How to keep your online banking experience safe and secure

Online banking is fast and convenient, but it’s important to make sure you aren’t exposing yourself to fraud or financial crime. Follow these tips to keep your accounts and private data secure.

What you can do to keep your online banking safe

Accessing your account

  • Avoid accessing your bank account with public computers
  • Never share your personal security details (e.g. account number,PIN or security code) with anyone
  • If you find any unusual pop-ups or your computer starts running unusually slow, please do not enter in your personal details and/or credit card information.
  • Watch out for money-laundering scams. Be wary of any “business opportunity” that involves receiving or holding money for strangers
  • Only use secure and trusted wireless networks. Add a password for your own home Wi-Fi network

If you receive any email or SMS claiming to be from HSBC, remember that:

  • We will never ask you to confirm or provide us with any personal data by replying to an email1
  • We will not ask you to provide excessive information such as name, date of birth, Malaysia Identity Card (ID) number/passport number, credit card number, CVV code and the expiry date

 

Monitoring your account

  • Check statements, emails and SMS notifications as soon as you receive them. If you spot any unusual transactions, report them to the bank immediately. Use HSBC Amanah Online Banking 
    or the HSBC Malaysia Mobile Banking app to check transactions on your account more frequently.
  • Always keep the electronic receipt for fund transfers and bill payment transactions to help you verify transactions.

 

Protecting your pin

  • Never tell your PIN to anyone, even if they claim to be from the bank or the police
  • Memorise your PIN and never write it down
  • Choose a PIN that’s hard to guess
  • Use different PINs for different websites and channels (ATM, Phone Banking, Mobile Banking)
  • Remember that our customer service officer will never ask you to say your 6-digit Telebanking Personal Identification Number (TPIN) out loud. If you need to use your TPIN, you will only have enter it on the keypad of your phone

At HSBC, we use 5 methods to make sure online banking is secure.

  1. Multi-layer log on verification
    Your financial information is protected by a combination of a unique username and password or a one-time security code generated by your Security Device.
    Learn more about the Security Device

  2. Transaction verification
    When you transfer money to third parties or pay bills online, HSBC asks you for a security code generated by your Security Device. This ensures that only you can authorise payment and third party transfer requests.

    For FPX transactions, you have the options to authenticate your transaction via your Security Device or SMS One-Time Password (OTP).

  3. SSL Encryption
    HSBC uses 128-bit SSL Encryption.

  4. Automatic 'Time-out' feature
    You should always log out and close your browser window when you have finished your online banking session,especially when you are in public. If you forget to do that, we will automatically log you out after a period of inactivity. Leaving your computer unattended while you are logged on could cause your personal data and sensitive information to be leaked, which could lead to fraud attacks against you.

  5. SMS/email notifications
    We’ll text you when you perform certain transactions on HSBC Amanah Online Banking. The SMS or email notification will include the partial account number of the beneficiary, transaction amount and time of transaction to help you verify things. Call HSBC immediately if you receive an alert for any transaction you don't recognise.

1The only exception is when responding to your enquiry, a customer service officer might contact you via email with a request for some personal information is required. In such a case, please note that the email will be sent through and stored in an encrypted form in our secured online banking platform (HSBC Amanah Online Banking) and you will need to enter your username and password to access such emails.