Online Security - How To Protect Against Online Fraud?

At HSBC, we take Online Security very seriously and we want to protect our customers as much as possible. That's why we are providing you with this important advice. While we have equipped online@hsbc with industry standard security technology and practices to ensure that our customers are protected against fraud, you play an important part in protecting your account/transactions.

Read more

• FASTEN UP!*
• The 5 Golden Rules

* FASTEN UP! is an Infocomm Development Authority of Singapore (IDA) initiative. Reproduced with permission from Infocomm Development Authority of Singapore (IDA), 2005

What is?

• Phishing
• Spyware
• Fraudulent & Spoof Websites
• Secure Sockets Layer (SSL)
• Trojan Horse
• Fraudulent Emails

Phishing

Description
Phishing involves an email message being sent out to as many email addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. The email requests the recipient to update or verify their personal and financial information, including date of birth, log in information, account details, credit card numbers, PIN numbers etc.  Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organisation being imitated, to respond to the email and to provide the information being requested.

Tips

• NOTHING, unless you are absolutely sure of the validity of the sender and the legitimacy of their request.
• Be aware that HSBC will NEVER ask customers for such confidential banking data in their emails.
• Do not respond to any emails that request such information or click on an embedded hyperlink.
• Update your anti-virus software and also change your Password REGULARLY.

Spyware

Description

• It is a computer software program that gathers information about a computer user, in most cases without the user's knowledge or informed consent.
• It transmits the collected information to an organisation/person who potentially can manipulate the information.
• Such software program may claim to be able to speed up your internet connections but in fact redirects your internet session through their own servers.
• This could mean that Spyware has the ability to gain access to your passwords, PINs, credit card numbers and other personal transactional details.
• Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this anti-virus software is not effective in identifying and removing spyware. In order to find out if spyware is present on your PC, it is necessary to download and run specific anti spyware programs.
• Examples of anti-spyware security software products available at present are eTrustTM PestPatrol@, Anti-Spyware, McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable product to protect against the possible security threats of spyware on your PC.

Tips

• To prevent the spyware installation without your consent, remember not to download any freeware onto the computer that you access internet banking with.
• You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definition files.
• Change your Password REGULARLY.
• Always run an anti-virus software program and/or anti-spyware software before you download other programs or open e-mails.
• If you think that you have installed such software in your PC, you may wish to seek professional IT advice on steps to be taken to uninstall the software from your PC.

Fraudulent & Spoof Websites

Description

• Authentic-looking websites created by Internet fraudsters that look like other respectable websites, such as ours.
• Attract people to their sites through phishing emails.
• Urgently ask for personal, confidential information.

Tips

• Make sure you're connected to the official HSBC site before keying in any confidential data.
• Do not access your internet banking account directly through hyperlinks embedded in e-mails.
• Type www.hsbc.com.sg directly on the browser address bar.
• Check for the locked padlock symbol at the bottom right hand corner of your browser.
• Ensure the secure browser session is established with HSBC by verifying the information, such as the issuer and the date on the server certificate
• Change your Password REGULARLY.

Secure Sockets Layer (SSL)

Description

• An SSL Certificate enables encryption of sensitive information during online transactions.
• Each SSL Certificate contains unique, authenticated information about the certificate owner.
• A Certificate Authority verifies the identity of the certificate owner when it is issued.

Tips to ensure online security

• Only log on to HSBC Internet Banking by typing the entire HSBC website address into your browser. Never log on to Internet Banking via a link from an e-mail. For example, you can type "www.hsbc.com.sg" into the browser address field and then, click on the "Log on" button.
• Always ensure that you are on a secure website before submitting credit card or other sensitive information via your Web browser. To make sure you are on a secure website, first check the beginning of the Web address in your browser’s address field - it will be "https://" rather than "http://".
• Secure websites will also contain a padlock icon on the status bar at the bottom of the browser.
  
  
  (The sample screen is captured from Internet Explorer and the screen in other browser may look different).
  
  
• Double click on the padlock icon and you will see the details of the security certificate, which says that it is issued to HSBC.
  
  
• To verify that the website is authentic, check for the following details
  - The certificate is issued to www.hsbc.com.sg
  - The certificate is issued by Verisign.
  - The certificate has a valid date.
  
• If you receive SSL certificate warning messages presented by the browsers (e.g. invalid date, entrusted certifying authority, name mismatch, failed to retrieve revocation list, etc), please do not continue with the application. If you suspect a website is fraudulent, leave the site and do not follow any of the instruction it may present to you.
  
• If you still receive the same message, please call us on 1800-HSBC NOW (4722 669) in Singapore or (65) 6-HSBC NOW (4722 669) from overseas for further assistance.

Trojan Horse

Description

• A type of computer virus that is a computer program masquerading as another program.
• Appears innocent, but your files could be damaged or erased if you open the program.

Tips

• Install anti-virus software, personal firewall and security patches.
• Always run an anti-virus software program before you download other programs or open emails.
• Update your anti-virus software and also change your Password REGULARLY.

Fraudulent Emails

You may have in the recent past read or heard of fraudulent e-mails sent to customers of large financial institutions in many countries. These e-mails typically tempt the institutions' customers to click an embedded "link" to a fairly realistic looking web site that mimics the look of the institution's own web site, where they are then asked to enter their usernames, passwords and other personal and confidential banking details.

At HSBC, we take the privacy and confidentiality of our customers' information very seriously and will never request your personal and financial information via e-mail. The following information/checklist will quickly help you determine whether a request for information is legitimate and how you can help in keeping your account/transactions safe.

Remember

• HSBC will never ask for your logon details and personal information for internet banking, phonebanking or ATM services. These include your Username, Password, PIN, security code, account number, identification/ passport number, address, phone number, etc.
• When you call us, you may be asked to input your Password or PIN for authentication. Do not speak out the Password, PIN or security code during the call, as no call centre representative will ever ask for this over the phone. If you have forgotten your Password or PIN, a few questions relating to your personal information, NOT your Passwords or PIN, will be asked for authentication.

Never

• Follow a link within an email to start an Internet banking session. Instead, log on directly from your browser.. This will avoid you from being sent to a false site. Remember: No email from HSBC will contain a hyperlink to our online@hsbc logon page.

Always

• Check for a locked padlock symbol at the bottom right corner of your browser.

Tell Us

• Please advise us immediately if you receive either a suspicious email or phone call asking you to enter your logon details. DO NOT act on it even if it appears to be from HSBC.

Questions?
We assure you that we have equipped online@hsbc with industry standard security technology and practices to ensure that our customers are protected against fraud.

• For any questions or to report a suspicious email, please contact our 24-hour Customer Service Hotline on 1800-HSBC NOW (4722 669) in Singapore or (65) 6-HSBC NOW (4722 669) from overseas.

We encourage our customers to also note the following security tips:

• Keep your account details secure;
• Never write down your online@hsbc security credentials or reveal it to anyone
• Not to access your account in public places e.g. internet cafes;
• Change your Password on a regular basis;
• Log off properly using the "Logoff" button, when you have finished an Internet banking session;
• Always disconnect from the Internet when finished; never leave a connection on when not using the service;
• Install a personal firewall and virus detection software on personal computers, and update them regularly to ensure protection.