Build a cyber-aware business

What can businesses do?

Here are some simple measures you can take to prevent cybercrime in your business.

  1. Don’t use public devices or free Wi-Fi to access company emails.
  2. Validate suspicious requests to change beneficiary information or for unusual or urgent payments.
  3. Don’t click on hyperlinks embedded in emails to access internet banking services.
  4. Use “Forward” instead of “Reply” to respond to emails that send you bank details.
  5. Set up a unique company domain for company email accounts.
  6. Ensure your computer has up-to-date anti-virus software installed.
  7. Establish dual authorisation controls for transactions and entitlements.
  8. Use a strong password and change it regularly.
  9. Treat information shared on social media and out-of-office replies with caution.
  10. Know your business partners and treat any request for major changes to payment details with caution.

 

We are dedicated to supporting you to build on your cybercrime knowledge, and we continuously review our efforts and upgrade our systems to provide you with a safe banking environment. However, keeping your account secure is a joint effort. View the sections below for tips on keeping your accounts secure.

1. Using Business Internet Banking

  • Before you log on to Business Internet Banking, close all your other browser sessions. If you already have an Internet Banking session open, don’t open any new browser tabs.
  • Make sure you are connected to a valid HSBC domain – don’t just rely on the look and feel of the website when you use the Business Internet Banking. If you have suspicions about the website, don’t enter your username or password.
  • Always access your Business Internet Banking accounts by typing the website address into the address bar in your browser, or bookmark the website and use that function to access your Business Internet Banking accounts.
  • No icon will be displayed during an unencrypted session.
  • Never carry out banking transactions in public places, such as cyber cafes.
  • Always remember to log off fully when you have completed your banking activities and then close the browser window immediately.
  • Avoid leaving your device online if you are connected to Business Internet Banking but not using it.

2. Using your HSBC Security Device

  • When using Business Internet Banking, follow the logon instructions printed on the back of your HSBC Security Device.
  • On the device, the green button is used to generate security codes for logging on to Business Internet Banking. The yellow button is mainly for transferring funds to non-registered third party accounts.
  • When you log on, you will never be asked to enter any numbers generated by the web into the device.
  • If unusual screens pop up or your computer is unusually slow to respond, log out of Business Internet Banking completely and scan the computer with an updated version of your antivirus software.

3. Making payments online

  • When making payments to an unregistered third party, always ensure the digits you enter on your HSBC Security Device is an extract of your intended beneficiary account number before pressing the yellow button. Never enter digits that are unfamiliar to you.
  • Check the identity of the supplier or beneficiary by phone before you authorise a payment to a new account.
  • Review the payment details sent by SMS when using Business Internet Banking to make payments to third parties.
  • If your mobile phone number has changed, tell us immediately so we can update our records.

4. Passwords

  • Don’t use words or numbers that can easily be identified as your password(s).
  • Avoid using names, birthdays, phone numbers, ID numbers, or ATM or phone banking PINs.
  • Choose a username and password that are easy for you to remember but difficult for someone else to guess. For example, use a combination of letters and numbers in both upper and lower case.
  • Keep your username and password confidential. Memorise your password and do not write it down or reveal it to anyone.
  • Change your password on a regular basis.
  • Never disclose your password to anyone claiming to act on behalf of HSBC. Remember, no one at HSBC will ever ask you for your password.

5. Firewall and anti-virus protection

  • We strongly recommend that you install firewall and virus protection software on your computer or Local Area Network (LAN).
  • HSBC has teamed up with Webroot, a leading supplier of cloud-based endpoint security solutions, to provide free anti-virus licences (valued at USD49 each) for all our Business Internet Banking customers. The software is free to download. Please click here for details.
  • Firewall and virus protection software is also available on the market. Reputable firewall and virus protection vendors will provide regular software updates to ensure that you are protected against new hacking attempts.
  • Always download new browser security patches whenever they become available. These patches are designed to protect you by closing known security gaps.
  • To avoid viruses and other problems, don’t open email attachments unless you know they are from a safe and reputable source.
  • Never install pirated software or software from unknown providers.

6. Workplace controls

  • Don’t use shared computers to access Business Internet Banking.
  • Check to see that the computer environment you are using is safe. Make sure nobody can look over your shoulder or see your screen.
  • After logging on to Business Internet Banking, don’t leave your computer unattended.
  • If you are unable to restrict physical access to your computer, you can prevent unauthorised access to the information on your computer by using passwords effectively.
  • In addition to the above controls, we strongly recommend that you install firewall and anti-virus software on your computer.
  • Only use reputable computer repair and maintenance services.

7. Bogus communications

Some bogus communications claim to be from HSBC (e.g. fraudulent phone calls, voice messages, emails and SMS messages). Please be aware of the following:

  • Never provide any company or personal information to unsolicited callers. If you are concerned that you might have revealed company or personal details to someone you have suspicions about or you want to identify whether the communication is from us, call the Commercial Banking Service Hotline on +852 2748 8288 or contact the police.
  • Fraudsters are using techniques such as voice message phone calls or fraudulent SMS messages to trick recipients into calling bogus bank hotline numbers. These bogus communications have no connection to us.
  • Fraudsters’ voice message phone calls made from an Interactive Voice Response system claiming to be HSBC told customers that there were irregularities detected in the customer’s bank account or commercial cards, and asked customers to provide company or personal information or contact an operator to authenticate their account. Learn more about what to do if you receive these voice messages here.
  • Fraudulent SMS messages claiming to be sent from a bank claimed that transactions had been made using a customer’s commercial cards, and asked the customer to call a bogus hotline number mentioned in the messages to check the transactions. If you think a service hotline number looks suspicious, verify the number with us before calling and don’t act on the information provided in the SMS.
  • We have not authorised or appointed any intermediaries to conduct telesales marketing activities that promote commercial lending and commercial cards.
  • To learn how to stay vigilant to bogus communications, please refer to further information and watch the educational video prepared by the Hong Kong Monetary Authority.

8. Phishing scams

  • Be alert to online phishing scams. Phishing is an attempt by criminals to “fish” for personal information, such as the security credentials you use for online banking or purchases, or to convince you to click on an embedded malicious file or link. Someone can send you an email or SMS that appears to come from your bank or an organisation you have registered with. The message asks you to click on a link or to confirm your username or password (or both). In this way, they obtain your details.
  • We will never send you emails requesting or containing security or confidential information (such as ID numbers, account logon details or memorable word information) and our emails will never ask you to enter or confirm your security details. By contrast, this is typically what a phishing e-mail does. We will send you emails with important service information, such as planned outages and enhancements. Any links contained in these emails will take you to product or service information pages and not to any page where you are asked to log in or provide personal information.
  • If you think an email that claims to come from HSBC is suspicious, delete the email without opening it. This applies to all unexpected emails that contain links or attachments.

9. 24-hour call centre support

Please call our 24-hour Service Commercial Banking Service Hotline on +852 2748 8288 if you encounter any of the following issues:

  • You forget or lose your password.
  • You notice some unusual account activity or the time shown for your last logon is incorrect.
  • There are unauthorised transactions on your accounts.
  • You suspect that your security has been compromised in any way.
  • You lose your HSBC Security Device

Call us on

+852 2748 8288

Any questions…

about commercial banking?


Ask Amy

Call us on

+852 2748 8288

Any questions…

about commercial banking?


Ask Amy

You are leaving the HSBC Commercial Banking website.

Please be aware that other site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.