Terms and Definitions
Adware is a software application in which advertising banners or 'pop ups' are displayed on your computer screen while the program is running. Software that also includes codes to track a user's personal information, which is then passed on to third parties without the user's knowledge, is called Spyware.
In addition to being annoying, popups caused by adware and spyware slow system performance, using memory and system resources that can lead to system crashes and instability. Adware and Spyware programs invade your online privacy and are considered other forms of identity theft. The programs may have the ability to monitor keystrokes, scan files on your hard drive, change your default homepage on your browser, and relay information about your web visits for marketing purposes.
Several companies offer anti-adware or anti-spyware software to detect and delete the programs:
Anti-virus software should be installed on your home computer and laptop to scan your e-mail and the files on your computer for potential viruses that may be attached. If a virus is detected, you are notified immediately and the anti-virus software will prevent the e-mail or file from being sent to you before it’s opened. You should run your anti-virus software on a regular, frequent basis to prevent computer infections like viruses, worms, or Trojan Horses from entering your computer system. Purchase a program that automatically upgrades your virus protection on a regular basis. Three popular sources for anti-virus and firewall protection software are Symantec, McAfee and Computer Associates®.
A browser is a software application that works with the Internet to provide you a way to view, find and interact with web sites and web pages. The most popular web browser is Microsoft® Internet Explorer. As new versions of the browsers are developed, users are able to experience a full multimedia spectrum, including text, graphics, sound, and video.
Cable modems provide high-speed Internet access using cable television networks. They use either the traditional coaxial cables or newer fiber optic cables for the transmission of data. Cable modems offer continuous connection to the Internet without having to dial into an Internet Service Provider (ISP) each time you wish to connect to the Internet.
The main purpose of cookies is to identify visitors and be able to customize web pages for them each time they return. Cookies are harmless and used by other web sites to provide you a more efficient and more consistent experience. When you visit a web site, a cookie is placed on your computer that contains information about your computer preferences and allows customization of the site for your use. For example, rather than seeing a generic welcome page, cookies allow the page to be customized and personalized to you. Any time HSBC uses a cookie, personal information is encrypted for our use only and protected from third party access.
A credit monitoring program can be purchased through a credit bureau (i.e. Equifax) and is designed to keep you updated on your credit report and credit status. You may be alerted to changes in your credit or credit inquiries from financial sources, of which you may not be aware. If you suspect illegal activity regarding your credit, you should contact the bank, your creditors, and the credit company for which you may have a credit monitoring program.
Like a driver’s license or passport, Digital Certificates allow individuals or organizations on the Internet to verify each other's identity to prevent unauthorized access. A Digital Certificate is a randomly generated set of characters that a computer sends to your browser. The browser on your computer stores this information and uses it as a digital stamp to certify the authenticity of the information sent to you and as a means of establishing identity. You may see a Digital Certificate issuer logo at the bottom of a browser page for your reference.
When you apply for credit at HSBC or conduct Internet Banking transactions, the information you enter online is “encrypted” or transformed into a string of unrecognizable characters before being sent over the Internet. This helps to keep the information between the bank's computer system and your Internet browser private. The strongest level of encryption is 128-bit, used on popular web browsers such as Microsoft® Internet Explorer. Your session is in a secured “encrypted” environment when you see https:// in the web address, and/or when you see the locked “padlock” symbol at the bottom right corner of your browser window.
Firewall software can be installed on company and home computers as a barrier against hackers and viruses. Firewalls are used to filter potentially destructive information or prevent unauthorized access. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases. Three popular resources for Firewall protection are Symantec, McAfee and Computer Associates®.
Keystroke Capturing or keystroke logging is a surveillance tool that is illegally used to record the keystrokes of unsuspecting victims in order to determine Password and Log-in information that can be used for theft purposes. To help reduce your risk, an additional password called a Security Key, will now be required for use with the Bill Pay service. The Security Key provides an extra level of protection online if your primary Password were to be compromised.
Phishing (pronounced 'fishing') is a highly prevalent online scheme used by Internet cyber-criminals to 'lure' you into providing your personal and financial information online.
The fraudsters create email masquerading as banks, credit card companies, online auctions, and department stores looking for you update personal information. The email may include a link to a fraudulent site known as a 'spoof' site, since it's crafted to look just like your bank, credit card company or other credible sources. Some customers unknowingly fall into the trap and happily provide the requested information to what is believed to be a trusted site. As a result, the unsuspecting customer is 'phished' and at risk of account theft, identity theft and computer infection.
HSBC will provide resources throughout this Security Site to help keep you protected online. Visit the Alerts! section of the site to learn about new fraud attacks being perpetrated against HSBC. You should also review the Anti-Phishing Working Group site to read about current phishing and spoofing attacks reported.
No reputable company would request personal information via email and you should contact the company in question if you suspect the email is fraudulent.
HSBC will NEVER request password or personal information through e-mail and you should contact us immediately at
A Plug-in is a software module that adds a specific functionality to the web browser. For example, plug-ins for Internet Explorer allow the browser to display various types of audio and video messages or popular Adobe® Acrobat® (PDF) files.
HSBC offers RecordCheck, a free service that eliminates your task of filing, storing and searching for your canceled checks. With RecordCheck, HSBC will retain your canceled checks for you, thereby reducing the risk of your checks getting into the wrong hands.
Your online banking sessions and online applications are protected in a "secured” environment, which uses Secure Socket Layer (SSL) technology to encrypt your personal information before it leaves your computer, insuring that no one else can read it. You will know that you are on a “secured” page when you see the “https://” before the web address. You will also see a padlock symbol in the lower right hand corner of your browser window. A closed padlock indicates that your online session is “secured” by encryption to protect your personal information.
Secure Socket Layer (SSL) protocol provides a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps verify that sensitive information (e.g. credit card numbers, account balances and other proprietary financial and personal data) sent over the Internet between your browser and a web server remains confidential during online transactions.
Security holes/bugs are faults, defects or programming errors exploited by unauthorized users to access computer networks or web servers from the Internet. As these holes or bugs become known, software publishers develop "patches," "fixes" or "updates" users can download to fix the problems.
In a continued effort to bring you the latest online banking security, an additional Password - called a Security Key - will be required for use with the Internet Banking service. The Security Key provides an extra level of protection if your primary password were to be compromised. You'll create your Security Key and then be asked to enter random characters from it to access your Internet Banking service. The added Security Key is for your online protection and will help prevent your password from being stolen by key logging software. Once your Security Key has been entered correctly, you can continue to use the Internet Banking service.
When you log-in to Internet Banking or to a site that requires authentication, you input a specific Username and Password to gain access to your account information. The encrypted information then passes through a rigorous test on HSBC’s computer systems to insure proper authorization before your account information is displayed.
For your added online security, HSBC uses a session time-out feature. If your Internet Banking session is idle for a given amount of time, your session is ended automatically. This will insure that your online session is in a “secured” environment and that the personal information you enter is protected. A closed padlock symbol indicates a secured page is being used. Never input personal information on a web site form or application that does not display the https:// before a web site address or a ‘padlock’ symbol.
Social Engineering is an identity theft process that relies on human interaction and often involves tricking an unsuspecting individual into providing personal information like bank account information or Passwords. Social engineers search dumpsters for valuable information, will memorize access codes by looking over someone's shoulder, or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed (children’s names, addresses, or birth dates). The personal information discovered is then used illegally to apply for credit, purchases goods and services, or gain access to funds.
Sometimes companies or individuals purchase
Adware is a software application in which advertising banners or 'pop ups' are displayed on your computer screen while the program is running. Software that also includes codes to track a user's personal information, which is then passed on to third parties without the user's knowledge, is called Spyware. The Spyware programs are typically bundled with other freeware or shareware programs that are downloaded from the Internet. Spyware is like a Trojan horse computer infection because it is installed when users install something else.
In addition to being annoying, popups caused by adware and spyware programs slow system performance, using memory and system resources that can lead to system crashes and instability. Adware and Spyware programs invade your online privacy and are considered other forms of identity theft. The programs may have the ability to monitor keystrokes, scan files on your hard drive, change your default homepage on your browser, and relay information about your web visits for marketing purposes.
Several companies offer anti-adware or anti-spyware software to detect and delete the programs:
As part of a 'phishing' scam, Internet fraudsters create authentic-looking web sites to look like other sites. Financial institutions are the most targeted groups to be 'spoofed' (or have their sites copied). Through email, the 'spoofed' or forged sites attempt to persuade readers to input personal and banking details by creating a sense of urgency around the request. Unfortunately, some readers react and respond quickly with the requested information trusting the request to be legitimate. They may not realize until it's too late that they had just been 'phished.
Many spoofed sites look very legitimate and are sometimes difficult to detect as fraud. The scammers use company logos, impressive graphics, text and credible-looking links. But don't be fooled by the email or the links, and don't provide an information without checking directly with the bank or company first. Visit the Alerts! section to learn of new or potential online threats against HSBC and read about other current identity theft scams through the Anti-Phishing Working Group repository to learn about other business sites that have been spoofed, and the traits of known fraud attacks.
A Trojan Horse is the name of another type of virus, which is simply a computer program that masks as another program. Trojan Horses are sent as an e-mail file attachment. For example, it may claim to be a game, but once opened, can cause damage to your computer, from erasing files to changing your desktop. It then sends itself to other people in your address book to propagate itself.
Through e-mail, file sharing and downloaded programs, computer viruses are sent as e-mail attachments. A virus is a small program that piggybacks on e-mail and program files. For example, a virus might attach itself to a program or a game. Each time the program is opened, the virus runs and can infect other programs or damage your computer. Some viruses move around through e-mail then replicate by automatically mailing to the victim’s entire e-mail address book. Never open an e-mail attachment unless first scanned through anti-virus software.
A worm virus is a small program that searches through networks to find security holes to replicate itself from machine to machine. Worms use up computer time, space, and speed when replicating, with a malicious intent to slow or bring down entire web servers and halt Internet use.