Top of main content

Fraud and Security

Take steps to stay safe and secure when using your card and banking online

Safer banking practices are an essential tool to protect yourself from fraud and prevent criminals from accessing your accounts.

We recommend that all HSBC customers follow these guidelines in order to remain safe and secure when banking online or using your card in public. 

Keep your personal details safe

  • don't lend or share your card information with anyone else
  • change your card PINs regularly
  • don't keep your card together with your PIN
  • don't allow merchants to take your card out of your sight for an extended period of time
  • contact us as soon as you spot an unrecognised transaction on your account
  • use different PINs for different cards
  • PINs should never be shared for any reason

Ensure your contact details are up to date

Ensure that your e-mail address and phone number are up to date so we can verify purchases and contact you if we find any suspicious transactions. You can update your details by sending us a secure message through online banking.

Check your statements on a monthly basis

You should carefully review your statements on a monthly basis to identify any unknown transactions. You can download a paperless version of your statement using online banking. If you notice a transaction that you don't recognize, contact us by calling our contact center on 299-5518.

Make sure your software is up to date

It's harder for viruses to infect updated software. The criminals who create viruses take advantage of software bugs to infect computers. Software companies fix bugs with free, downloadable updates. So it's a good idea to install updates for your software as soon as they become available.

Just be wary of fake emails about bogus updates. Only use the update software that comes with your computer – don't click on links in emails. 

You'll also want to make sure you're always using the most up-to-date web browser. Modern browser software adds a layer of protection against fake websites. So when you're looking at websites, your browser can warn you if you're visiting a fake or suspicious website.

Install IBM Trusteer Rapport

Get an extra layer of protection when you bank online. HSBC recommends that you install IBM Trusteer Rapport software from IBM Trusteer. It's free, easy to install and simple to use. It works with the security software you already have to make online banking safer.

Check your privacy settings

If you use social networking websites, double-check your privacy settings to make sure you only share personal information with people you trust.

On these sites, you tend to share personal things about yourself. Anything from your mother's maiden name to the name of the first school you went to, your address, birthday and telephone number can be found on social media. And all this information is useful to people who want to steal your identity or break into your accounts.

Sign up for card alerts

With HSBC Credit Card Alerts, we’ll notify you of activity on your card with a simple email. If you notice any suspicious transactions or activity let us know by calling our 24/7 contact centre immediately on 299-5518 and we’ll investigate it for you.

Be aware of common scams

  • phishing – these are email scams where a fraudster will send you an email pretending to be a legitimate organisation such as a bank. The email will ask you to update or verify your personal or financial information. Sometimes you'll be sent to log on to a website that looks legitimate, but is fake. The objective is to encourage you to provide your secure information so the fraudster can hack into your accounts
  • vishing – this kind of fraud is a social-engineering scam. It's the telephone equivalent of phishing, where a fraudster will phone you and try to trick you into giving your private information. Be wary of anyone who calls you asking you to disclose information. If in doubt, always end the call and ring us back. Anyone legitimately calling from HSBC will not be upset if you say you prefer to phone us directly
  • advanced fee fraud - This involves unsolicited letters and emails offering the recipient a generous reward for helping to move large sums of money, usually in US dollars. These funds are said to be anything from corporate profits, accumulated bribes or unspent government funds to unclaimed money belonging to a deceased person. The fraudsters are trying to obtain your banking details. The transactions typically require the recipient of the letter or email to pay something like a fee/tax/bribe to complete the deal – this is the advance fee. However, any fees paid will be lost.
  • romance fraud - This occurs when a fraudster uses a fake online identity to gain a victim’s affection and trust, with the aim to manipulate and steal from their victim. After a period of time, they may ask for money or your bank account information. When someone you meet online requests your bank account information, they are most likely planning to use your account to carry out theft or a fraud scheme.
  • business email compromise - This occurs when a fraudster emails a company's payments team, impersonating a contractor, supplier, creditor or even someone in senior management. The email might appear to be from the CEO, asking that an urgent payment be made, or from a supplier, requesting that future payments go to a new account. Often it instructs the recipient not to discuss the matter with anyone else. Since the sender's email closely matches a known address, this type of fraud often goes unnoticed until too late. Cybercriminals may even hack into a real email account - from which fraudulent communications are hard to identify.

How to spot fake emails and websites

Fraudsters use fake emails and websites to get you to unknowingly give away your passwords or bank details. Look out for these warning signs to spot them.

  • poor design, typos or bad grammar
  • the sender's email address doesn't match the name of the company domain it's meant to be coming from
  • asking you to do something unusual
  • the email requests usually try to generate a sense of urgency for you to take some action, which is a red flag
  • asking for personal information
  • an email link that says it's going somewhere that it isn't (tip: hover over a link in an email to see its real destination)
  • a website that doesn't display the padlock symbol in their address bar when you log on
  • check the URL to ensure it is the website you expected to be on and have not been re-directed.
    For example: If you are being directed to a website, check the URL looks correct before proceeding Eg HSBC Bank Bermuda URL is and not
  • be aware of common scams

Quick tips

  • don't download any free software on your computer unless you're certain it's safe
  • use anti-virus software, and make sure it's up-to-date 
  • change your passwords regularly
  • don't respond to unsolicited emails requesting information, and don't follow any links in them either
  • make sure you're on a secure website before submitting banking or other sensitive information. Secure websites begin with 'https://' instead of 'http://' They'll also contain a padlock icon on the address bar
  • never send your card details through email

You might also be interested in


Reward yourself with HSBC Reward Points when you use your HSBC credit card.
The points you earn can be redeemed online.


Learn about the best ways to bank from your phone or the comfort of your home.


Protect yourself from fraud through early detection. Register to receive e-mail alerts when your card is used.


Issued by HSBC Bank Bermuda Limited, of 37 Front Street, Hamilton Bermuda, which is licensed to conduct Banking and Investment Business by the Bermuda Monetary Authority.

Listening to what you have to say about our services matters to us.