Security Information

5 Golden Rules

In our view, these five rules offer the most protection for the least amount of effort. By following these rules you will greatly increase your PC's protection, not just when you use our Internet Banking services but when you use the internet generally.
They are not all the measures you can take, but are an excellent start. They are equally applicable to business owners and to private individuals:

* Make sure you have the latest security updates & patches

Helpful information about vulnerabilities in programs and how to find the fixes.

From time to time, vulnerabilities are discovered in programs running on your PC. The publisher will then release a “patch” to correct this weakness. These weaknesses are regularly exploited by virus writers and hackers to gain unauthorised access to those PC’s that have not been patched.

To check for patches and updates you should visit the publisher’s website, typically in their Download section.

Microsoft users can visit: http://windowsupdate.microsoft.com which can automatically check what is required for both operating system and browser and then download it at your request.

Top

* Install anti-virus software

Learn about commercial and free anti-virus protection products.

You may already be using anti-virus software but to be effective, the software should be updated on a regular basis with the latest virus definition files. If you are unsure how to do this, you should refer to the program's Help function.

There are many effective programs to choose from, but the most common commercial products include McAfee, Symantec (Norton) and Sophos.

It is also possible to obtain free anti-virus protection. A search for “free anti-virus” on Google will provide a list of the most popular ones.

Top

* Use personal firewalls

A firewall is a program that helps protect your computer from internet-borne threats, such as potential hackers and offensive websites.

A personal firewall is another small program that helps protect your computer and its contents from outsiders on the Internet. When installed, it stops unauthorised traffic to and from your PC.
 
There are many effective programs to choose from. Common commercial examples include Zone Labs, McAfee and Computer Associates.
 
The widely recognised market leading free firewall is “Zone Alarm” from Zone Labs and there are many others to choose from. Zone Alarm is now used on over 20,000,000 PCs and has been awarded the PC World 2003 "World Class Award" for Best Firewall.

Top

* Read our password advice

Passwords are the key to your online account information so it's important to keep them safe.

Passwords are the key to your online account information. Avoid using the same password for different systems that are important to you. Doing so puts your money at risk should anyone discover this single password. For this reason, you are strongly advised to have a unique password for any services as critical as your Internet banking.

When choosing a suitable password, you might consider the following:

Be different – Avoid using the same password for different services.

Don’t be personal – Do not be tempted to use passwords that can be easily guessed, e.g. children’s names, pets' names, birth dates, telephone numbers.

Never write them down – We strongly recommend that you never write down or otherwise record your passwords. If, however, you feel that you have no alternative but to do so, you should ensure that you never write down or otherwise record your passwords in a way that can be understood by somebody else.

In any event, you should never disclose your Internet login details anywhere online except at your usual online banking website which should be accessed in the normal way and never via a link in an email.

Top

* Use an anti-spyware program

This will help to prevent information about your online activities being collected by third parties.

Spyware is the term used to describe programs that run on your computer for the purpose of monitoring and recording the way in which you browse the web and the internet sites you visit. For example, spyware can combine information about your online behaviour with that of many other users in order to generate market research data. This information can be bought and sold by companies interested in improving the way websites are designed and how the internet is used.

You may or may not wish for your internet usage to be monitored in this way. In addition, just as spyware can be used to improve the online experience it can also be used to extract personal information that you have entered, including passwords, telephone numbers, credit card numbers and identity card numbers.
Spyware is often loaded onto a PC as part of a free download of another service - for example a service that claims to improve the performance of your PC. Sometimes your agreement to the download is requested in the small print, but spyware may also be loaded onto your PC without your agreement or knowledge.

Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware; you will need to download and run a specialised anti-spyware program.

Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.

Top

Your responsibilities:

Keep your account details secure, i.e. do not openly disclose them

Never write down your security credentials or reveal them to anyone

Access your account from private places ex: home, office

Change your Password on a regular basis

Log off properly using the "Logoff" button, when you have finished an Internet banking session

Always disconnect from the Internet when finished; never leave a connection on when not using the service

Install a personal firewall and virus detection software on personal computers, and update them regularly to ensure protection.

Our responsibilities:

Privacy We use industry standard encryption within our internet banking services

Secure Sessions When you log in to Internet Banking you are said to be in a secure session. You know you are in a secure session if the URL address begins with https:// or a padlock symbol appears in your browser window.

Encryption Secure Sockets Layer (SSL) encryption technology is used within your Internet Banking session to encrypt (code) your personal information before it leaves your computer in order to ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. At HSBC, we use 128-bit SSL Encryption, which is accepted as the industry standard level. Any email service within Internet Banking is similarly protected with encryption technology (unlike your regular email which is usually not secured).

Session Time-out If you forget to log-off after banking online, or your computer remains inactive for a period of time during a session, our system will automatically log you off. Pages viewed during a secure session are not recorded in your PC's temporary files.

Technology We use many layers of security – for obvious reasons we cannot disclose all of them, but the following are typically used: All our operating systems are updated with the latest security patches, Our anti-virus software is kept updated , We use firewalls to prevent unauthorised intrusion 

Logons and passwords Online access to your account is only possible once you have authenticated yourself using the correct internet banking ID and password. For this reason, it is vital that you do not share your password and do not use the same password for other services (e.g., Yahoo, Hotmail, etc.)

Automatic Lock-out After 3 incorrect attempts to logon, we disable online access to your account. To re-activate your account, you should contact our Contact centers described above.

Fraudulent websites

This is a sample of what a fraudulent website may look like - notice how the site address does not match the displayed page:
Description
Authentic-looking websites created by Internet fraudsters that look like respectable websites, such as ours. People are often attracted to these sites through phishing emails (explained below), which urgently ask for personal and confidential information.

Phishing (fraudulent email)

Phishing involves an email message being sent out to as many internet email addresses as possible, claiming to come from a legitimate organization such as a bank, online payment service, online retailer, etc. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organization being imitated, to respond to the email and to provide the information being requested. This information may include: date of birth, logon information, account details, credit card numbers, PIN numbers, etc.
Many of the email messages include a threat that failure to update or validate will result in, ex:, the account being frozen, or closed.

The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organization’s genuine site (as shown above).  In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as spyware onto your PC which will record your use of the internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.

Phishing mules

Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money from the compromised accounts.  In order to cover their tracks, however, they recruit unsuspecting individuals to act as go -betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.

The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.

Spyware

It is a computer software program that gathers information about a computer user, in most cases without the user's knowledge or informed consent. It then transmits the collected information to a third party who can potentially manipulate the information.
Such software program may claim to be able to speed up your internet connections but in fact redirects your internet session through their own servers.

This means that Spyware has the ability to gain access to your passwords, PINs, credit card numbers and other personal transactional details. Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this anti-virus software is not effective in identifying and removing spyware. In order to find out if spyware is present on your PC, it is necessary to download and run specific anti spyware programs.

Examples of anti-spyware security software products available at present are eTrustTM PestPatrol@, Anti-Spyware, McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft antispyware. We strongly recommend that you install and use a reputable product to protect against the possible security threats of spyware on your PC.

Trojan Horse

A type of computer virus that is a computer program masquerading as another program.
It appears innocent, but your files could be damaged or erased if you open the program.