Security of our systems

HSBC requires the use of 256-bit Secure Socket Layer (SSL) Encryption, with all online banking applications and online application forms, which is the industry standard encryption used for online banking applications. Encryption converts your data (i.e. when you apply for a loan or credit card at HSBC or when you use online banking) into an encoded form before it is sent over the Internet. The encryption helps keep your information private between the bank's computer system and your Internet browser.

To determine if the browser you are using supports 256-bit encryption try a browser check.

HSBC employs multiple levels of encryption with multiple encryption algorithms on and between internal systems to help ensure your data is kept secure and inaccessible to unauthorised users.

HSBC uses firewalls to block potentially destructive information from entering our computer systems and to prevent unauthorised access. Firewall software can be installed on business and home computers as a barrier against hackers and viruses.

To protect your computer and your account information when using online banking, HSBC Bank Armenia uses Digital Certificates to allow you to ensure you are communicating with HSBC. When you log on to HSBC Bank Armenia online banking, your browser challenges the HSBC website to prove its identity using digital certificates. Your browser can verify the certificate and alert you if the website is not HSBC. When logging on to HSBC online banking, you should always ensure that this identity check has occurred. For instance in Microsoft® Internet Explorer, ensuring that the yellow lock is present on the lower right hand corner of the browser and double-clicking it allows you to view the digital certificate of the website your browser has verified.

HSBC uses Server Gated Cryptography or SGC, which allows a browser using 40-bit SSL encryption to function as 256-bit encryption for the duration of the online banking session. This helps keep your online banking transaction information as secure as possible without having to download an updated browser.

HSBC Bank Armenia is committed to safeguarding your sensitive financial information. We have introduced a Security Device, needed to access online banking. Each Security Device generates a series of single-use security codes unique to the user's account. By using these security codes together with your Username and Memorable Answer, your online security is increased.

In no instance will any official from HSBC ask you to give your Security Device Code either via e-mail or over the phone. If you receive any such call and are unsure if it is genuine or not, ask the caller for their department and extension and then contact our Call Centre and ask to be put through.

Your HSBC online banking session is protected in a "secured" environment through Secured Socket Layer (SSL) encryption. SSL technology is used within your online banking session to encrypt your personal information before it leaves your computer to help ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. You will know when you are on a secured HSBC page when you see the "https://" before the web address. A padlock symbol in the lower right hand corner of your browser window will also be present. A closed padlock indicates that your HSBC online session is in a "secured" environment.

To make accessing your HSBC Bank Armenia cjsc accounts more secure, we require that after obtaining your Username, you create your Memorable Question and Answer, and a pair of Security Questions and Answers. This information is then authenticated by HSBC's system to verify your identity before providing account access. To log on to your online banking site you will be requested to provide Security Device information as well. This will provide your online banking log on with additional security.

For added security, we protect your online banking access by tracking the number of log on attempts. After a number of incorrect Memorable Answer/Security Device code attempts, you will be prompted to reset your Memorable Question/Answer with the help of Security Questions/Answers you have set during the registration process. Should you forget your Security Questions/Answers as well, you will be able to submit a Security Information Reset request, which is to be activated by HSBC staff. Once the request is activated, you will regain access to your accounts.

For your protection, HSBC includes a Session Time-out feature for your online banking session. If your online banking session remains idle for a given time, your session automatically ends. This helps to protect your accounts from unauthorised access if your PC is left unattended or you have not logged-off from your online banking session.

To protect any private information you may send to us via e-mail, HSBC provides a secure e-mail feature within online banking so that your correspondence and your information remains between you and HSBC.

Important Note: If your online banking password has been compromised, please immediately contact us.

Never give your online banking security credentials, telephone numbers or usernames to anyone online. Never respond to e-mails requesting this information.

Phishing is a criminal activity using social engineering techniques where phishers attempt to fraudulently acquire sensitive information such as username, passwords, the security device number and credit card details by masquerading as a trustworthy entity in an electronic communication.

These criminals also contact customers via e-mail asking for their username, contact phone number and Memorable Answer. Should the customer reply to the e-mail they then follow this up with a phone call asking for the Security Device Code.

Don’t be fooled. You will lose much more than a Memorable Answer or Security Code!

Phishing e-mails contain a link which directs you to a fictitious HSBC site. Below are simple steps by which you may easily identify such a site:

Such a fake site would not normally be encrypted. This is identified by the fact that the address of the site would not begin with "https://".

Clearly, links contained in phishing e-mails direct you to domains which are not HSBC registered.

A truly genuine HSBC Armenia webpage must be located in the following domain:

www.hsbc.am

When in doubt, do not open these links and close your browser window without filling out any of your details.

You can prevent any such e-mails from reaching your mailbox by adopting 'anti-phishing' measures.

Such measures include:

• setting up of a filter in your e-mail inbox, contact your internet provider for more details;
• setting up of internal phishing site prevention within your browser. This feature is available in browsers such as Microsoft Internet Explorer 7.0.

If you receive an e-mail message which you believe to be fraudulent:

• do not respond to the e-mail
• do not click any links included in this e-mail
• forward the e-mail to Phishing@hsbc.com
• delete the e-mail

Remember, HSBC will never ask you for your online banking information via e-mail.