Online security

Nowadays, most of us use the internet. We like to e-mail, chat and have fun online as well as use it to buy and sell things and do our banking.

Unfortunately, it also provides opportunities for criminals to:

  • Infect your computer with spyware and steal your identity
  • Mess up your computer with pop-ups and viruses
  • Send you spam and scam e-mails
  • Trick you into visiting fake websites and handing over personal information
  • Hack into your wireless network

Protect yourself online

In our view, there are a few key rules that offer the most protection online for the least amount of effort. They are not all the measures you can take, but they are an excellent start – and they apply equally to business owners and to private individuals.

What you should always do:

Make sure you have the latest security updates and patches

From time to time, weaknesses are discovered in programmes running on your computer. These weaknesses can be exploited by virus writers and hackers to gain access to computers. As such, publishers will release 'patches' from time to time to correct these weaknesses.

To check for patches and updates you should visit the publisher's website, typically their 'Download' section. Generally, the latest versions of an operating system family (like Microsoft Windows) or browser (like Internet Explorer, Google Chrome, Apple Safari, etc) is the most secure.

Microsoft users can visit:, which can automatically check what is required for both your operating system and browser and then download it at your request.

Apple Mac users can visit: and navigate to Software Update where a list of the most recent security updates is available for download. Alternatively by clicking from the Apple Menu on your Mac device and selecting Software Update you can also be sure you are running with the latest security updates available.

Install anti-virus software

Anti-virus software protects you, your privacy and your money.

Viruses are bad news. They steal personal information, take over your PC, pop up unwanted adverts and they can even use your computer to attack other people's computers.

You may also hear them called malware, trojans, spyware or adware.

Anti-virus software protects you against all of them.

To work properly, anti-virus software has to download updates regularly over the internet. Out-of-date anti-virus software will have flaws.

Any file with no extension (eg just named ‘file’) or a double extension (eg is almost certainly a virus and should never be opened. Also, never open an e-mail attachment that is unknown to you and in particular contains a file ending with .exe, .pif and .vbs because these are commonly used with viruses.

It is a good idea that you install anti-virus software if you don't have any already. There are many effective programmes to choose from, but the most common commercial products include McAfee†, Trend Micro, Sophos, Symantec and F-Secure. It is also possible to obtain free anti-virus protection from Microsoft Security Essentials, Grisoft AVG Anti-Virus, Avira, Avast and ClamWin.

†McAfee® software download is only available to PC users.

However, be sure to visit the genuine site because there are many fake products claiming to protect your computer but which may actually infect it with viruses.

Keep your software and browser up to date

It is harder for viruses to infect updated software.

The criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free downloadable updates. Most modern software will check for updates automatically. It is a good idea that you install updates for your software as soon as they become available.

Be wary of fake e-mails about bogus updates. Use the update software that comes with your computer – don't click on links in e-mails. You can check if your Windows computer is up to date in the Security Center in Windows Vista and in the Action Center in Windows 7 and Windows 8.

To be sure you are running the latest software on your Apple mac, you can click from the Apple Menu and select Software Update.

As well as your computer software, other programs need updating. The program you use to look at websites is called a web browser. Modern web browsers warn you if you visit fake websites and it is harder for viruses to infect them. It is a good idea that you install an up-to-date web browser. There are several to choose from and they are all free.

If you have updated your computer regularly, it is likely that you are already running either Microsoft Internet Explorer 11 (on Windows PCs) or Safari 7 (on Macs).

Understand how criminals use the internet

Criminals are in it for the money.

There are many ways for them to make money online. They may:

  • Steal your passwords and bank details with viruses, fake e-mails and fake websites
  • Ask you to provide security details
  • Send spam with bogus offers and products
  • Take over your computer and use it to attack other people's computers
  • Use viruses to display unwanted adverts on your PC

We take your internet banking security and privacy very seriously. Protecting yourself and your money takes a bit of know-how and the right software.

Avoid online fraud and scams

If it's too good to be true, it probably is.

When it comes to protecting yourself and your money on the internet be wary of ridiculous deals.

Criminals may contact you by e-mail, through websites you use, via SMS or even by phone. It pays to be on your guard because they can be quite convincing.

Here are some warning signs:

  • Big promises. “You have won the lottery”
  • Big threats. “Your account has been hacked”
  • A false sense of urgency. “Act now or it'll be too late”
  • Unnecessary secrecy. “Don't tell anyone”
  • There is no reason for them to contact you. Did you even buy a lottery ticket?
  • ‘’Business opportunities’’ that involve holding or receiving money for strangers

If an attachment looks suspicious, don't open it. Don't install software unless it comes from a website you trust. If it doesn't feel right, take your time.

If you suspect that there is a problem with your personal or business internet banking, you can always talk to us first.

Learn to spot fake e-mails and fake websites

Criminals use fake e-mails and fake websites.

They set them up to con people into giving away passwords and bank details. The technical word for this is 'phishing'.

For example, they might send you an e-mail that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by e-mail.

They are good at making their e-mails and websites look realistic. But you can often spot the fake ones:

  • Strange looking e-mail or web addresses
  • Poor design, typos or bad spelling
  • They ask you to do something unusual
  • A site doesn't display the padlock symbol in the address bar when you log in

If in doubt, stop. Don't click on any links. Don't open any attachments. Just forward the e-mail to and we will investigate it.

Keep your passwords and personal information secure

Fraudsters use personal information from different sources to steal people's identities.

Viruses are one way to do it. But they also use paper documents containing personal details, such as receipts and bank statements.

Fraudsters use many methods such as searching in dustbins to obtain these documents.

You should take simple precautions to keep your details safe and to dispose of these documents safely, such as shredding them before you bin them.

You may also want to switch to online statements.

Your HSBC internet banking password, together with your other internet banking credentials, permit access to your bank accounts. When creating passwords, remember the following things:

  • Keep them to yourself: No one at HSBC will ever ask you for your internet banking password
  • Make them hard to guess
  • Vary them: Try to use different passwords for different services
  • Change your passwords regularly
  • Never write them down

Don't share private information online

Double-check privacy settings on social networking sites.

What's your mother's maiden name? What's the name of the first school you went to? What was your favourite subject at school? What's your address? Birthday? Phone number?

All this information is useful to people who want to steal your identity or break into your personal internet banking. You wouldn't give this information away to a stranger in the street but if you use social networking sites, such as Facebook, Twitter or MySpace, you could be over-sharing personal data.

You may want to think carefully about the information you put into your profiles on sites like this. It is also a good idea that you check the privacy settings on each site that you use, to make sure you only share personal information with people you trust.

Please also remember that you must take all reasonable precautions to keep your details safe and prevent any unauthorised use of any cards and security details. If any information forms part of your security details, you should make sure that you do not disclose it to anyone else – see the terms and conditions that apply to your account(s) for more detail.

Secure your wireless network

A wireless network allows you to connect your computer to the internet without having to use a cable. It typically contains a wireless router, which uses radio signals to transfer data to computers within the network. Some wireless routers come pre-set to very insecure settings to help users connect to them for the first time – but this also means that other people could access your internet account quite easily. For this reason, you should always consult your manual or online guide to find out how to connect more securely through your wireless network – usually by creating a password.

Protect your mobile phone and tablet devices

Your mobile phone and tablet device may hold lots of personal information – take care of it. You may even use it for internet banking, downloading mobile applications and online shopping.

For example, a criminal might send you an e-mail that looks like it comes from us and it might contain a link to a website that looks like this one. When you try to log on, they can steal your password. They could also ask you to make a phone call or reply by e-mail.

You may want to think about:

  • Setting and using a security PIN code
  • Adjusting the phone settings so that it locks automatically if you don't use it for five or ten minutes
  • Not storing passwords or other sensitive information on your phone in a way that can be understood by someone else
  • Not storing your home phone number and address under ‘home’ in the contact list (you wouldn't want a thief to be able to know your address and be able to check if you're home)
  • Do not use a jailbroken Apple® iPhone®, rooted Android™ phone or any other mobile device that has been jailbroken or rooted. This is because jailbreaking and rooting both remove important security features
  • Be wary of voicemail and text message scams. Clicking on links in text messages can be risky - be careful

Criminals may also create fraudulent mobile applications that look like ours so when you try to log on, they can steal your password. Be sure that mobile applications are downloaded from trusted app stores.

  • Only install applications on your device from trusted app stores eg App Store® and Google Play™

If you lose your phone, report it to your mobile phone provider immediately. Make a note of your phone's IMEI number (dial *#06# to get it). This will make it easier for your phone company to

Take care offline

  • Review your bank and credit card statements for any unusual transactions or withdrawals and notify the bank immediately if you suspect any discrepancies
  • Tell us of any changes in your personal details (eg address change)
  • Keep your paper records safe. Store your bank documents in a safe place. Always shred them when they are no longer required
  • If you plan to cancel a bank/credit card (or it expires), immediately destroy the card by cutting it in two through the account number and the magnetic strip

How HSBC protects you online

We are constantly reviewing the ways we can help and support you. Our proactive approach includes meeting some of the world’s leading security experts to discuss key issues and sponsoring joint initiatives to improve your online security.

We protect you by:

1. Ensuring your online transactions are safe and secure. We use industry-standard security technology and practices to safeguard your account from any unauthorised access.

2. Using logons and passwords to make sure we're dealing with you. Online access to your account is only possible once you have authenticated yourself using the correct Internet Banking ID and security details.

3. Using Two Factor Authentication to provide an extra layer of protection. The Secure Key or Security Device is a two-factor authentication device that will help protect you from internet banking fraud. It is designed to make sure only you can access your personal information.

Devices like these are commonly being used for secure transactions all round the world. With this technology you can enjoy far more secure online banking services and it's one of the smallest and simplest to use. Two-factor authentication means you not only need a password or PIN, but you also need a device unique to you.

4. Creating secure online sessions. When you log in to internet banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// and a padlock symbol appears at the top of the page as part of the address bar.

5. Using encryption. When you log in to internet banking, depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. We use 128-bit SSL encryption, which is accepted as the industry standard.

6. Using session timeouts. If you forget to log off after banking online or your computer remains inactive for a period of time during a session, our systems automatically log you off.

7. Having automatic lockouts. After a number of incorrect attempts to log in, we disable online access to your account. To re-activate your account, you should contact your usual helpdesk number.

Contact us

Call us on: