Security is a top priority for us. Both you and we play an important role in safeguarding against fraud. This section outlines what you need to do and what we will do to help maintain security when using this site/app.
What we will do
We try to protect your personal data against unauthorised or accidental access or processing. We do this by:
- implementing appropriate physical, electronic and internal processes to safeguard and secure your personal data,
- using 128-bit Transport Layer Security ("TLS") encryption technology, which is an industry standard for encryption over the internet to protect data, in the secure area of this site/app. When you provide sensitive information such as credit card details, it will be automatically converted into codes before being securely dispatched over the internet,
- protecting our web servers behind "firewalls" and our systems are monitored to try to prevent any unauthorised access,
- using the secure email facility if we need to send personal data to you by email. We won’t send your personal data by ordinary email,
- taking all practical steps to ensure that personal data will not be kept longer than necessary and we comply with all laws and regulations in the Hong Kong Special Administrative Region concerning the retention of personal data.
What you need to do
Keep your account details and security details secure.
This means taking steps like:
- not sharing or allowing anyone else to know your username or password, so don’t write them down. We’ll never verbally ask you for your password,
- choosing a username and password that are not easily identifiable by others (such as your birthday, telephone number or email address),
- using the secure email facility on this app/website for general enquiries.
Keep your device on which you access the site/app secure.
This means taking steps like:
- keeping your device locked when not in use, with a PIN, password or biometric authentication,
- not sharing your device. If you do allow someone else to use your device, please supervise their use to ensure that they don’t access your accounts,
- not sharing or allowing anyone else to know any access password that you use on your device,
- if you choose to activate the feature that allows you to use your biometric credentials to log onto your device or this app, ensuring that only your biometric credentials are registered on the device to avoid unauthorised access by other people,
- only downloading HSBC apps and its updates from an official app store and not from any unofficial sources,
- installing the latest anti-virus and anti-spyware software on your device that you use to access this site/app, and keeping it updated. When installing protection, always use a reputable brand from a mainstream supplier,
- ensuring the operating system running on your device and the security update is up to date,
- not disclosing your online banking credentials to any third parties (including third party mobile aggregator apps),
- not using HSBC apps and the Mobile Security Key Feature on any device or operating system that has been modified outside the mobile device or operating system vendor supported or warranted configurations. This includes devices that have been "jail-broken" or "rooted". A jail broken or rooted device means one that has been freed from the limitations imposed on it by your mobile service provider and the phone manufacturer without their approval. The use of HSBC apps and the Mobile Security Key feature on a jail broken or rooted device may compromise security and lead to fraudulent transactions which we may not be responsible for.
If you think that your device has been lost, stolen or is being used by another person or if you think your username or password is known by someone else, please tell us straight away. You may be responsible for unauthorised payments made from your accounts if you have not kept your device, account details or security details safe or if you haven’t followed the security precautions that we advise you to follow from time to time.
For more tips on staying safe on internet banking, please read: www.hsbc.com.hk/safe-internet-banking, and on mobile banking, please read: www.hsbc.com.hk/mobile-security
We may record your visit to this site/app for analysing the number of visitors to this site/app, general usage patterns and your personal usage patterns and improving your experience. We may gather some of this information through the use of "cookies".
What is a cookie?
Cookies are small bits of information that are automatically stored on your web browser in your computer, mobile phone or other device for accessing the internet that can be retrieved by this site/app. We will be able to access the information stored on the cookies and record how you use this site/app.
Cookies are useful because they allow us to recognise your device and they store information about your use of this site/app which enables us to provide more useful features to you, to tailor the content of our website and mobile applications to suit your interests and, where permitted by your marketing preferences, provide you with promotional materials or direct marketing based on your usage patterns.
What if I don’t want you to do this?
Most browsers are initially set to accept cookies. If you prefer, you can set your browser to disable cookies – you can do this through your browser setting (your browser’s ‘help’ function should tell you how to do this). You cannot manage cookies in the app.
By disabling cookies, you may not be able to take full advantage of this site, including HSBC Internet Banking.
If you accept cookies during your use of this site or continue to use this app, you will be acknowledging that your information is being collected, stored, accessed and used as outlined above.
Will you provide data obtained via cookies to anyone else?
We may work with third parties to research certain usage and activities on this site/app on our behalf. These third party agencies include Doubleclick, Yahoo!, Facebook, Nielsen//NetRatings and Adobe.
They use technologies such as cookies, spotlight monitoring (this manages tagging which is used for example, to track which advertisement users clicked on to take them to a site) and web beacons (these are used to monitor the behaviour of the user, for example whether they scroll down a page) to collect information for this research. They use the information collected through such technologies (i) to find out more about users of this site/app, including user demographics and behaviour and usage patterns, (ii) for more accurate reporting and (iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us.
As part of the information that we share with them, we may share your advertising identifier and "installation event" (which means the data in relation to when you first install or use this site/app). No personally identifiable information about you is collected or shared by third party agencies with us as a result of this research.
Should you wish to disable the cookies associated with such technologies, you may change the setting on your browser. However, you may not be able to enter certain parts of this site, including HSBC Internet Banking.
All of these links are external to HSBC and so we’re not responsible for the content of these links, which will open in new windows.
You may be subject to an earlier version of this privacy notice (known as Notice to Customers relating to the Personal Data (Privacy) Ordinance) if you have not consented to subsequent changes to the earlier notice.
IMPORTANT: By accessing this site/app and any of its pages you are agreeing to the terms set out above. Thank you for choosing HSBC.
Yahoo! is trademark and/or registered trademarks of Yahoo! Inc. in the U.S.
Facebook is a registered trademark of Facebook Inc. in the United States and other countries.
Nielsen and Netratings are trademarks of The Nielsen Company (US), LLC. registered in the US.
"Adobe" is either registered trademark or trademark of Adobe Systems Incorporated in the United States and/or other countries.
Doubleclick is a trademark of Google Inc.