Mobile Security Key
Available via the HSBC HK Mobile Banking app, the Mobile Security Key replaces your physical security device, allowing you to log in mobile banking easily. With the Mobile Security Key, you can generate security code to access internet banking service more quickly. Mobile and online banking would be safer and more convenient.
HSBC brings an easy and all rounded mobile banking experience to you. By using the new iOS Face ID, you can authenticate your identity and access your mobile banking in mere seconds - all with a simple look. Conveniently, you can also log in and confirm transactions in the HSBC HK Mobile Banking app through fingerprint authentication with iOS Touch ID and Android™ Fingerprint ID.
Activate the new Mobile Security Key and biometric authentication today to make your mobile and online banking experience that much easier. If you want to enable biometric authentication (e.g. Face ID*), please refer to the important information about associated risks in the relevant FAQ listed below on this page.
*For compatible phone only
Download the HSBC HK Mobile Banking app
Search "HSBC HK" from the App Store or Google Play™ and download the app. Activate your Mobile Security Key and biometric authentication now.
1. Bank-grade security
The new Mobile Security Key is packed with advanced security and protection features to give you peace of mind
2. Faster access
Log on faster with Mobile Security Key and biometric authentication to get things done quicker
3. Do more with biometric authentication
You can use iPhone, iPad and iPod touch models supporting Touch ID/Face ID or Android ™ compatible devices* supporting fingerprint authentication to instantly log on and perform mobile transaction signing with biometrics.
4. Simplified mobile and online banking
Mobile Security Key lets you enable push notifications** on the HSBC HK Mobile Banking app. That way, you'll be notified when your eStatements or eAdvice are available, or if you have any funds coming through Faster Payment System (FPS). Besides logging on to mobile banking, you can also use your Mobile Security Key to generate security code for logging on to Personal Internet Banking
How to activate your Mobile Security Key if you only have dual-password setup
How to activate your Mobile Security Key if you currently have a physical Security Device
How to switch your Mobile Security Key to a new phone (when you still have your old device)
How to switch your Mobile Security Key to a new phone (when you don't have your old device)
How to enable biometric authentication on compatible devices (Face ID/ Touch ID for Apple devices and *Fingerprint ID for Android™ devices)
How to 'Generate Security Code'
Frequently asked questions
Once your Mobile Security Key has been activated, your physical Security Device will be deactivated immediately. You can return this to any of our branches or dispose it yourself.
The new HSBC HK Mobile Banking app gives you access to your Hong Kong accounts only. If you need to access mobile banking in other countries outside Hong Kong, please keep the existing HSBC Mobile Banking app in addition to the new app.
You can also use Mobile Security Key to log on to Personal Internet Banking. Simply follow the below steps to generate the security code. There are also on-screen instructions available on the Personal Internet Banking log on page for you to follow.
- Launch the HSBC HK Mobile Banking app on your mobile device with Mobile Security Key activated
- Select "Generate Security Code" from the bottom of the app screen
- Select "Log on"
- Enter your Mobile Security Key password and tap "Generate code". You can also use Face ID on Apple iPhone X or newer models, iOS Touch ID and Android™ Fingerprint ID if you have it enabled
- Your security code will be displayed, please input in the relevant field in the Personal Internet Banking log on page
Q4 I have activated Mobile Security Key on a jailbroken / rooted device earlier, but I could no longer access the mobile app anymore, what should I do?
Since your device is jailbroken / rooted, your device may be less secure and may lead to fraudulent transactions. For security reasons and to protect your interest, you will not be allowed to use our app. In order to continue using our mobile banking services, you may contact our customer service hotline to register a physical Security Device or remove the Mobile Security Key from the jailbroken / rooted device, then you may reactivate Mobile Security Key on another non-jailbroken / rooted device. In the meantime, if you have dual password, you may logon with a non-jailbroken / rooted device or Personal Internet Banking to enjoy selected services, or use other channels to manage your banking needs.
Yes. Face ID is currently available only on the Apple iPhone X, iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max. You can enable Face ID to log on and confirm transactions if you have the latest HSBC HK Mobile banking app installed with Mobile Security Key activated on the device. To activate Mobile Security Key on your new phone, please refer to the step-by-step guide above. Please note that customers may need to grant permission before enabling Face ID if the Face ID pop-up message is shown.
The probability of a false match when using Face ID may be different under some circumstances, e.g. twins or siblings that look like you, or if you are in adolescence and disable "Require Attention for Face ID" function from your device settings.
Please refer to our FAQ page if you have any questions before enabling the Face ID function. Always enable "Require Attention for Face ID" or use your Mobile Security Key password if you have any security concerns.
Got further questions? You can find out more about the app and the Mobile Security Key on our FAQ page.
The screen displays and the images of the website are for reference and illustration purposes only.
Apple, the Apple logo, iPhone, iPad, iPod touch, Touch ID and Face ID are trademarks of Apple Inc., registered in the US and other countries. App Store is a service mark of Apple Inc.
Google Play and the Google Play logo are trademarks of Google LLC. Android is a trademark of Google LLC.
HSBC adopts the latest internet security measure with the adoption of EV SSL Certificate (Extended Validation SSL Certificate). With this verification certificate in place, you can instantly know you're on a genuine HSBC website. We suggest customer to check the digital certificate with a desktop computer.
*Fingerprint authentication is available on compatible Android™ devices running Android™ OS version 8.0 or later. In addition, the following devices will support fingerprint authentication: Samsung (Galaxy S10e, Galaxy S9, Galaxy S9+, Galaxy S8, Galaxy S8+, Galaxy S7, Galaxy S7 edge, Galaxy S6, Galaxy S6 edge, Galaxy S6 edge+, Galaxy A80, Galaxy A70, Galaxy A60, Galaxy A40s, Galaxy A20, Galaxy A9, Galaxy A8 Star, Galaxy A7, Galaxy A6+, Galaxy J6, Galaxy C9 Pro, Galaxy Note 9, Galaxy Note 8, Galaxy Note 5), LG (Q Stylus+, V40 ThinQ, V30+, V20, G7, G6, G6+), Sony (Xperia XA2 Ultra Dual, Xperia XA2 Plus, Xperia XZ3, Xperia XZ2, Xperia XZ2 Premium, Xperia XZ1 Dual, Xperia 10, Xperia 10+, Xperia 1, Xperia L3), Google (Pixel 3a, Pixel 3a XL, Pixel 3, Pixel 3 XL, Pixel 2, Pixel 2 XL, Pixel), Xiaomi (Mi 9 T Pro, Mi 9S, Mi 9T, Mi 9, Mi 8, Mi A3, Mi A2, Redmi Note 7, Mix 2S, POCOPHONE F1), Huawei (Mate 20 Pro, Mate 20 X, Mate 20, Mate 10, Mate 10 Pro, P30, P30 Pro, P 20, P20 Pro, nova 4, nova 3i, Y9 Prime 2019), Nokia (9 Pureview, 8.1, 8, 8 Sirocco, 7 Plus, 6.1 Plus), OnePlus (7, 7 Pro, 6, 5T, 6T), OPPO (R17, R15, Reno 10X Zoom, Find X), Blackberry (Key2, Key2LE), Vivo (NEX Dual Display, iQOO Pro), ZenFone(6) and HTC (U12+).
** You should ensure that your mobile phone and other telecommunications equipment and related services are capable of receiving Push Notification Alerts through push notifications. Push notification runs on the service provided by Apple Inc. ("Apple") or Google LLC ("Google"), as applicable. Any delay or failure in delivering push notification messages due to Apple's or Google's service or network connectivity is beyond our control.