually infect it with viruses.
Use personal firewalls
A firewall is another small program that helps to protect your computer and its contents from outsiders on the Internet. When properly installed, it stops unauthorised traffic to and from your PC.
Read our password advice
Keep your password secured - Passwords are the key to your online account information, to accounts at online stores and a host of other online activities. Your HSBC online banking password, together with your online banking ID, permits access to your bank accounts. For this reason your password should be unique and very well protected.
Keep them to yourself - Do not be tempted to share your passwords with anyone.
Be unique - Use passwords that are unique and not easy to guess.
Use letters, numbers and symbols - Passwords containing upper and lower case letters, numbers, and symbols are far harder to guess.
Be different - Avoid using the same password for different services.
Don't be personal - Do not be tempted to use passwords that can easily be guessed e.g. your name, your date of birth, telephone numbers, pet's name.
Never write them down - If you really need to record your password then use a code system or transpose some of the letters. No one at HSBC will ever ask you for your online banking password. If someone does ask you for it, they do not represent HSBC.
Change your passwords - Always change passwords that may have been compromised.
Contact the bank if you think someone else knows your online banking password.
Use an anti-spyware program
Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.
You may or may not wish for your internet usage to be monitored in this way. In addition, just as spyware can be used to improve the online experience it can also be used to extract personal information that you have entered, including passwords, telephone numbers, credit card numbers and identity card numbers.
Spyware is often loaded onto a PC as part of a free download of another service - for example a service that claims to improve the performance of your PC. Sometimes your agreement to the download is requested in the small print, but spyware may also be loaded onto your PC without your agreement or knowledge.
Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware, you will need to download and run a specialised anti-spyware program.
Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.
To learn more about online security, please visit the HSBC Group online security page.
What should I do if the security code on my Security Device is not accepted?
For security reasons, the security code is a unique number and is only valid for a certain period of time. If you input an expired security code when you logon to online banking, you will receive an error message. Please press the green button on the device to obtain a security code to enter. If the problem persists, please call our Call Centre 24-hour online banking hotline for assistance.
Email scams and phishing
You may be aware after recent reports in media about emails that are sent which appear to be from the bank. These are known as 'phishing' scams, where the emails attempt to direct you to a fraudulent website with the intention to try and capture your login ID's, password and HSBC/HSBC Amanah's security device algorithm.
How to identify and avoid email scams:
- HSBC/HSBC Amanah will never contact you or any of our customers via email asking you to validate your personal information such as username, passwords or account numbers.
- All requests for information from HSBC/HSBC Amanah are done via our website on a secure, encrypted connection.
- Before entering any of your personal information online, check the URL to see if it's the official HSBC website (https://www.hsbc.com.my)
- If the site you are directed to does not have a secure connection and does not begin with https, you should treat it with suspicion and contact our customer service representatives on 1300 88 1388 for HSBC and 1300 88 2626 for HSBC Amanah. Dial +603 8321 5400 for customers outside of Malaysia
These phishing emails will have an embedded hyperlink that redirects you to a fraudulent website.
This is an example of how the HSBC website looks under a secure connection, meaning that any information you enter will be kept safe.
What is phishing?
Phishing is an attempt by fraudsters to 'fish' for personal information such as the security details you use for banking. These emails may come from any source but is made to appear as if it came from your bank or an organisation you have registered with. The email will normally ask you to click on a link and/or to confirm your username or password - and through such responses they obtain your details.
How do they know where I bank?
They don't. They send out as many emails as they can and hope that they reach some customers.
What should I do if I believe someone might have obtained my security or personal details?
What makes my transactions on HSBC's online banking safe?
Each transaction on our online banking platform is protected by 'strong grade' encryption that keeps your information secure. On top of this, a Security Device that is provided to HSBC online banking users gives you a 2nd level of security. Apart from logging in with your online banking username and password, a unique once only time sensitive security code from the Security Device is needed when you perform an outward transfer Since the Security Device is to be kept by you at all times and the codes change constantly - only you will be able to access your account!
Phishing, fraudulent and spoof websites
Phishing involves an email message being sent out randomly, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer, etc.
The email will contain a link that takes you to a fraudulent & spoof website that looks identical, or at least very similar, to the organisation's genuine site.
You may be asked to provide personal security information eg. your account number, PIN, security code etc
A computer software program that gathers information about a computer user without the user's knowledge or informed consent. Transmits the collected information to an unauthorised organisation that expects to be able to profit from it in some way.
A type of computer virus that is a computer program masquerading as another program. Appears innocent, but your files could be damaged or erased if you open the program.
Safeguard your online banking with a touch of a button using our latest technology, your HSBC Security Device.
Online banking demos
Whether it's logging onto the system or paying a bill, learn how to navigate online banking using our tutorials.