Online security

Security of our systems:

128-Bit SSL encryption

HSBC requires the use of 128-bit Secure Socket Layer (SSL) Encryption, with all Personal Internet Banking applications and online application forms, which is the industry standard encryption used for internet banking applications. Encryption converts your data (i.e. when you apply for a loan or credit card at HSBC or when you use Internet Banking) into an encoded form before it is sent over the Internet. The encryption helps keep your information private between the bank's computer system and your Internet browser.

To determine if the browser you are using supports 128-bit encryption try a browser check.

Internal systems encryption

HSBC employs multiple levels of encryption with multiple encryption algorithms on and between internal systems to help ensure your data is kept secure and inaccessible to unauthorised users.

Firewalls

HSBC uses firewalls to block potentially destructive information from entering our computer systems and to prevent unauthorised access. Firewall software can be installed on business and home computers as a barrier against hackers and viruses.

Digital certificates

To protect your computer and your account information when using Personal Internet Banking, HSBC Bank Armenia uses Digital Certificates to allow you to ensure you are communicating with HSBC. When you log on to HSBC Bank Armenia Personal Internet Banking, your browser challenges the HSBC website to prove its identity using digital certificates. Your browser can verify the certificate and alert you if the website is not HSBC. When logging on to HSBC Personal Internet Banking, you should always ensure that this identity check has occurred. For instance in Microsoft® Internet Explorer, ensuring that the yellow lock is present on the lower right hand corner of the browser and double-clicking it allows you to view the digital certificate of the website your browser has verified.

Server gated cryptography (SGC)

HSBC uses Server Gated Cryptography or SGC, which allows a browser using 40-bit SSL encryption to function as 128-bit encryption for the duration of the online banking session. This helps keep your online banking transaction information as secure as possible without having to download an updated browser.

Security device

HSBC Bank Armenia is committed to safeguarding your sensitive financial information. We have introduced a Security Device, needed to access Personal Internet Banking. Each Security Device generates a series of single-use security codes unique to the user's account. By using these security codes together with your Username and Memorable Answer, your online security is increased.

Never give your security device code to anyone

In no instance will any official from HSBC ask you to give your Security Device Code either via e-mail or over the phone. If you receive any such call and are unsure if it is genuine or not, ask the caller for their department and extension and then contact our Call Centre and ask to be put through.

Keeping your online sessions secure

Secured sessions

Your HSBC Internet Banking session is protected in a "secured" environment through Secured Socket Layer (SSL) encryption. SSL technology is used within your Internet Banking session to encrypt your personal information before it leaves your computer to help ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. You will know when you are on a secured HSBC page when you see the "https://" before the web address. A padlock symbol in the lower right hand corner of your browser window will also be present. A closed padlock indicates that your HSBC online session is in a "secured" environment.

Your internet banking session

Username, Memorable Answer, and Security Device Feature

To make accessing your HSBC Bank Armenia cjsc accounts more secure, we require that after obtaining your Username, you create your Memorable Question and Answer, and a pair of Security Questions and Answers. This information is then authenticated by HSBC's system to verify your identity before providing account access. To log on to your Internet Banking site you will be requested to provide Security Device information as well. This will provide your Internet banking log on with additional security.

Log on attempts

For added security, we protect your online banking access by tracking the number of log on attempts. After a number of incorrect Memorable Answer/Security Device code attempts, you will be prompted to reset your Memorable Question/Answer with the help of Security Questions/Answers you have set during the registration process. Should you forget your Security Questions/Answers as well, you will be able to submit a Security Information Reset request, which is to be activated by HSBC staff. Once the request is activated, you will regain access to your accounts.

Session time-out

For your protection, HSBC includes a Session Time-out feature for your online banking session. If your Internet Banking session remains idle for a given time, your session automatically ends. This helps to protect your accounts from unauthorised access if your PC is left unattended or you have not logged-off from your Internet Banking session.

Secure e-mail

To protect any private information you may send to us via e-mail, HSBC provides a secure e-mail feature within Personal Internet Banking so that your correspondence and your information remains between you and HSBC.

Important Note: If your Internet Banking password has been compromised, please immediately contact us.

Never give your details online

Never give your Internet banking security credentials, telephone numbers or usernames to anyone online. Never respond to e-mails requesting this information.

Phishing is a criminal activity using social engineering techniques where phishers attempt to fraudulently acquire sensitive information such as username, passwords, the security device number and credit card details by masquerading as a trustworthy entity in an electronic communication.

These criminals also contact customers via e-mail asking for their username, contact phone number and Memorable Answer. Should the customer reply to the e-mail they then follow this up with a phone call asking for the Security Device Code.

Don’t be fooled. You will lose much more than a Memorable Answer or Security Code

How to recognize a fictitious HSBC Site

Such e-mails contain a link which directs you to a fictitious HSBC site. Below are simple steps by which you may easily identify such a site:

  • Website encryption
  • Such a fake site would not normally be encrypted. This is identified by the fact that the address of the site would not begin with "https://".

  • Address bar is clearly not an HSBC domain
  • Clearly, links contained in phishing e-mails direct you to domains which are not HSBC registered.

    A truly genuine HSBC Armenia webpage must be located in the following domain:

    www.hsbc.am

    When in doubt, do not open these links and close your browser window without filling out any of your details.

Prevention is better than cure

You can clearly prevent any such e-mails from reaching your mailbox by adopting 'anti-phishing' measures.

Such measures include:

  • setting up of a filter in your e-mail inbox, contact your internet provider for more details;
  • setting up of internal phishing site prevention within your browser. This feature is available in browsers such as Microsoft Internet Explorer 7.0.

What to do if you receive such an e-mail?

If you receive an e-mail message which you believe to be fraudulent:

  • do not respond to the e-mail
  • do not click any links included in this e-mail
  • forward the e-mail to hsbc.armenia@hsbc.com
  • delete the e-mail

Remember, HSBC will never ask you for your Personal Internet Banking information via e-mail

For more information

If you receive an e-mail message which you believe to be fraudulent:

  • call our Call Centre at +374 (10) 515 000
  • send us an e-mail

Note: In case of discrepancies between the Armenian and English versions of this page, the Armenian version shall prevail.

Last modified: 14/07/2015 17:32