Security FAQs
To find the answer to a question, choose the most relevant category and sub-topic.
Select an FAQ Category Below
Encryption
- Is Online Account Access secure?
Yes, Online Account Access is secure. Your web browser software plays a central role in ensuring data security when you interact with us online.
- Our website uses advanced security technology and supports only those browsers that incorporate Secure Socket Layer (SSL) 3.0 or higher for data encryption. SSL is a software based security protocol that encodes data before it is transmitted over the Internet.
- A connection to our website will automatically terminate after 15 minutes of inactivity on any page.
- Your account information is securely stored behind a firewall and is in no way connected directly to the Internet.
- What measures are taken to make Online Account Access even more secure?
Security Questions and Answers provide added Account and privacy protection. In the event you forget your password, we use your Security Answer to verify your identity. You should keep the answers to these questions private. If you would like to update your Security Questions and Answers, please complete the "Update Security Questions" form to change the answer to one or both of the questions.
- What is encryption and how is it used to protect my information?
Encryption is the transformation of data into an unreadable form, and decryption is the reversal of that process. The encryption of data provides a very strong degree of protection against tampering while data is moving through the Internet. 128-bit encryption provides a much higher level of security, and major browsers, including the 4.0 and higher versions of Netscape(TM) Navigator, Microsoft Internet Explorer and AOL, include this encryption software. We strongly suggest that our cardmembers use a web browser that supports 128-bit encryption when visiting our website.
Browser Support
- How do I download a web browser that supports 128-bit encryption?
If you live in the United States or Canada, you can download a high-security browser, or upgrade your current browser, by clicking on one of the following links:
‡
‡
‡ - What browsers are supported for Online Account Access?
Browser Name Version Windows Mac Internet Explorer 6.0 or later 
Firefox 2.0 or later Safari 1.0 or later
Phishing
- What is a "Phishing"
email scam?
"Phishing" (pronounced "fishing") is a scheme used to lure consumers into providing personal and financial information online. Individuals or groups create email messages that masquerade as messages from reputable banks, credit card companies, online auctions, and department stores. The email messages include a link to a fraudulent site known as a "spoof" site that's crafted to look just like the reputable company's site. The spoof site then asks consumers to provide or update their personal information. When consumers provide the requested information to the spoof site, the consumer is phished and becomes at risk for account theft, identity theft and computer infection.
If you receive an email that appears to be from but looks suspicious in some way, DO NOT respond, provide information, or click on any attachments. Please notify us immediately. Forward your email to cspert@us.hsbc.com. We may ask you to provide some information about the email, such as the sender's address, subject line, or any attachment names.
- Received a Suspicious
Email?
If you receive a suspicious email claiming to be from , immediately forward the email to our security team at cspert@us.hsbc.com. Please note that while the security team acts on suspected phishing emails, it does not respond to customer inquiries. For all other inquiries or concerns, including suspected fraudulent use of your account, please visit Contact Us to find the appropriate contact information.
- Have
Cardmembers been affected by "Phishing" scams?
Some of our Cardmembers have reported fraudulent emails or Internet scams that appear to be from Credit Card. We are actively working with law enforcement and consumer protection agencies to investigate these scams and prosecute the criminals who are responsible. We want you to be aware of these scams and what they look like, so that you can recognize, avoid, and report them. DO NOT RESPOND OR PROVIDE ANY INFORMATION REQUESTED BY A QUESTIONABLE EMAIL OR WEBSITE. If you responded to this suspicious email or supplied information at a suspicious website please notify us immediately at cspert@us.hsbc.com .
If you responded to any suspicious email or supplied information at a suspicious website, please forward it immediately to cspert@us.hsbc.com. - What should I do if I
notice a fraudulent email or Internet scam?
If you receive a fraudulent email, you should forward it immediately to cspert@us.hsbc.com. This email address is solely intended to address issues related to online fraud targeting HSBC companies and does not respond to customer inquiries. Please do not use this email for general questions about your account. Visit the Contact Us section to submit all general questions.
- How can I protect
myself from online fraud?
Your best defense against online fraud and computer viruses is education and discipline.
- Verify the validity of the sender and legitimacy of the request.
- Never input personal or banking information online without checking that the website is in a "secured" environment. Look for an "https://" in the website address line (URL) at the top of your browser. The 's' in "https://" denotes that the Internet session is secured by encryption to keep the information you transmit online protected from unauthorized users. In addition, a locked padlock symbol in the bottom right corner of your Internet browser window also indicates that an Internet session is secured through encryption. But be aware that even secure sites can be spoofed to include the "https://" prefix and locked padlock.
- Typical phishing requests are not personalized. Unlike your own bank or credit card company that may include your name and/or an account identifier or type, phishing requests typically keep the salutation and information about you generic.
- Remember: Credit card issuers and financial institutions would not ask you to send or verify your password, Social Security number, or PIN within an email message. Again, only provide information that you initiate through an application, an online transaction or through the normal log-in/sign-up process.
- Be suspicious of numerical web addresses or URLs. Typically, a company's web address or URL includes part or a portion of the company name followed by .com, .org, or .net. a spoof site that uses a numerical web address (or an IP address) or includes an "@" sign within the address could be a tip-off that the site is fraudulent.
- Become familiar with the websites you frequently visit and bookmark these sites/
- Protect your passwords and Personal Identification Numbers (PINs) by keeping them confidential.
- Keep your web browser software up-to-date with the latest versions and security updates.
- If you have a high speed Internet connection (i.e. Cable Modem, DSL) it is helpful to install personal firewall software to ensure that hackers cannot get access to any sensitive information stored on your computer.
- All computer users should install anti-virus software that can be automatically updated with information on the newest harmful viruses.
- Do not open or download email attachments if you have any doubts about the sender or the nature of the attachment. Many viruses are distributed this way and if opened, could damage your computer or access your sensitive information.
HSBC
Authenticity
- How can I be sure that
I'm interacting with
about my Account?
To ensure that you are securely connected to the website, you should always look for these security indicators when submitting personal or account information:
- A padlock in the lower-right corner of your web browser
window.
If you double-click this padlock, you should find valid Verisign certificate information issued to .
For example:
ABOUT SSL CERTIFICATES
- A padlock in the lower-right corner of your web browser
window.
- How can I be sure that the
email I receive is authentic?
Always look for the "Email Security Corner" which is located in the upper-right corner of email sent from . The Email Security Corner will contain personalized information, such as your name or your zip code, so that you can be sure the email is legitimate. Phony emails and "phishing" scams are typically NOT personalized with your name or other customer-specific details. NOTE: Internet email is NOT secure. will NEVER include your full Account number in an email, and will NEVER ask you to reply to an email with sensitive personal or Account information. If you receive an email that appears to be from but looks suspicious in some way, DO NOT respond, provide information, or click on any links or attachments. Please notify us immediately by emailing cspert@us.hsbc.com.
Additional Online Security
Resources
- Where can I get more
information about online security?
For more information on protecting yourself from these scams, please visit the following resources:
- Anti Phishing Working Group:
‡ - FBI Internet Fraud Complaint Center:
‡ - The Federal Trade Commission:
‡
- Anti Phishing Working Group: