Top of main content

Online Security

Ways that HSBC and you can help to keep your online banking secure

Online Security Features

As a bank we are used to thinking about security. The growth of the Internet has offered greater flexibility for us all, but it also brings new risks that must be guarded against. At HSBC, we use industry standard security technology and practices, focusing on three key areas – privacy, technology and identification to safeguard your account from any unauthorised access.

Discover what HSBC does to protect your Online Internet Banking and what steps you can personally take to improve your Online security.

Types of Fraud

There are various ways in which a fraudster may try to deceive you into giving them your personal and security details. They use these details to get access to your financial information with the bank and also set up payments out of your account into theirs.

Some of the more common frauds that are prevalent are:

Phishing Emails:

Phishing involves an email message being sent out to as many Internet email addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. To avoid getting phished you should never respond to email messages that request personal or financial information and never click on a link in such an email.

HSBC never asks you to disclose your personal or security details by email. If you receive such an email, do not respond to it and delete the email immediately.

The Security Device, one of a technological innovations from HSBC, takes online security to higher levels. To log on to your account on Internet Banking, you need to enter your existing username and password as usual, followed by the unique security code generated by the Security Device. This 2-step authentication process provides you with an enhanced level of security as access to your Internet Banking.


Trojans are usually emails that may contain files, pages or attachments that you are asked to open. Once opened, they can secretly install a program on your computer that can monitor your online activity, down to what keys you're pushing on what page.

This can mean the next time you enter your credit card details on your favourite online shopping website, the fraudsters will be alerted.

Money mule / Additional income email scam:

A recent scam involves someone offering, via an email or website, to pay funds into your account on the understanding you then transfer them overseas. In return, you supposedly get a commission.

Many of these scams involve the proceeds of fraud and you should ignore the request. Any customer that participates will become involved in a police investigation and we could close any account involved in this scam. If it looks too good to be true, it probably is a con.

Advanced Fee Fraud ('419' scams):

This involves unsolicited letters and email messages offering the recipient a generous reward for helping to move a staggeringly large balance of funds, usually in US Dollars.

The fraudsters are after banking details. The transactions typically require the recipient of the letter or email message to pay something like a fee / tax / bribe to complete the deal - this is the Advance Fee. Such fees will be lost.

If you suspect someone has access to your Internet Banking details, logon to Internet Banking to change your Password and immediately call us on our Phone Banking Numbers. HSBC's Phone Banking numbers are accessible 24 hours a day, 7 days a week*.

Steps HSBC has taken for Online Security

  • Multi-layer logon verification
    Your financial information is protected by a sophisticated combination of a unique Username and Password, and a one-time Security Code generated by your Online Security Device.
  • Transaction verification
    When you transfer money or pay bills online, HSBC prompts you for the Security Code generated by your Online Security Device. This ensures that only you can authorise payment and transfer requests.
  • 128-bit Secure Socket Layer (SSL) Encryption
    HSBC uses 128 bit Secure Socket Layer (SSL) Encryption for information transmitted during an Internet Banking session, which is accepted as the industry standard for encryption.
  • Automatic 'Time-out' feature
    As a security measure, your Internet Banking session will automatically shut-down or time-out, out after a period of not being used. You should always close your Internet Banking session when you have finished.

Your role in Online Security

You also have a role to play in Online Security

Adopt the following measures to ensure Internet Banking security:

  • Ensure your computer is protected with the latest anti-virus and firewall protection software at all times. Download updates regularly to ensure you have the latest protection
  • Choose a Password that is memorable to you but not easy to guess by someone else. Passwords that contain combinations of alpha and numeric characters are generally harder to guess (e.g. a7g3cy91)
  • Do not choose a Password that you use for other services. Your Password should be unique to Internet Banking
  • Change your Internet Banking Password on a regular basis
  • Never disclose your Internet Banking Password to anyone. A member of HSBC will never ask you for your Password
  • Do not write your Internet Banking Username together with your Password. Do not write your Password in a recognizable format and never leave your logon details with your Online Security Device
  • Disable functionality on your computer or browsers that remembers logon details
  • Keep your system and web browser updated. Manufacturers regularly release security patches when weaknesses are discovered in their systems and browsers. Check with your software provider for these updates on a regular basis.
  • Check the padlock symbol and site certificate. Double-click the padlock symbol at the bottom of your browser when you log-in to HSBC Online Banking to ensure the site certificate belongs to HSBC. This will ensure you're not being duped into entering your details on a 'fake' site.
  • Check your accounts regularly. If in doubt about any transactions, note the details and call us.
  • Always log-out after using Online Banking. Just select the log-out button and never leave your PC unattended while you're logged in to the service.

Tips for using Public Computers:

  • Avoid the use of public computers to do your banking, including those at libraries, internet cafes and schools.
  • Log out if you leave the computer, even if it is just for a moment. If possible, do not leave the computer unattended while you are still logged in.
  • Delete your browsing history before you log out of the computer: Internet browsers store information about your passwords and the pages that you visit. Go to the tools menu of the internet browser and select options or internet options. Make sure that the browser has any auto complete function turned off, delete any cookies, and clear the history.
  • Don’t type in sensitive information: Even if you take the precautions listed above, the public computer may have malicious software called a keystroke logger installed on it. These can steal your password, credit card number and bank details. Avoid doing financial transactions that could reveal sensitive information.

Need Help?

Visit our contact page to speak to us over the phone, email or online enquiry

More Information

Important Information

Terms & Conditions

* For Personal Banking and Credit Cards - Our PhoneBanking officers are available for enquires from 06:30 hrs to 20:30 hrs for general enquiries. IVR (Integrated Voice Recording) emergency services like Lost Card Reporting, Loss of Cheque book and Stop Cheque Instructions our PhoneBanking services are available 24 hours a day, 7 days a week to all customers.

Here's an easy way to share your thoughts, stay informed and join the conversation. Follow us: