Online and mobile security

When you perform online banking, your transactions are encrypted to protect against data from being intercepted and stolen by hackers.

Our online services are protected by firewalls to protect against potential breaches.

Customers are notified promptly via SMS to their registered mobile numbers every time a transfer is performed using their online banking account.

Long periods of login inactivity may increase the risk of fraud and other issues so we will log you out of your online banking session after 15 minutes of inactivity to prevent others from gaining access to your account.

• Standard Chartered uses a Web Access Firewall (WAF) to filter, monitor and block unwanted HTTP traffic to and from a web application. A WAF is able to filter the content of a specific web application. It can prevent attacks stemming from web application security flaws, such as SQL Injection, Cross-Site Scripting (XSS) and security misconfigurations.
• Standard Chartered deploys Distributed Denial of Service (DDoS) mitigation tools to protect our channels from denial of service.

Banking systems and transactions are continuously monitored by our security team to detect and respond to any threats or risks.

We give you the option to configure SMS and email alerts, to stay informed when important account information changes or transactions are made using your accounts, including the following:

• Payments and transfers are made using your accounts.
• Amendments to balance threshold/limit.
• Changes to account data.

eStatements enable you to keep track of all your transactions easily and efficiently:

• All eStatement data are encrypted during transportation.
• eStatements are password protected, and are only sent to the email address last notified.
• Electronic alerts via SMS/email are sent to remind you when your eStatement is ready for viewing (Electronic alerts via SMS service is not available for customers of Standard Chartered China).

Additional alerts and authentication enhance the security of your online and mobile banking activities:

• Two Factor Authentication (2FA) is required if you wish to add new payees, complete a bill payment or perform a fund transfer.
• SMS/Email alerts inform you when a new payee has been added.
• You can set daily transfer limits for your accounts.

Personal firewalls will ensure the right data goes to the right places and keep unwanted connections from accessing your personal information.

Lock your machine when you’re stepping away from your computer or configure a password-protected screensaver to be activated after a few minutes of inactivity.

• Anti-virus/malware protection solutions are key in securing your computer from online threats.
• Always update your anti-virus software with the latest version.

This prevents unauthorised access to your files, printers and network.

Safe banking at home starts with securing your own network:

• Ensure you have anti-virus/a malware solution installed on your personal computer.
• Follow the manufacturer’s recommendations to configure your home router with appropriate security settings. Your wireless network should at least be locked with a WPA level protection, and WPA-2 level whenever possible.
• Never share your home WiFi access/password with unauthorised persons . By allowing someone access to your network, you are giving them access to a system where data comes in and out. A cyber criminal may exploit this to see what the users on the network are doing and may use your WiFi as a prime hunting ground for valuable data.

Never connect to networks that are neither secured nor encrypted.

• Ensure that your web browser is up-to-date.
• Do not store your username/password in the browser.
• Only log in through our official website or applications and always remember to log off.
• Keep your token for One Time Password (OTP) secure .

Cyber criminals may create fraudulent websites that mimic real websites with a similar appearance and a seemingly related URL.

• Check the web address in your browser’s address bar. Look out for other signs of malicious sites such as outdated design, broken links, poor grammar, and other errors.
• Always type in the URL of Standard Chartered website directly into the address bar of your browser.

We will never:

• Request your account information and password over the phone, via email or SMS.
• Send messages that contain poor spelling and grammar.
• Send messages that claim you have won a prize or direct you to click on a link.

Your passwords and PIN should:

• Be kept confidential and never shared with anyone.
• Be memorised, don’t write them down.
• Regularly changed and updated, especially if you suspect that it has been compromised.
• Not be based on guessable information such as your name, telephone number, birthday or other personal information.
• Not be stored or retained in your browser.
• Not be based on the same details that you use to access other services such as email, other Internet sites, ATM PIN, or Phone banking PIN.

For better security, we recommend that your password:

• Contains 8-16 characters using numbers, upper- and lower-case letters and special characters. Phrases that are easy to remember but hard to guess work well, e.g. IL1k35tr0ngP@ssw0rd5.
• Does not contain 3 or more consecutive identical characters, e.g. “aaa” or “111”, etc.
• Does not contain 4 or more consecutive characters as part of your password, e.g. “1234” or “abcd”, etc

Only log in through our official website or mobile applications and remember to log off:

• Never log in to online banking from any email you’ve received – we will never ask you to log in via an email link.
• Always log out from your online/mobile banking account. Closing the browser window does not guarantee secure logout and it could leave your account open to misuse.

Secure your confidential documents:

• Lock your confidential documents in a safe place and shred any bills, receipts, statements and unwanted mail you wish to get rid of, as they contain key details that can be used to steal your account information.

Protect your identity:

• Cyber criminals are targeting social networking sites and online forums such as Facebook™, Twitter, Instagram, LinkedIn, and Sina Weibo amongst many others in an attempt to steal personal information – so be careful with what you share online.
• Do not publish details that can identify you. They include birthdates, phone numbers, addresses and full names.
• Limit access to your profile. Consider restricting your profile to friends and family only.
• Keep your password safe and don’t use the same one for all your online accounts.
• Make sure you understand the privacy policy of each site as some may sell users’ email addresses, leaving you susceptible to phishing attempts and spam.

Check your statements regularly:

• This will help you spot any fraudulent transactions. If you notice something unusual or suspect that you have been a victim of fraud or identity theft, please contact us immediately by calling the number on the back of your card or bank statement.

Keep your token for One Time Password (OTP) secure:

• Do not allow anyone to use or tamper with your security token.
• Do not reveal the OTP from your security token or SMS to anyone.

Malware (viruses, worms, trojan horses, spyware etc.) is designed to cause damage to your computer or network, steal personal information or even spy on your computer activities.

Tips on how to protect yourself against malware:

• Ensure you have anti-virus/malware protection installed on your devices.
• Do not download files (including email attachments) without verifying that they are from a legitimate source.
• Delete junk and chain emails – do not open them. If you opened one, do not click on any links or images and do not download attachments.
• Only install applications from verified sources/providers.
• Never connect to unknown and unsecure Wi-Fi networks when performing online banking transactions.

Phishing is a fraudulent attempt where cyber criminals try to trick you into giving personal information that can be used for fraudulent activities such as payment scams, identity theft and credit card fraud. Doing this over the phone is known as voice phishing or vishing.

Tips on how to protect yourself against Phishing:

• Treat all unsolicited emails, SMS/requests online with caution.
• Verify if the sender/caller is legitimate – if you’re unconvinced, call back using an official phone number e.g. from the back of your bank card.
• Do not click on links or open attachments in suspicious messages.
• Do not give in to any requests for personal information.

We will never ask for confidential information by email, phone or SMS.

SIM card replacement fraud is when a cyber criminal requests a replacement SIM card by pretending to be you – claiming loss or malfunction of the SIM card. The mobile service provider deactivates your existing SIM card and issues a replacement card to an address specified by the cybercriminal. The cybercriminal now receives all confidential bank notifications, including OTPs.

• Contact your mobile operator immediately if you stop receiving calls or texts for unknown reasons.
• If your phone is displaying a “SIM not registered” or a similar message, call or visit your mobile operator immediately.
• Secure your mobile device using a password/passcode.

Mobile payments and banking are becoming increasingly popular and it’s important to apply the same security measures to your mobile phone as you would to your computer.

• Always use the Apple App Store or Android Google Play Store to download the SC Mobile banking application.
• Do not store passwords or account numbers on your mobile phone.
• Never use a jailbroken device for your mobile banking.
• Ensure that your mobile device is updated with the latest version of the operating system.
• Always log out and never leave the Standard Chartered mobile banking application running in the background.

Social networking lets you stay in touch with friends and family, but you should be careful about what you share online.

• Share carefully – be wary about sharing information that could be used to steal your identity. This includes your date of birth, address, or phone number.
• Keep potential fraud and spam out of your regular email inbox by creating a separate email for social networking purposes.
• Use a unique password for each of your social networking profiles. Ensure it doesn’t match passwords used for banking and other related activities.