Online and mobile security

• Removal of clickable phone numbers in bank-sent emails and SMSes
• We no longer send any clickable links via SMS or emails.
• If you receive any SMS or email with a clickable link, please do not click and contact us immediately.
• We have registered SMS sender ID, our one-way SMS to Hong Kong mobile numbers will be sent under any one of the following sender IDs registered by the bank:
  • #SCBHK
  • #SCBHKinfo
  • #SCBHKsms
• Learn more

• Advanced 24/7 monitoring
  • All systems and activities are closely monitored by our team of professionals who are dedicated to proactively detecting and defending against threats, and resolving issues.
  • We monitor threats and online activity around the clock to detect any scams early and take preventive measures to keep your account safe.
• Instant alert
  We provide text messages, push messages and email alerts to notify you when important information changes or transactions are made using your account, including but not limited to:
  • Make payments and transfers through your account
  • Modify limit
  • Change account information

After SC Mobile Key registration or re-registration and initiating identified high risk instructions (e.g. add new payee, fund / payment transfer, increase transfer limit, etc), your Digital Banking account may be suspended due to security reason. Please call our hotline 2886-8862 for identity verification. The bank will re-activate your Digital Banking account after verification, and you could re-initiate the instruction thereafter.

Click HERE to visit Scameter website of the Hong Kong Police Force.

As there is an increasing trend of fraud cases related to payments, remember to double check the transaction details and the payee is trustworthy before you proceed with the transaction.

If you have any doubt with the payee details,  or receive the alert message flagging the payee’s information as “High Risk” when making the transaction instruction, you can visit the Scameter website of the Hong Kong Police Force to learn more.

Scameter is the one-stop search engine provided by the Police Force to help the public identify frauds and online pitfalls. When you encounter suspicious calls, online sellers, friend requests, job ads, investment websites, etc., you can enter the platform account name or number, payment account, phone number, email address, URL, etc. to assess the risk of fraud and cyber security.

1. Firewalls and encryption
   1. All data transferred between Standard Chartered and customers is protected with state-of-the-art 256-bit encryption. Even if the data is intercepted during transmission, advanced encryption technology ensures that outsiders cannot use it.
   2. A strong firewall protects our banking systems from external threats and risks.
2. Advanced certification
   1. You can only try to log in three times. If you fail to log in three times, we will temporarily deactivate your account to prevent fraudsters from cracking your password. To reactivate, call the number on the back of your card or statement.
   2. When you request the following services in Standard Chartered Bank Online Banking, the bank will request you to authenticate via SC Mobile Key or send a 6-digit one-time password (OTP) and some transaction details to your mobile phone via SMS
   3. In some cases, we also require additional passwords for step-up authentication.
   4. Advanced authentication technology ensures that only you, the authorized user, can connect to your account.

1. Protect your bank account
   1. We will never ask for your account information and password over the phone, email or text message.
   2. Please note:
      1. Messages without calling you by your name
      2. An email address that does not match the person or organization it purports to be
      3. Messages with poor spelling and grammar
      4. Messages claiming you have won a prize or instructing you to click on a link
      5. We also will not direct you to a website to enter your username and password. Your password and PIN are private to you – never reveal them to anyone.

• Strengthen login security
  You will be prompted with a notification instantly for any online or mobile banking login.
• Prevent stealing of your account
  When performing high risk transactions such as adding a new payee or updating personal details, you are required to input a 6-digit PIN for authentication. This can prevent your account from being fraudulently used.
• Enable in-app alerts
  You can be assured all messages received via Push Notification are from our secured source.
• Learn more

• Be careful about sharing personal informationlike your full name, date of birth, address, mobile, phone number or ATM card number. These details could be used to steal your identity.
• Never respondto unsolicited emails, phone calls or texts. Scammers are clever at impersonating someone you trust, such as a police officer or a Bank representative.
• Beware of payment or fund transfer requests from people you don’t know. If you are unsure, speak to someone you trust or contact us before making any payment or cash transfer.
• Watch outfor unauthorized cash deposits or withdrawals on your account, they could be fraudulent transactions.
• If you receive a suspicious email, text or phone call allegedly from the Bank, please check the identityof the sender or caller with us immediately.

• Start by regularly updating the apps and anti-virus softwareon your mobile phones, tablets and laptops.
• Only download the SC Mobile App through the 4 authorised channels found here– never from third-party sites.
• When making a transaction, remember to double check the detailsbefore you press the submit button.
• Always log outof the SC Mobile app or Online Banking session after use and never leave it running in the background.

• Why do I need a strong password?
  Cyber criminals comb the internet and social media to find your personal information. So ensure you have a strong password to deter them. Weak passwords are uncomplicated and commonly used, for instance 12345678, or associated with your personal data, such as names or birthdays. As a matter of fact, it only takes a fraction of a millisecond to crack an uncomplicated 7-character password.
• How you can secure your personal information
  • Do not use the same password for multiple sites or accounts. Ensure the password used for your Standard Chartered banking account is unique from your online and social networking accounts.
  • Keep all passwords safe and confidential. Standard Chartered may verify the number of accounts you have, but we will never request your login credentials, whether by phone, email or text.
  • Strengthen your password by using a combination of upper and lower case characters, numbers and special characters. Likewise, a 12-character password is significantly stronger than 7 characters.
  • Memorise your banking password. Never write it down or store it on your devices. Additionally, make it a point to update your password regularly. Change the password immediately if you think it has been compromised.
  • When inputting your PIN/password for the use of Standard Chartered Banking services safeguard them by keeping them away from prying eyes.
  • Never share or allow anyone to use your PIN/password or One-time Passwords (OTPs).

• Never connect to unknown and unsecure Wi-Fi networks when carrying out online banking. If you are using your home network, ensure your router is secured.
• Never use a ‘jailbroken’ (iOS) or ‘rooted’ (Android) device for your banking transactions. They make it easier for hackers to access and manipulate your phone’s operating system.
• Ensure your phone’s operating system is updated regularly to fix any security gaps. Cyber criminals can exploit any software vulnerabilities to access your phone without your knowledge.

• Authenticate the identity of the caller or sender.
• Look carefully at the sender’s address for lookalike domains (e.g. john@standardchartd.com), and never respond to, click on hyperlinks or download attachments in unsolicited emails, messages or phone calls.
• Avoid simply relying on the incoming call display to establish the true identity of the caller or directly calling the bank hotline numbers provided in the messages and following the given instructions.
• We do not provide advice and recommendations on individual stocks through any communication channels, including phone calls and instant messaging apps (e.g. Whatsapp and WeChat). Be aware of possible ramp-and-dump scam.
• Watch out for any message which pleads for assistance, invokes a sense of fear, urgency or curiosity, it might be a SMS phishing attempt to steal your personal information or commit fraud.
• Never download files (including email attachments) without verifying that they are from a legitimate source. To access our banking services or resources, visit our website at https://www.sc.com/hk/.
• Delete junk and chain emails. If you have opened one, do not click on any links or download any attachments. To change your Online Banking password, use our Online Banking login webpage. Never change it via any email links.
• Beware of cyber criminals who use a fake identity to start a relationship with you, this is known as catfishing. Their aim is to scam you of your money once they have earned your trust. Tell-tale signs include a reluctance to meet up in person or a lack of friends on their social networking account.
• Keep potential fraud and spam out of your regular email inbox by creating a separate email account for social networking purposes. Never click on hyperlinks or download attachments in unsolicited emails.
• Keep your social networking accounts private and restrict them to friends and family only. This makes it harder for cyber criminals to monitor your online activities on these platforms.