Security
Security | HSBC Responsiblity | Firewalls | Keeping Your Session Secure
Keeping your financial information safe and secure is of paramount importance to HSBC Retail Services Limited ("HSBC"). As demand increases for newer, faster and better ways to perform online transactions. We pledge to continue its efforts to maintain the highest level of online security for its customers.
Our customers also play a critical role in keeping their personal information protected. Please review each of our security sections outlining measures taken to protect your online information and the steps you can take to help secure your online experience.
To assist in increasing your knowledge of Security your knowledge of Security requirements and concerns, we have also provided a Security Resources section, as well as common Security Definitions.
Notice:
This Security information makes recommendations and suggests best practices, which users may follow at their own discretion. All terms of the Website Use Agreement governing this site are still applicable.
HSBC Responsibility
The Security of Our systems:
128-Bit SSL Encryption
HSBC requires the use of 128-bit Secure Socket Layer (SSL) Encryption, with all Personal Internet Applications forms, which is the one of the highest and most secure of data security available on the Internet today. Encryption converts your data (i.e. When you apply for a credit card at HSBC) into an encoded form before it is sent over the Internet. The encryption helps keep your information private between the HSBC's computer system and your Internet Browser.
To determine if the browser you are using supports 128-bit encryption try a browser check (which will link to http://www.verisign.com/advisor/check.html.)
Internal Systems Encryption:
HSBC employs multiple levels of encryption algorithms on and between internal systems to help secure and inaccessible to unauthorized users.
Top of HSBC Responsiblity
Back to Top
Firewalls
HSBC uses firewalls to block potentially destructive information from entering our computer systems and prevent unauthorized access. Firewall software can be installed on business and home computers as a barrier against hackers and viruses.
Keeping Your online session secure:
Secured sessions:
Your HSBC application session is protected in a "secured" environment through Secured Socket Layer (SSL) encryption. SSL technology is used within your Internet session to encrypt our personal information before it leaves your computer to help ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. You will know when you are on a secured HSBC page when you see the https:// before the web address. A padlock symbol in the lower right hand corner of our browser window will also be present. A closed padlock indicates that your HSBC online session is in a "secured' environment.
Session Time-Out:
For your protection, HSBC includes a session time-out feature for your online session. If your Internet session remains idle for a given time, your session automatically ends. This helps to protect your application process from unauthorized access if your PC is left unattended.
Your Responsibilities:
At HSBC, the security of your information is paramount. Our systems and security procedures are designed to keep your personal and financial data confidential at all times. You also have a significant role to play in the security of your information and should adopt the following practices to help keep your personal and financial information protected from unauthorized use:
Keep Your Internet Session Secure:
Close your Browser
Always remember to close your browser when you have finished your online session. This helps to prevent others from being able to view your information at a later time.
New Security Advice on Caching:
After browsing an Internet application, your browser may store sensitive information that you viewed while online. This information is typically kept on your hard drive and is referred to as "the cache". After closing your browser, some of this data may remain on your computer's hard drive.
This data may consist of:
- Web pages
- Images
- Files viewed, such as Adobe® Acrobat® PDF, or Microsoft® Word
Advice for Microsoft® Internet Explorer Users:
By default, Microsoft® Internet Explorer uses the computer's hard disk to keep a copy of all recently viewed pages, images and files. Even when viewing a site over SSL, much of your sensitive data remains on your computer's hard drive after closing the browser. You should take the following precautions every time you visit HSBC after viewing your personal information:
- Click on the "Tools... Internet Options" menu item.
- On the General tab, press the "Delete Files..." button.
- Check the box that says, "Delete all offline content" and press the OK button.
Please contact us if you require further assistance.
Advice for Mozilla Firefox Users:
By default, Firefox does not cache any data on your hard drive when you are browsing a site that is SSL-enabled. At HSBC, any sensitive data you are viewing will always be protected by SSL. Hence, Firefox users need to take no further action on this matter.
Advice for Netscape® Navigator Users:
If you are using an up to date version of Netscape® Navigator (7.2 or higher), it will not cache any data on your hard drive when you are browsing a site that is SSL-enabled. Here at HSBC, any sensitive data you are viewing will always be protected by SSL. Hence, Netscape users need to take no action on this matter. If you are using an older version of Netscape® Navigator, it is strongly recommended to update to the latest version.
Protect Your Computer:
Install firewall software on your home and networked computers to prevent unauthorized individuals from gaining access to your computer system to use files, obtain personal information or to destroy computer data. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases. Two popular sources for firewall software are McAfee and Computer Associates.
Run an anti-virus program on your computer frequently to prevent computer viruses or worms from entering your computer system. Purchase programs that automatically upgrade your virus protection on a regular basis.
Don't share access to your computer with strangers. Disable the 'File and Printer Sharing' capabilities on your computer to prevent anyone on the Internet from browsing or deleting your computer files. Check your computer's User Guide for instructions specific to your setup, or go online to the manufacturer for instructions.
Regularly check the website of your computer's operating system (i.e. Microsoft Windows) for software "patches" and "updates" to your system or browser to ensure your computer system has the latest security upgrades installed. Learn about computer infections and be aware of the latest computer viruses, worms, Trojan Horses and other malicious programs designed to damage your computer or steal your personal information.
Don't open email or email attachments from unknown sources. Scan email through your anti-virus software first.
Email Security
Electronic mail or email" has revolutionized how we communicate today. These "instant letters" save time, money and have redefined convenience in our lives. Be sure to stay updated on email news and the steps you can take keep your online experience secure.
Regular Email:
Generally, regular email that is sent or received through a regular email address (i.e. yourname@hotmail.com, or yourname@yahoo.com) is not secure or encrypted to protect the content. Therefore, any personal information you include in an email is at risk of being intercepted by unauthorized individuals. Do not send sensitive, personal or financial information unless it is encrypted from a trusted source.
Do not open email or email attachments from unknown sources as they could include a virus that, if opened, could damage your computer system. Scan email through your anti-virus software first.
Do not reply to any email that requests personal information.
Only do business with companies you trust. When in doubt, always contact the company by telephone and question the email request for personal information.
Fraudulent Use of Email:
Email Spoof Sites:
Some emails are used to send false offers from companies to be legitimate. In the email, the company may request for your personal information to "update their records". In reality, this tricks users into downloading a virus or jumping to a fraudulent website requesting personal information. An unsuspecting individual is at risk of fraud, identity theft and computer infection. If you get an email or a page link requesting confirmation of personal details, do no input information ? even if the page appears legitimate. No reputable company would request personal information via email and you should contact the company in question if you suspect the email is fraudulent.
Email Spam:
Email lists are often purchased or individuals to send email ads for products and services. The unsolicited emails are defined as Spam and the sheer volume of spam can fill email files and add pop-up ads on your computer screen. You can purchase anti-spam software to filter unwanted email or spam from your incoming email list until you delete it.
Chain Letter Email:
An email requesting that the recipient send the email to everyone they know is called a "chain letter email". Many companies who sell mailing lists also run chain letters and every person that responds or enters their email address become part of a mailing list. Often, unsuspecting individuals respond to the email because of appealing content, promised good luck or monetary gain. It's best to delete chain letter email in the event an attachment contains a computer virus. You can also install anti-spam programs to block unwanted email and solicitations.
Computer Virus and Infections:
Virus:
Often through email, file sharing and downloaded programs, computer viruses are sent as email attachments. A virus is a small program that piggybacks on email and program files. For example, a virus might attach itself to a program or a game. Each time a program is opened the virus runs and can infect other programs or damage your computer. Some viruses move around through email then replicate by automatically mailing to the victim's entire email address book.
Worm:
A worm virus is a small program that searches through networks to find security holes to replicate itself from machine to machine. Worms use up computer time, space and speed when replicating, with a malicious intent to slow or bring down entire servers to halt Internet use.
Trojan Horse:
A Trojan Horse is another type of computer virus, which is simply a computer program that masks as another program. For example, you may download a simple computer game not suspecting any harm. But if the game contains a Trojan Horse and is opened, it can cause damage to your computer, from erasing files to changing your desktop. Trojan Horse programs can be attached to several types of applications ranging from screen savers to downloaded programs. To reduce your risk of computer infection, it's important to run anti-virus software before programs are downloaded or opened.
Protect Yourself against Viruses and Fraudulent emails:
Your best defense against computer viruses is education and discipline, as both help to reduce your risk of becoming a victim. Don't open email from unknown sources and do install anti-spam software to reduce the number of potentially dangerous email.
Run a current update anti-virus software program on your computer frequently. Virus software can scan your incoming and outgoing email and attachments for computer infections like worms, viruses, Trojan Horses and other malicious code that can affect your computer files and operations.
Never double click on an email attachment that contains an executable file for files with the extensions "exe", "com" or "vbs" unless you can trust the source. If a file is infected with a virus and is opened, the virus can damage your hard drive, program files, and email files. Running anti-virus software usually helps to detect infections before any file is opened.
Install firewall software on your computer to help prevent unauthorized individuals or information from entering your computer system. This is especially important on computers that use a broadband connection to access the Internet (Cable Modems and DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases.
Read the privacy policy of the sites you visit. The privacy policies are designed to provide customers with details on how their information is kept private, how information is shared and why it's collected. It's a good practice to read the privacy of any company with which you conduct financial transactions. Most privacy policies also explain how you can request removal of your name from promotional mailing lists.
Security Definitions:
Anti-virus Software:
Anti-virus software should be installed on your home computer and/or laptop to scan your email and the files on your computer for potential viruses. If a virus is detected, you are notified immediately and the anti-virus software will prevent the email or file from being sent to you before it's opened. You should run your anti-virus software frequently to prevent computer infections like viruses, worms, or Trojan Horses from entering your computer system. Purchase a program that automatically upgrades your virus protection on a regular basis. Two popular sources for anti-virus and firewall protection software are McAfee and Computer Associates.
Browsers:
A browser is a software application that works with the Internet to provide you with the ability to view, find and interact with websites and web pages. Two popular web browsers are Microsoft® Internet Explorer and Netscape® Navigator. As new versions of the browsers are developed, users are able to experience a full multimedia spectrum, including text, graphics, sound, and video.
Cable Modem:
Cable modems provide high-speed Internet access using cable television networks. They use either the traditional coaxial cables or newer fiber optic cables for the transmission of data. Cable modems offer continuous connection to the Internet without having to dial into an Internet Service Provider (ISP) each time you wish to connect to the Internet.
Cookies:
Cookies are pieces of information stored directly on the computer you are using and can provide a more efficient and more consistent experience on websites that use them. Cookies contain information about your computer preferences that allow customization of a site for your use. For example, if you visited a site yesterday to conduct business and returned to it today, the "cookie" would remember your visit and may return a "Welcome Back!" when revisited. Any time HSBC uses a cookie, personal information is encrypted for our use only and protected from third party access.
Credit Monitoring:
A credit monitoring program can be purchased through a credit bureau (i.e. Equifax, TransUnion) and helps keep you updated on your credit report and credit status. You may be alerted to changes in your credit or credit inquiries from financial sources, of which you may not be aware. If you suspect illegal activity regarding your credit, you should contact the bank, your creditors and the credit company with which you may have credit monitoring.
Digital Certificates:
Like a driver's license or passport, Digital Certificates allow individuals or organizations on the Internet to verify each other's identity to prevent unauthorized access. A Digital Certificate is a randomly generated set of characters that a computer sends to your browser. The browser on your computer stores this information and uses it as a digital stamp to certify the authenticity of the information sent to you and as a means of establishing identity. You may see a Digital Certificate issuer logo at the bottom of a browser page for your reference.
Encryption:
When you apply for credit at HSBC or conduct Internet Banking transactions, the information you enter online is "encrypted" or transformed into a string of unrecognizable characters before being sent over the Internet. This helps to keep the information between the bank's computer system and your Internet browser private. The two most common levels of encryption are 40-bit and 128-bit, both used on popular web browsers such as Microsoft® Internet Explorer and Netscape® Navigator. Your session is in a secured "encrypted" environment when you see "https://" in the web address and/or when you see the locked "padlock" symbol at the bottom right corner of your browser window. To determine if the browser you are using supports 128-bit encryption perform a Browser Check.
Firewall:
Firewall software can be installed on business and home computers as a barrier against hackers and viruses. Firewalls are used to filter potentially destructive information or prevent unauthorized access. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases. Two popular resources for firewall protection are McAfee and Computer Associates®.
Keystroke Capturing:
Keystroke Capturing or "keystroke logging" is a surveillance tool that is illegally used to record the keystrokes of unsuspecting victims in order to determine password and logon information, which can be used for fraud purposes.
Plug-in:
A plug-in is a software module that adds a specific functionality to the web browser. For example, plug-ins for Netscape Navigator and Internet Explorer allow the browsers to displays various types of audio and video messages or popular Adobe® Acrobat® (PDF) files.
Privacy Policies:
Many companies publish a privacy policy providing customers with information on how the company keeps your information private, how the information is shared and why it's collected. It's a good practice to read the privacy policy of a company with which you conduct financial transactions. Most privacy policies also explain how you can request removal of your name from promotional mailing lists. Read HSBC's Privacy Notice.
Secure Sessions:
Your online banking sessions and online applications are protected in a "secured" environment, which uses Secure Socket Layer (SSL) technology to encrypt your personal information before it leaves your computer to help ensure that no one else can read it. You will know that you are on a "secured" page when you see the "https://" before the web address. You will also see a padlock symbol in the lower right hand corner of your browser window. Commonly, a closed padlock indicates that your online session is "secured" by encryption to protect your personal information.
Server Authentication:
When you logon to Internet Banking or to a site that requires authentication, you usually input a specific Customer ID or User Name and password to gain access to your account information. When you use Internet Banking, the encrypted information passes through a rigorous test on HSBC's computer systems to ensure proper authorization before your account information is displayed.
Security Holes/Bugs:
Security holes/bugs are often faults, defects or programming errors exploited by unauthorized users to access computer networks or web servers from the Internet. As these holes or bugs become known, software publishers develop "patches," "fixes" or "updates" users can download that usually fix the problems.
Security Code:
The Security Code is a single-use, numeric value used to access your Business Internet Banking service. A Security Code must be entered along with your Username and Password.
Security Device:
A Security Device is a small electronic device, which automatically generates the single-use Security Codes required to logon to Business Internet Banking. The Security Device will be sent to you when you sign up for Business Internet Banking. It is small and portable so you can carry it on your keychain or inside a pocket or purse.
Server Gated Cryptography:
HSBC uses Server Gated Cryptography or SGC, which allows a browser using 40-bit SSL encryption to function as 128-bit encryption for the duration of the online banking session. This keeps your online banking transaction information as secure as possible without requiring you to download an updated browser.
Session Time-outs:
For your added online security, HSBC uses a session time-out feature. If your Internet Banking session is idle for a given amount of time, your session ends automatically. This helps ensure that your online session is in a "secured" environment and that the personal information you enter is protected. Commonly, a closed padlock symbol indicates a secured page is being used. Never input personal information on a website form or application that does not display the "https://" before a website address or a "padlock" symbol.
Social Engineering:
Social engineering is an identity theft process that relies on human interaction and often involves tricking an unsuspecting individual into providing personal information like bank account details or passwords. Social engineers search dumpsters for valuable information, will memorize access codes by looking over someone's shoulder, or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed (children's names, addresses, or birth dates). The personal information is then used to illegally apply for credit, purchase goods and services or gain access to funds.
Spam:
Sometimes companies or individuals purchase email address lists to send ads for products and services. The unsolicited email is defined as "spam," and it fills up email files and could add additional pop-up windows on your computer screen. You can purchase anti-spam software to filter unwanted email or spam from your email list until you delete it.
Phishing:
An increasingly prevalent scam being employed by unscrupulous individuals is phishing.
Phishing involves an email message being sent out to as many Internet email addresses that the fraudster can obtain, claiming to come from a legitimate organization such as a bank, online payment service, online retailer or similar. The email requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc. Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organization being imitated, to respond to the email and to provide the information being requested.
The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organization's genuine site. In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as "spyware" onto your PC which will record your use of the Internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.
To avoid getting phished you should never respond to email messages that request personal or financial information and never click on a link in such an email. Reputable organizations do not send unsolicited email messages asking their customers to update or verify their personal and security details. If you are in doubt about the legitimacy of the email, or if you think that you have been a victim of a phishing scam, you should contact the organization in question immediately. You should, however, be careful to use the normal method you use to contact the organization in question, rather than use any suggestions included in, or by responding to, the email.
Trojan Horse:
A Trojan Horse another type of virus, which is simply a computer program that masks as another program. Trojan Horses are sent as an email file attachment. For example, it may claim to be a game, but once opened, can cause damage to your computer, from erasing files to changing your desktop. It then sends itself to other people in your address book to propagate itself.
Virus:
Often through email, file sharing and downloaded programs, computer viruses are sent as email attachments. A virus is a small program that piggybacks on email and program files. For example, a virus might attach itself to a program or a game. Each time the program is opened, the virus runs and can infect other programs or damage your computer. Some viruses move around through email then replicate by automatically mailing to the victim's entire email address book. Never open an email attachment unless first scanned through anti-virus software.
Worm:
A worm virus is a small program that searches through networks to find security holes to replicate itself from machine to machine. Worms use up computer time, space, and speed when replicating, with a malicious intent to slow or bring down entire web servers and halt Internet use.
SSL:
Secure Socket Layer (SSL) protocol provides a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps verify that sensitive information (e.g. credit card numbers, account balances and other financial and personal data) sent over the Internet between your browser and a web server remains confidential during online transactions.
Top of Keeping Your online session secure
Back to Top
Security | HSBC Responsiblity | Firewalls | Keeping Your Session Secure
