Learn some tips to staying safe when banking online:
To learn more about online security, please visit the HSBC Group online security page.
HSBC will not display your personal information in emails or ask you to confirm any personal data by replying emails. The only exception is when responding to your enquiry, our customer service officers may contact you via email whereby some personal information is required. In such a case, please note that the email will be sent through and stored in an encrypted form in our secured online banking platform and you are required to logon using your username and password to access such emails.
HSBC is committed to protecting the security of our HSBC online banking customers. HSBC issues a Security Device to all HSBC online banking customers to offer better protection from a variety of potentially damaging attacks.
The Security Device has been selected by HSBC as the technology that best meets our customers' need for flexibility and portability, and our business volume requirements. The Security Device meets Bank Negara Malaysia's requirements for two-factor authentication, while providing the following benefits to our customers:
Security Device is a simple and convenient way to protect your bank transactions online. Every time you logon to HSBC online banking, you are required to enter a Security Code generated by this device, in addition to your username and password.
For certain transaction eg. third party account transfers, the code is also required as additional protection.
You will receive an SMS notification for following transactions completed in online banking: Telegraphic Transfer, Demand Draft, Cashier Order, Credit Card payment and Transfer to 3rd Party with HSBC account.
SMS will be sent for transaction amount exceeding the minimum threshold limit.
To review and update your registered mobile phone number, you may logon to HSBC online banking, click "Services" on the Left Hand Menu, select "Update Personal Information" and update the "Mobile" field.
You should update your personal contact details on a timely basis.
When you log in to online banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// or a padlock symbol appears in the lower right hand corner of your browser.
Secure Sockets Layer (SSL) Encryption technology is used within your online banking session to encrypt your personal information before it leaves your computer in order to ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page.
At HSBC, we use 128-bit SSL Encryption, which is accepted as the industry standard level.
Any email service within online banking is similarly protected with encryption technology (unlike your regular email which is usually not secured).
If you forget to log-off after banking online, or your computer remains inactive for a period of time during a session, then our system will automatically log you off. Pages viewed during a secured session are not recorded in your PC's temporary files.
There are many ways to enhance your protection on using online banking. HSBC would suggest you to follow the below.
From time to time, vulnerabilities are discovered in operating systems and internet browsers. Before the publisher can release a security patch to correct these weaknesses, they can be exploited by virus writers and hackers to gain unauthorised access to those PCs that have not yet been patched.
To check for patches and updates you should visit the publisher's website, typically in their Download section.
Microsoft users can visit: https://windowsupdate.microsoft.com which can automatically check what is required, and then suggest to download it
You may already be using anti-virus software but to be effective the software should be updated on a regular basis with the latest "virus definition" files. If you are unsure how to do this, you should refer to the program's own Help function.
It is a good idea to install anti-virus software if you don’t have any already. There are many effective programs to choose from. But be sure to visit the software provider’s genuine site because there are many fake products claiming to protect your computer but which may actually infect it with viruses.
A firewall is another small program that helps to protect your computer and its contents from outsiders on the Internet. When properly installed, it stops unauthorised traffic to and from your PC.
Keep your password secured - Passwords are the key to your online account information, to accounts at online stores and a host of other online activities. Your HSBC online banking password, together with your online banking ID, permits access to your bank accounts. For this reason your password should be unique and very well protected.
Keep them to yourself - Do not be tempted to share your passwords with anyone.
Be unique - Use passwords that are unique and not easy to guess.
Use letters, numbers and symbols - Passwords containing upper and lower case letters, numbers, and symbols are far harder to guess.
Be different - Avoid using the same password for different services.
Don't be personal - Do not be tempted to use passwords that can easily be guessed e.g. your name, your date of birth, telephone numbers, pet's name.
Never write them down - If you really need to record your password then use a code system or transpose some of the letters. No one at HSBC will ever ask you for your online banking password. If someone does ask you for it, they do not represent HSBC.
Change your passwords - Always change passwords that may have been compromised.
Contact the bank if you think someone else knows your online banking password.
Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.
You may or may not wish for your internet usage to be monitored in this way. In addition, just as spyware can be used to improve the online experience it can also be used to extract personal information that you have entered, including passwords, telephone numbers, credit card numbers and identity card numbers.
Spyware is often loaded onto a PC as part of a free download of another service - for example a service that claims to improve the performance of your PC. Sometimes your agreement to the download is requested in the small print, but spyware may also be loaded onto your PC without your agreement or knowledge.
Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware, you will need to download and run a specialised anti-spyware program.
Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.
To learn more about online security, please visit the HSBC Group online security page.
For security reasons, the security code is a unique number and is only valid for a certain period of time. If you input an expired security code when you logon to online banking, you will receive an error message. Please press the green button on the device to obtain a security code to enter. If the problem persists, please call our Call Centre 24-hour online banking hotline for assistance.
You may be aware after recent reports in media about emails that are sent which appear to be from the bank. These are known as 'phishing' scams, where the emails attempt to direct you to a fraudulent website with the intention to try and capture your login ID's, password and HSBC/HSBC Amanah's security device algorithm.
How to identify and avoid email scams:
These phishing emails will have an embedded hyperlink that redirects you to a fraudulent website.
This is an example of how the HSBC website looks under a secure connection, meaning that any information you enter will be kept safe.
Phishing is an attempt by fraudsters to 'fish' for personal information such as the security details you use for banking. These emails may come from any source but is made to appear as if it came from your bank or an organisation you have registered with. The email will normally ask you to click on a link and/or to confirm your username or password - and through such responses they obtain your details.
They don't. They send out as many emails as they can and hope that they reach some customers.
Each transaction on our online banking platform is protected by 'strong grade' encryption that keeps your information secure. On top of this, a Security Device that is provided to HSBC online banking users gives you a 2nd level of security. Apart from logging in with your online banking username and password, a unique once only time sensitive security code from the Security Device is needed when you perform an outward transfer Since the Security Device is to be kept by you at all times and the codes change constantly - only you will be able to access your account!
Phishing involves an email message being sent out randomly, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer, etc.
The email will contain a link that takes you to a fraudulent & spoof website that looks identical, or at least very similar, to the organisation's genuine site.
You may be asked to provide personal security information eg. your account number, PIN, security code etc
A computer software program that gathers information about a computer user without the user's knowledge or informed consent. Transmits the collected information to an unauthorised organisation that expects to be able to profit from it in some way.
A type of computer virus that is a computer program masquerading as another program. Appears innocent, but your files could be damaged or erased if you open the program.
Safeguard your online banking with a touch of a button using our latest technology, your HSBC Security Device.
Whether it's logging onto the system or paying a bill, learn how to navigate online banking using our tutorials.