Online security

Beware of financial scams promising unrealistic high returns. If it sounds too good to be true, it probably is. Do not be a scam victim. When in doubt, please call BNMTELELINK at 1-300-88-5465.

Here's how to stay safe when using online banking and mobile banking:

• Don't use a public computer to access your bank account
• Never disclose your personal security details such as your account number, PIN or security code to others
• Be wary of scams that involve receiving or holding money for strangers
• Immediately report any unusual transactions that you see on your statement 
• Always keep your electronic receipts for fund transfers and bill payment transactions
• Memorise your PIN and do not write it down
• Select PINs that cannot easily be guessed
• Use different PINs for different websites
• Never disclose your PIN to anyone, including the police or anyone claiming to be from HSBC 
• Set transfer limits according to your banking needs, and avoid setting limits that are higher than what you'd usually transfer
• Do not use a jailbroken or rooted mobile device, as this removes important security features from your device
• Turn on push notifications to receive alerts from HSBC (find out more about push notifications here) 

To learn more about online security, please visit the HSBC Group online security page. 

HSBC Amanahwill not display your personal information in emails or ask you to confirm any personal data in an email. The only exception is when our customer service staff are replying to your enquiry via email. If we need to do this, then we'll email you by using an encrypted form in our secured online banking platform. You'll need to log on using your username and password to access this.

We're committed to protecting your security when you use online banking. The Mobile Secure Key (MSK) is a safe, convenient way to generate unique, one-time security codes on the HSBC Malaysia Mobile Banking app so that you can log on and approve transactions without needing a physical Security Device.

Your MSK provides two-factor authentication to protect your activity and information. It also has the following benefits:

•  Safe and secure - you're the only person who can access your accounts and transactions, and there's an added layer of protection with biometric authentication and your 6-digit PIN
• Always with you - your MSK is available on the HSBC Malaysia Mobile Banking app so long as you've got your mobile device with you
• Fast and reliable - you can activate your MSK with a few taps of your mobile, rather than needing to wait for us to send you a physical Security Device
• Environmentally friendly - your MSK has a lower carbon footprint compared to the physical Security Device as it doesn't need to be manufactured, shipped, packaged, and disposed

There's also a 12-hour cooling-off period for MSK set-up. If you get an SMS from us saying your MSK has been set up, but you didn't authorise this, you can report this to us during this time period.

You'll get an SMS from us if you make a telegraphic transfer, credit card payment, or transfer to a third party. We'll also send an SMS if you try to make a transaction that exceeds your maximum transaction limit.

You can check and update your registered mobile phone number by calling the HSBC Contact Centre or by visiting your nearest branch. Make sure that you check and update your contact details promptly if they've changed.

You can apply for SMS notifications using the SMS application form. 

You'll get push notifications on your mobile device for certain services. For example, if you're using the HSBC Malaysia Mobile Banking app and have enabled push notifications, then you'll receive a notification when your credit card eStatement is ready. 

You can find out more about push notifications here.

It's important that your online banking sessions are secure. You can check if you're in a secure session by looking at the URL address of the webpage, which should start with the characters 'https://', or if a padlock icon appears in the lower right-hand corner of your browser.

Your online banking sessions use Secure Sockets Layer (SSL) encryption to protect your personal information. This ensures that nobody else can access it. Depending on the browser you're using, a pop-up window might appear to tell you that you're entering a secure page.

We use 128-bit SSL encryption at HSBC, which is the industry standard. Any email messaging service that you might use within your online banking is also protected with encryption technology.

There are many ways to enhance your protection on using online banking. HSBC Amanah would suggest you to follow the below.

From time to time, vulnerabilities are discovered in operating systems and internet browsers. Before the publisher can release a security patch to correct these weaknesses, they can be exploited by virus writers and hackers to gain unauthorised access to those PCs that have not yet been patched.

To check for patches and updates you should visit the publisher's website, typically in their Download section.

Microsoft users can visit: https://windowsupdate.microsoft.com which can automatically check what is required, and then suggest to download it.

You may already be using anti-virus software but to be effective the software should be updated on a regular basis with the latest "virus definition" files. If you are unsure how to do this, you should refer to the program's own Help function.

It is a good idea to install anti-virus software if you don’t have any already. There are many effective programs to choose from. But be sure to visit the software provider’s genuine site because there are many fake products claiming to protect your computer but which may actually infect it with viruses.

A firewall is another small program that helps to protect your computer and its contents from outsiders on the Internet. When properly installed, it stops unauthorised traffic to and from your PC.

Keep your password secured - Passwords are the key to your online account information, to accounts at online stores and a host of other online activities. Your HSBC Malaysia online banking password, together with your online banking ID, permits access to your bank accounts. For this reason your password should be unique and very well protected.

Keep them to yourself - Do not be tempted to share your passwords with anyone.

Be unique - Use passwords that are unique and not easy to guess.

Use letters, numbers and symbols - Passwords containing upper and lower case letters, numbers, and symbols are far harder to guess.

Be different - Avoid using the same password for different services.

Don't be personal - Do not be tempted to use passwords that can easily be guessed e.g. your name, your date of birth, telephone numbers, pet's name.

Never write them down - If you really need to record your password then use a code system or transpose some of the letters. No one at HSBC Amanah will ever ask you for your online banking password. If someone does ask you for it, they do not represent HSBC Amanah.

Change your passwords - Always change passwords that may have been compromised.

Contact the bank if you think someone else knows your online banking password.

Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.

You may or may not wish for your internet usage to be monitored in this way. In addition, just as spyware can be used to improve the online experience it can also be used to extract personal information that you have entered, including passwords, telephone numbers, credit card numbers and identity card numbers.

Spyware is often loaded onto a PC as part of a free download of another service - for example a service that claims to improve the performance of your PC. Sometimes your agreement to the download is requested in the small print, but spyware may also be loaded onto your PC without your agreement or knowledge.

Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware, you will need to download and run a specialised anti-spyware program.

Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.

To learn more about online security, please visit the HSBC Group online security page.

For security reasons, the security code is a unique number and is only valid for a certain period of time. If you input an expired security code when you logon to online banking, you will receive an error message. Please press the green button on the device to obtain a security code to enter. If the problem persists, please call our Call Centre 24-hour online banking hotline for assistance.

You may be aware after recent reports in media about emails that are sent which appear to be from the bank. These are known as 'phishing' scams, where the emails attempt to direct you to a fraudulent website with the intention to try and capture your login ID's, password and HSBC/HSBC Amanah's security device algorithm.

Here's how you can identify and avoid email scams:

• Remember that HSBC/HSBC Amanah will never contact you via email to request confirmation of your personal information such as your username, passwords or account numbers. If you receive such an email, report it to us as it's fraudulent.
• Don't open attachments or click on links in emails if you suspect they may be part of a scam attempt.
• If you've received an email from HSBC you suspect isn't genuine, forward it immediately to phishing@hsbc.com, then delete the email and empty your deleted items folder.