Top of main content

Credit Card Security Alerts

Safety measures to keep your credit card secure

We have security features to reduce your risks against fraudulent activities.

Security notifications

SMS alerts will be sent to your registered mobile phone number for the following:

  • First Card transaction
  • Transactions above threshold amount
  • linking your credit card to your Apple Pay or Google Pay™

For online purchases authentication at participating 3-Domain Secure (3DS) merchants, alerts are sent through:

  • in-app authentication service via HSBC Singapore app or
  • one-time password (OTP) sent via SMS to your registered mobile phone number

Transactions above threshold amount

Transaction alerts are triggered when your credit card is used for an amount that is above a predefined threshold limit. This alert helps you detect potential fraudulent activity - anytime and anywhere.

Starting from December 2023, we'll be lowering the default credit card transaction threshold limit for notification alerts to be sent from SGD1,000 to SGD500 (or from USD1,000 to USD500). Your threshold limit setting will not be changed if you've previously requested for a limit lower or higher than SGD1,000 (or USD1,000). You can adjust your transaction threshold limit settings by submitting a request form available on HSBC website.

We're also making changes to the way you'll receive such transaction alerts. If you have registered for HSBC mobile banking, you'll receive the transaction alerts via push notification and email, instead of SMS. This will be done progressively from December 2023.

If you have not registered for mobile banking, the alerts will remain via SMS and/or email. However, given the risk in SMS fraud, we recommend that you register for mobile banking.

To register, details are available at HSBC Singapore website > Banking Accounts & Services > Help & Support > Ways to Bank.

To ensure you don't miss such alerts:

  1. Enable push notifications: Go to the HSBC Singapore app > Tap on Profile icon > Tap on Communication preferences > Tap on Push notifications > Enable
  2. Provide your current email address (if you have not) via online banking or Myinfo

We shall not be liable in any way whatsoever to you or to any other party for any loss or damage in the event that such transaction notification alert is received by a third party. It is your responsibility to monitor your card account transactions (which shall include enabling transaction notification alerts on any device used to receive transaction notification alerts from HSBC and opting to receive all transaction notification alerts for all outgoing transactions of any amount made from your card account) including without limitation any suspicious or omitted transactions.

Protection from Scam

To protect yourself from scam, please do not disclose your personal particulars and banking information/credentials (inclusive of OTP) to any alert or request that is not initiated by you.

Please inform us immediately to verify the authenticity of such requests, or for any suspected fraud.

Change of personal particulars

Please update us as soon as possible when there is a change of your mobile phone number and email address, so that you can continue to receive security notifications. To do so, please visit our branch or download Personal particulars update form from Forms and Download page.

Magnetic stripe activation for card-present purchases overseas

The magnetic stripe on your credit card is disabled to prevent unauthorised transactions. The EMV chip on your credit card remains active for local and overseas transactions. 

However, it is worth noting that there may be overseas merchants (in countries/regions such as Japan and Korea and USA) which may use magnetic stripe readers at their point-of-sale terminals. 

To activate the magnetic stripe on your credit card, please call 1800 227 6868.

Security of cards and PINs

You shall at all times ensure that cards and any record of PINs or any password, code or other arrangement that may be required to authenticate any payment transaction or cardholder (each, an “Access Code”) are not misused, disclosed, lost or stolen. You must: 

  1. sign your card as soon as you receive it; 
  2. not record any Access Code on your card or on any article normally carried with your card and/or which is liable to loss or theft with your card, or keep a record of any Access Code in a way that allows any third party to easily misuse the Access Code; 
  3. if you keep a record of any Access Code, take all reasonable care and precaution to secure the record, including keeping the record:
    1. in a secure electronic or physical location accessible or known only to you; and
    2. in a place where the record is unlikely to be found by a third party;
  4. not permit any other person to use your card;
  5. not disclose any Access Code or make it available to any other person (including a family member or one of our staff );
  6. use care to prevent anyone else from seeing any Access Code being entered in a terminal; and
  7. observe such security tips as we may notify from time to time.

Learn more about how to protect yourself from online fraud.

Listening to what you have to say about services matters to us. It's easy to share your ideas, stay informed and join the conversation.