Online banking is fast and convenient, but it’s important to make sure you aren’t exposing yourself to fraud or financial crime. Follow these tips to keep your accounts and private data secure.
What you can do to keep your internet banking safe
Accessing your account
- Avoid using public computers to do online banking
- Never share your personal security details (PIN or security code) with anyone
- If you find any unusual pop-ups or your computer starts running unusually slow, please do not enter in your personal details and/or credit card information. Report it immediately to our Customer Services Hotline
- Watch out for money-laundering scams. Be wary of any “business opportunity” that involves receiving or holding money for strangers
- Only use secure and trusted wireless networks. Add a password for your own home Wi-Fi network
If you receive any email or SMS claiming to be from HSBC, remember that:
- We will never ask you to confirm or provide us with any personal data by replying to an email1
- We will only ask for your partial second password and never ask for your full second password when you use dual password mode to log on to Personal Internet Banking
- We will not ask you to provide excessive information such as name, date of birth, HKID/passport number, credit card number, CVV/CVC code and the expiry date
- Our emails and text messages never include hyperlinks to the HSBC Personal Internet Banking log on page, or any page that asks you to fill in personal information
Monitoring your account
- Check statements, emails and SMS notifications as soon as you receive them. If you spot any unusual transactions, report them to the bank immediately. Use HSBC Online Banking or the HSBC Mobile Banking app to check transactions on your account more frequently.
- Always keep the electronic receipt for fund transfers and bill payment transactions to help you verify transactions.
Protecting your pin
- Never tell your PIN to anyone, even if they claim to be from the bank or the police
- Memorise your PIN and never write it down
- Choose a PIN that’s hard to guess
- Use different PINs for different websites and channels (ATM, Phone Banking, Online and Mobile Banking)
- Remember that our representatives will never ask you to say your Phone PIN out loud. If you need to use your Phone PIN, you will only have enter it on the keypad of your phone
At HSBC, we use 5 methods to make sure Personal Internet Banking is secure.
- Multi-layer log on verification
Your financial information is protected by a combination of a unique username, a memorable answer, and a one-time security code generated by your Security Device / Mobile Security Key or a second password.
Learn more about the Security Device / Mobile Security Key
- Transaction verification
When you transfer money to third parties or pay bills online, HSBC asks you for a transaction code generated by your Security Device / Mobile Security Key. This ensures that only you can authorise payment and third party transfer requests.
- TLS Encryption
HSBC uses TLS 1.2 Encryption, the industry standard level.
- Automatic 'Time-out' feature
You should always log out and close your browser window when you have finished your Personal Internet Banking session,especially when you are in public.
If you forget to do that, we will automatically log you out of Personal Internet Banking after a period of inactivity.
Leaving your computer unattended while you are logged on could cause your personal data and sensitive information to be leaked, which could lead to fraud attacks against you.
- SMS/email notifications2
We’ll text you when you perform certain transactions on HSBC Personal Internet Banking. The SMS or email notification will include the partial account number of the beneficiary, transaction amount and time of transaction to help you verify things. Call HSBC immediately if you receive an alert for any transaction you don't recognise.
- The only exception is when responding to your enquiry, a customer service officer might contact you via email with a request for some personal information is required. In such a case, please note that the email will be sent through and stored in an encrypted form in our secured internet banking platform (HSBC Personal Internet Banking) and you will need to enter your username and password to access such emails.
- We recommend that you review and update your registered mobile phone number by logging on to
Online Banking and selecting ‘Personal details’ under ‘My profile’. Once logged on you can also change your notification preferences by going to ‘My banking’> ‘More services’ > ‘Manage eAlerts’.