The majority of online activity is done on mobile devices. That includes browsing, communicating, posting on social media, as well as making financial transactions. That’s why we need to treat our mobiles with the same level of vigilance and cyber protection as we do our computers.
How you can keep your mobile safe
- If you use the HSBC HK Mobile Banking app, or other online apps like PayMe, Reward+ and EasyInvest be sure you download them from official app stores
- HSBC not affiliated with any third party aggregator mobile apps and customers should not disclose their online banking credentials to third parties
- When using your browser, look for the padlock in the address bar. This indicates the browser is secure
- Only use trusted Wi-Fi networks or service providers
- Use security protection such as Wi-Fi Protected Access (WPA), if possible
- Disable Bluetooth if you are not using it, or set your device so it is not discoverable
Be cautious of using any free VPN
A "Virtual Private Network", or VPN, is a software that allows you to mask your computer's location or log on to sites as if your computer is based in another country or region. But just as “there’s no such thing as a free lunch”, the cheaper the VPN, the greater the chance they have security issues.
Free VPNs have hidden dangers
- Malware hidden inside VPNs can steal your data, which can then be used to hijack your online accounts, steal your money (bank and credit card details), steal your digital goods or products, or lock or encrypt your devices in exchange for a payout (e.g. ransomware), and more.
- VPNs can also hijack your browser, redirecting it to other sites without your permission, which can further lead to fraud risk.
If you really want to use VPN, it's important to use a paid VPN, or one that has in-app purchase for higher levels of service. Paid doesn’t guarantee secure, but even partially paid apps are often more protective of your data and give more software updates than free options. Better yet, stick with a reputable VPN made by well-known providers or antivirus-software makers.
Be vigilant if your mobile is suddenly out of signal
With more people using mobile devices to do banking, fraudsters have begun to use a technique known as a "SIM-swap".
Basically the criminal will call your mobile service provider claiming to be you, and ask for a replacement SIM card, saying that they lost the SIM or phone. If they are convincing, the mobile service provider will deactivate your SIM and issues a new one to the fraudster, who then executes transactions that require OTP authorisations.
Please be alert and talk to your mobile provider immediately if you suddenly find you do not have network connectivity and are not receiving calls or text messages for unusually long periods.
Also, please change the password you use for accessing the mobile service portal. This is because fraudsters can activate an SMS forwarding service or enquire SMS content by logging on to the online service portal which are provided by some Mobile service providers.
It’s also recommended that you do not switch off your phone if you are receiving numerous unknown calls, which could be a ploy to make you turn off your phone so you don't notice a tampered network connection.
Maintain your device
- Install the latest anti-virus and anti-spyware software on your phones and tablets, and keep it updated. Even iPhones and Blackberries, which have strong built-in protection against malware threats, can be at risk. When installing protection, always use a reputable brand from a mainstream supplier
- Install updates and patches to your smartphone and tablet regularly, including upgrades/updates to your operating system (OS) and other mobile applications
- Set up auto-lock and passcode lock to prevent unauthorised access to your phones and tablets and enable remote wiping
- Do not use security loopholes to log on to Personal Internet Banking on jail-broken/rooted handsets or tablets. HSBC mobile apps do not run on jail-broken/rooted devices
- Install apps on your phones or tablets from trusted sources only. Understand the permissions of mobile apps before you accept and install them
- Do not store your username and password for HSBC Mobile Banking and other private services on your mobile handset or tablet
- Avoid sharing your device with others and do not use other people’s devices to log on to your private accounts
- Some online services might request you to upload a scanned copy of your HKID via their mobile apps. Protect your HKID copy and treat it with the same caution same as your physical HKID card. Do not store your HKID copy on your mobile device and don't share it with people you don't trust people. Do not scan your HKID copy to any untrusted apps.
What HSBC is doing to keep your mobile banking secure
Mobile Security Key
If you use the HSBC HK Mobile Banking app, you can replace your physical security device with a Mobile Security Key for logging on to mobile banking. The Mobile Security Key also allows you to generate a security code to ensure faster access to internet banking services. It is a feature within the app itself, and it is every bit as safe as a hard token security device.
The new iOS Face ID lets you authenticate your identity and access your digital banking in seconds, just by looking at your screen. You can also log on to our app and confirm transactions using fingerprint authentication with iOS Touch ID and Android™1 Fingerprint ID.
If you are using biometric for log on or confirming transactions, we highly recommend you only register your own biometric print onto your mobile.
1.Not available on all Android devices.
- What you need to know about mobile device settings
- How to use a laptop/tablet securely
- Open Banking and beyond