Table of contents
Guide on how you can deter fraud
Simple steps to secure your devices
Chances are, your computer contains a goldmine of personal information. Make sure you're taking the necessary precautions to protect it.
Most people think that their computers are secure but a study from the National Cyber Security Alliance and McAfee shows they're actually at risk because of outdated security software, infrequent virus scanning or not activating their firewall. To see if your computer security is updated and active, kindly review the tips below.
Setting up your computer:
- Use a newer operating system such as Windows 7 or Mac OSX. They're more secure.
- Download security patches and updates. Turn on automatic updates so you've got the latest fixes to problems as they arise.
- Disable "File and Printer Sharing" on your computer to prevent unauthorized access
- Increase the security settings for your operating system
- Use a current web browser and keep it updated
- Set your browser to block pop-ups
- Turn your computer off when you're not using it. If you're not connected to the Internet, you can't be hacked or infected.
Setting up your mobile device:
- Ensure your software is up to date. Check the manufacturer's Web site (or search Google) to see if a software or firmware update is available. If there's a new one, download it.
- Utilize strong passwords, combinations of letters, numbers and or special characters of 8 characters or more
- Security Settings, most default browser settings are fairly secure
- Avoid unencrypted public wireless networks
- Paying to access a Wi-Fi network does not mean it's secure. Access fees do not equal security.
- URLs beginning with "https:" are safer (but not foolproof). The s in https means that you're connected to the site via the Secure Socket Layer (SSL).
- Use VPN (virtual private network). This provides secure access to an organization's network and allows you to get on line behind a secure layer that protects your information.
- Turn off cookies and autofill. This can be a privacy threat.
- Be selective about the applications you are downloading
Adding security software:
- Use new anti-virus software to protect against viruses and spam
- Use an anti-spyware program
- If your operating system has a built-in firewall, enable it. Or install a third-party firewall to block hackers.
- Use a secure Password to prevent access when you're away from your computer
- Use encryption software to protect data stored on your laptop, Personal Digital Assistant, cell phone or other wireless device
Internet safety tips
Cyber criminals are using more sophisticated methods to steal your information. Follow our tips to stay two steps ahead.
If you've followed our guidelines for securing your computer & mobile device, you've already made it harder for someone to steal your identity. But all the safeguards in the world won't help you if you give your personal information away. So be smart and follow the guidelines below to protect yourself online.
Guidelines for safely banking online:
- Access online banking sites by typing the URL directly into the address bar. Be aware of pop-ups as they may indicate you have malware on your computer.
- Report pop-ups to your financial institution
- Do not click on links in an email unless from a trusted source. Access the bank using a bookmark or address you know is safe.
- Check for anything unusual, unprofessional or out of place such as a slightly altered domain name like www.hbsc.com.ph, www.hbs.com.ph or www.hsbc-security; an imperfect logo; or urgent account verification requests
- Don't use the same Password for banking that you use for other online accounts
- Don't use public computers to do your banking, including those at libraries, Internet cafes and schools
Guidelines for strong passwords:
- Don't share your Password with anyone
- Memorize your Password. Don't write it down or store it on your computer.
- Use upper and lower case letters, numbers and symbols
- Avoid common words or obvious names. Think of a phrase that's memorable to you but not to others.
- Use Passwords that are at least eight characters long
- Change Passwords regularly (at least every 90 days)
Guidelines for safe web browsing:
- Don't respond to unsolicited requests for account information
- Don't click on pop-ups. Better yet, set your browser to block them.
- Don't give out personal information to blogs, forums and other social networking sites
- Don't visit unsafe sites. You could open yourself up to a flood of spam, pop-ups and spyware.
- When shopping online, use secure sites that encrypt your credit card information
- Be suspicious of odd error messages. Don't click on them or respond to them. Scan your computer to remove any virus or spyware.
- Scan your computer files regularly, once a week at a minimum
Guidelines for safe email:
- Don't open email from someone you don't know. Read subject lines carefully. Don't be tricked by a friendly tone or urgent request.
- Turn off the preview pane in your email program
- Don't click on links or attachments in unsolicited email, especially if they say a problem is urgent or includes an attached file that ends in ".exe."
- Delete email from unknown sources immediately. Use your junk mail filter.
Guidelines for safe instant messaging:
- Block people you don't want to know, especially complete strangers. Adjust your Instant Message settings so that only people on your buddy or friends list can Instant Message you.
- Don't reply to strangers, especially if their messages are rude or annoying. It could be a predator.
- Don't click on unsolicited links or attachments. They could contain a virus or spyware.
- Don't create a profile that includes personal information. It can open you up to harassment and attract predators.
- Know your children's online friends and supervise their chat areas
- Restrict your Privacy settings on any social networking site
ATM and mail safety tips
To open new accounts in your name, thieves don't have to look any further than your mailbox. Pre-approved credit offers and outgoing bills may be all anyone needs to steal your identity. More sophisticated methods involve skimming or copying your card at an ATM. To reduce your risk of fraud, put our safety tips into action.
Precautions when using an ATM:
- Memorize your PIN. Don't write it down or keep it in your wallet or purse.
- Protect your PIN. Cover the keypad while you enter the number.
- Use ATM under video surveillance or those located inside a bank lobby
- Conduct ATM transactions during the day. Most ATM crimes happen at night
- Watch out for shoulder surfers with binoculars or cameras
- Don't accept offers of "help." Leave immediately.
- Be suspicious of signs telling you to use a specific machine. The ATM may be fitted with a skimming device.
- Report anything suspicious or strange to your bank or financial institution
Guidelines for protecting your mail:
- Collect incoming mail promptly. Don't leave it in your mailbox overnight or on weekends.
- Consider using a locking mailbox or rent one at the post office
- Don't use the red flag to draw attention to your outgoing mail
- Deposit outgoing mail in official postal service collection boxes
- Shred unwanted documents containing personal information such as credit applications, convenience checks, bank statements and bills
- Check your monthly financial statements and bills for accuracy
- If you don't get monthly financial statements and bills when expected, contact the sender
Knowing the signs of fraud
When logging on, a pop-up window appears stating the service is not available and to try later. A misspelled domain name in the address line. Lotteries that charge a fee to collect your winnings. Requests to pick up or send cash to a person overseas and they offer to share the money. All of these tricks and more have been used to take someone's money or identity. To avoid being conned, learn the tell-tale signs below.
E-mail fraud: So-called "phishing" emails appear to be from legitimate companies. Typically, they warn you of an urgent problem with your account and trick you into clicking on a link that takes you to a phony website. Remember, no reputable company would request personal information via email. Other warning signs that an email is fraudulent:
- Generic salutation such as "Dear user" and/or impersonalised information in the text of the email
- The logo is distorted or stretched
- The link in the email doesn't match the URL of the legitimate site
- There's an attachment or link that may launch a virus or spyware on your computer
Website fraud: Fraudulent (phishing) emails may direct you to a bogus or spoof site that's often very convincing. Look closely for these tell-tale signs:
- The site threatens to shut down your account unless you verify your personal information
- The site returns an error message and asks you to log in
- The URL isn't quite right. For example, you see www.hbsc.com.ph or www.hsb.com.ph instead of us.hsbc.com. The URL may also contain numbers (such as an IP address) or an "@" symbol.
- The padlock icon is out of place. It should be in the browser status bar in the lower right and not within the web page
- When you double-click on the lock icon, you get a warning that the site address doesn't match the security certificate
- The logo is distorted or stretched which indicates it's been copied
- Spelling and grammar mistakes
- If there's a phone number on the fake website, it doesn't match the phone number on your account statement
- You can't link to a home page from the fraudulent site
Phone Fraud: Never give out personal information over the phone unless you initiate the contact. Be suspicious of the following:
- Automated messages with urgent requests to verify your account
- Voicemails asking you to call a number with an international code. You'll end up with an expensive phone bill.
- Text message asking for urgent confirmation of personal or account information
Mail Fraud: If it sounds too good to be true, it's probably a scam. Be suspicious of the following:
- Pre-approved credit offers that charge a fee to get your card
- Job scams asking you to pay for more information
- Work-at-home schemes that require you to buy something before you can start work
- Any request to call a 900 number
- Donation requests to unregistered charities
- Sweepstakes and lotteries where you have to pay to receive your prize or those involving a foreign country/region
Credit Card Fraud: Card fraud can occur anywhere you make a transaction including restaurants, gas stations and other retail locations. Beware of the following:
- Swiping your card twice, once for your meal and a second time through a skimming device
- Someone looking over your shoulder at the register
- Receipts and copies. Ask for them and file or destroy them.
Posted on May 26, 2016.
How to dispute a transaction
If you receive an SMS alert about an unrecognized transaction or notice a suspicious charge in your statement of account (SOA), please raise a dispute immediately.
If you receive an SMS alert about an unrecognized transaction
We send SMS alerts every time you use your HSBC Credit Card for at least Php1,000 or if there are suspicious activities in your credit / debit card accounts. If you don’t recognize the transaction that we sent you through SMS, please call our hotline as soon as you can.
- We’ll block and replace your card during the call. Replacement card delivery will be within 10 banking days from the replacement date request.
- If the transaction has been posted on your account, you’ll be asked to fill out the dispute form right away.
- For transactions that haven’t posted when you called our hotline, you need to wait for 5 banking days from the time that you called our hotline before you can submit your dispute form.
Click here to know how to file and submit your dispute.
If you don't recognise a transaction in your statement of account (SOA)
There may be a number of reasons why your SOA reflects a charge that you don't recognise. Here are some possible explanations that might help you identify the transaction:
- Check the retailer's name
Retailers are sometimes registered under a different name, so the one on your statement might not be what you expect. Try looking up the name on the internet to see if you can find more details on it.
- Look out for additional charges
Some retailers, such as hotels, taxis, airlines or hired cars services, can add surcharges to your basic payment package.
- Check your receipts and your email inbox
Dig out your receipts to see if you have any from the same day and for the same amount, but listed under a different retailer name. Also, have a look at your email inbox, as you'll often get digital confirmation emails or receipts, and these might also contain the retailer's registered name.
- Adjacent transactions
Check other transactions appearing on your statement with a similar timestamp. This may remind you of where you were when the transaction that you don't recognise was made.
- Consider exchange rates
If the transaction you don't recognise was made in a foreign currency, the final amount could be different to the amount at the time of your purchase. For refund transaction, the refund amount in Philippine Peso could be different to the amount of your purchase.
- Check with your supplementary cardholders
If you have supplementary cards under your account, ask if the supplementary cardholders might have made the transaction.
- Check recurring payments
It could be that the transaction is part of a series of ongoing payments related to something you set up or subscribed to some time ago.
- Free trials
If you signed up for a free trial recently, check the free trial period and its corresponding terms and conditions. The free trial could have expired, and you may now be paying for goods or services.
If you still don't recognise the transaction after taking these steps, contact us immediately.
It's important that you call us at our Customer Service numbers* as soon as possible once you know that there is an issue. You'll need to raise a dispute within 60 days after the transaction date so that we’ll have enough time to process your dispute request.
You can raise your dispute request by filling out an online dispute form:
We may require supporting documents (e.g. receipts, credit memo or proof of return) before we can process your dispute as required by Visa and MasterCard. If we don't receive the completely filled out online dispute form along with the supporting documents within the specified time frame, this means that you accept the disputed transaction/s as valid and will pay for the transaction/s.
The dispute process may take up to 90 calendar days from date of receipt of your complete online dispute form and supporting documents. We'll acknowledge your submitted documents and we'll reach out to you through your contact details on record if we need more details to complete our review. Otherwise, we'll send you the result before the 90-day period ends.
In case of any disagreement to the dispute result, we wish to tell you that the decision given by Visa or MasterCard are considered final.
Protecting your card and PIN
- Do not let your card out of sight, especially when making purchases in restaurants, bars and petrol stations
- Ensure that you're the only person who knows your PIN - never write it down or record it anywhere. If you must, keep it secure or encrypted
- Never disclose your PIN to anyone, not even a Police officer or a bank employee (HSBC staff would never ask for your PIN)
- Contact HSBC immediately if a courier says they have come to collect your card, PIN, online banking secure key or cash
ATM fraud prevention
- Always use your hand as a shield while entering your PIN
- Be aware of others around when using an ATM machine, particularly at night, and avoid using an ATM if suspicious looking individuals are hanging around
- Do not take advice from 'helpful' strangers who happen to be standing near an ATM, especially if your card has been unexpectedly retained
- If anything looks suspicious or unusual when you are at the ATM then do not use it. Instead either alert an HSBC employee if available or move a reasonable distance from the machine and call the Police.
- If you realise the ATM has been tampered with, after you have inserted your card, contact HSBC while still standing at the ATM machine if it is safe to do so
- Store HSBC's phone number into your mobile and contact HSBC immediately if your card is unexpectedly retained by an ATM
- Upon completing a transaction, discreetly put your money and card away before leaving the cash machine
- Check your statements regularly for any transactions you do not recognise and report them to HSBC immediately
- Inform us of your travel plans for our fraud detection system to monitor your card transactions for any suspicious activity and help us arrive with an informed decision if your transactions get alerted
- Ensure HSBC has your up-to-date contact details, particularly, your mobile phone number and email address before you travel abroad
- Take note of our contact numbers ((02)8858-0000 for Credit Card/Advance customers and (02)8858-0800 for Premier customers) for lost and stolen card reporting. We recommend you store these numbers on your mobile phone.
- Keep your cards with you at all times, or in a safe place
- HSBC's credit card upgrade offers will NEVER require cardholders to surrender their old card nor ask for the PIN. Contact us immediately if this happens
- We will not call you to request for your credit card details such as account number or credit card number and PIN
- We may call you as part of our fraud detection purposes to verify whether a transaction is genuine or not. We will never ask you to divulge full security information.
- Shred all documents (receipts, letters etc.) that contain your name, address or other account and personal information
- Check your statements regularly for any transactions you do not recognise and report them to HSBC immediately
- Do not respond to phishing emails - HSBC will never send you an email asking you to disclose personal information, bank details, passwords or PIN
- Do not share your personal information unless you are confident that you know who you are speaking to
- Pay attention to card expiry dates. If your replacement card hasn't arrived, call HSBC to check the status of your new card
Should you need further information and assistance, please call the HSBC hotline at (02)8858-0000.
Posted March 27, 2014
ATM security reminders
HSBC ensures that all our banking channels are secure to give you peace of mind when you bank with us.
As part of our ongoing efforts to reinforce ATM security, here are important reminders when using an ATM:
- Stay vigilant. Don't allow yourself to be distracted
- Be cautious and report to the bank if you observe any suspicious devices
- Reject any offers of assistance from strangers when you are performing transactions
- If you encounter any difficulties when using the ATM, cancel your transaction and inform the Bank
- When using a non-HSBC ATM (here and abroad), choose an ATM in well-lit and/or well-guarded locations
Protecting your PIN
- Memorize your PIN and do not write it down
- Select a PIN that cannot be guessed easily by anyone
- Use a different PIN for different channels (eg online banking, ATM and telephone banking)
- Cover the keypad when you enter your PIN
- Never disclose your PIN to anyone, not even someone claiming to be from the bank or the police
Monitoring your account
- Check your statements immediately upon receipt
- If you spot any unusual transactions, report them to the bank immediately
- Use online banking to check the transactions on your account more frequently. If you are not yet a registered Personal online banking user, below to register.
If you lose your card, call HSBC Personal Banking Hotline on (02)8858-0000 immediately.
Posted August 3, 2015
+1-800-1-888-8555 PLDT domestic toll-free, (International Access Code) + 800-100-85-800 international toll-free for selected countries/regions, or send an email to firstname.lastname@example.org. If you want to find out more about HSBC's customer feedback procedures, please visit hsbc.com.ph/feedback.
The Hongkong and Shanghai Banking Corporation Limited is an entity regulated by the Bangko Sentral ng Pilipinas (Bangko Sentral) https://www.bsp.gov.ph. You may get in touch with the Bangko Sentral Consumer Protection and Market Conduct Office through their Email: email@example.com; Webchat: http://www.bsp.gov.ph; Facebook: https://www.facebook.com/BangkoSentralngPilipinas or SMS: 021582277 (for Globe subscribers only).
Deposits are insured by PDIC up to PHP500,000 per depositor.
Note: Do not provide your account or credit card numbers or disclose any other confidential information or banking instructions through email.