Be vigilant and do not fall victim to financial scams through Phishing, Smishing and Vishing.

Fraud Email (Phishing)

Phishing is an email sent by an irresponsible party to trick us into clicking on a link, opening an attachment, or leaking information we shouldn't have provided

Be wary of unsolicited emails that appear to be from your bank or another trusted organisation (government tax institution) and contain links to websites urging you to provide confidential, personal or financial information. The emails may appear to come from a legitimate source and ttypically, they warn you of an urgent problem with your account and trick you into clicking on a link which takes you to a phony website

If you receive one of these emails, don't reply or click on a link that you're not sure is genuine. Instead, contact the company using a phone number you know is genuine.

Phishing emails typically:

• warn you of some sudden change in an account which means you have to confirm you still use the service
• sometimes have poor spelling and grammar
• ask for confidential or security information such as your online banking details, passwords, account numbers or PINs
• include instructions to reply, complete a form or document attached to the email or click through to a website to verify your account

Fraudulent (phishing) emails may direct you to a bogus or spoof site that's often very convincing. Look closely for these telltale signs:

• The site threatens to shut down your account unless you verify your personal information.
• The site returns an error message and asks you to log in.
• The URL isn't quite right. For example, you see www.hbsc.com or www.hsb.com instead of www.hsbc.co.id.
• The URL may also contain numbers (such as an IP address) or an "@" symbol.
• The padlock icon is out of place. It should be in the browser status bar in the lower right and not within the web page.
• When you double-click on the lock icon, you get a warning that the site address doesn't match the security certificate.
• The logo is distorted or stretched which indicates it's been copied.
• Spelling and grammar mistakes. If there's a phone number on the fake website, it doesn't match the phone number on your account statement.
• You can't link to a home page from the fraudulent site

Other warning signs that an email is fraudulent:

• Generic salutation such as "Dear user" and/or impersonalized information in the text of the email.
• There's an attachment that may launch a virus or spyware on your computer.

Don't open attachments or click on links if you suspect they may not be genuine.

If you're suspicious of an email claiming to be from HSBC, report to us via HSBC Contact Center to delete it and empty your deleted items.

Fraud SMS (Smishing)

Smishing is sending an SMS that looks like it came from a trusted source with the aim of enticing us to provide personal information such as passwords or credit card numbers.

These may be sent by criminals trying to trick you into giving your personal and financial information (by calling a number or clicking a link).

It's important to remember the following:

• Banks and other organisations such as the police or cellular service providers will never ask you for your full PIN, password or banking codes.
• Fraudsters can mimic text headers so that their messages can join a conversation beneath ones you know are genuine.

If you're unsure whether a text claiming to be from HSBC is genuine, report to us via HSBC Contact Center. Never share your security details with anyone else.

Fraud Telephone (Vishing)

Vishing is a form of crime to illegally gain access to our personal and financial data through telephone conversations using fake telephones, pretending to be from an official institution and requesting our personal data.

Criminals call out of the blue and may claim to be your bank, the police or another trusted organisation like your broadband provider. To make the call seem more convincing they may already have some information on you, such as your account number, address and even some account details. They can also make the call seem authentic by making their phone number look like a number you know and trust. This is known as 'number spoofing'.

The caller will then try to persuade you to get OTP code, CVV number, or PIN to gain access to your financial system whose purpose:

• transfer money to another account for 'safekeeping' or 'holding'
• withdraw cash and hand it over 'for investigation'
• Online transaction

Never give any personal information over the phone unless you are making the call. Be careful of the things below:

• If you receive an OTP SMS that is not from your own transaction followed by a phone call asking you to provide the OTP code with the reason offers banking services, investment/product offers or health services. Do not give your OTP code or banking data to any party for any purpose
• Voicemails asking you to call a number with an international code. You'll end up with an expensive phone bill.
• To claim a lottery prize or other winnings, you're asked to dial a two-digit code preceded or followed by the "#" or "*" key (for example, *79 or 72#). This is a call-forwarding scam.
• Don't be fooled by the dialing numbers that appear on your mobile screen using the official HSBC Call Center numbers (1500700 and 1500800). Remember, HSBC Call Center numbers cannot be used for outgoing calls. Remember that HSBC staff will never ask you for your password

To report phishing websites, smishing texts or suspicious emails which have requested personal banking information contact us via HSBC Contact Center.

If you believe you have shared your confidential information either online, by telephone or any other means call us immediately using the telephone number on the back of your card.

You need to know that scammers work by gaining someone's trust and getting them to disclose information that should be kept secure.

Scammers usually contact people by phone (vishing), text (smishing) or email (phishing). They'll claim to be someone in a position of trust, such as bank staff, representatives of telecoms or utility companies, or even the police. Having gained the person's trust, they'll then ask for sensitive information or things which will enable them access to the person's bank accounts.

Please be reminded that the bank would never ask for data, such as:

• Your 6-digit PIN
• online banking codes like your secure key or password
• OTP code

Your bank would also never ask to:

• collect your credit or debit cards, cheque books or cash.
• transfer funds to a different account for 'safekeeping'

Please be careful with scams on behalf of HSBC. All losses arising from your negligence will be your full responsibility.

Be aware that currently there are many cybercrime modus occurring. The target of criminals is to gain access to your personal/banking data. Beware of data theft under the guise of offering banking or investment products.

In practice they use social media communication tools by using a name similar to an Investment Manager company. They spread scams through websites/online accounts and usually offer high-yield investments. If you do not have an adequate understanding of investment offer and are tempted by high yields, you may become a victim of this kind of fraud.

Below are tips to avoid this scam:

• Do not be tempted by the lure of buying high-yield sharing products/investments that are offered by someone claiming to be from a bank or investment manager.
• If you get a product offering/investment message, and are interested in the product being offered, make sure that you recognize the sender of the message (SMS / chat account / social media account), or you need to ensure that the message was sent by a trusted source.
• Do not click/open any links or attachments to e-mail, SMS /WA messages or other applications that you may receive from dubious or unknown sources.
• Currently HSBC DOES NOT have an official Telegram account and does not have a group with any applications to offer investment offers. If you find or are invited to a group like this, you can click report it by clicking Report (fake account) on the application
• Never share your personal/banking data such as: your name, bank, account number, mobile phone number, email address, correspondence and occupation to anyone, even if the person pretend to be an Investment Manager, a representative of a Bank/other institution.
• Immediately report to the Bank if you have experienced with fraud to immediately block the account.
• If you find an investment offer that is not licensed, illogical, and is fraudulent, you can also contact OJK or the OJK Investment Alert Task Force on telephone number 157 or WhatsApp to number 0811 157 157

If currently known the name of PT. Bank HSBC Investasi as one of the investment managers, please be advised that PT. Bank HSBC Investasi is not part of PT. Bank HSBC Indonesia and PT. Bank HSBC Indonesia is not affiliated with PT. Bank HSBC Investasi. Any things and products offered by PT. Bank HSBC Investasi is not the responsibility of PT. Bank HSBC Indonesia.

To get more info about financial products available at PT Bank HSBC Indonesia along with their features, please visit the nearest HSBC branch office, contact our Call Center, or visit our official website www.hsbc.co.id

WhatsApp Account

Never give any personal information and debit/credit card data such as card numbers, CVV, PIN numbers, expiry card information or OTP codes to parties on behalf of PT. Bank HSBC Indonesia, especially using WhatsApp application. Currently, PT. Bank HSBC Indonesia does not yet have an official WhatsApp account.

To prevent this, you can then provide a "report" to WhatsApp on the account by clicking the "Report business" button on the account's profile.

Social Media Account

The official Twitter account of PT. Bank HSBC Indonesia is @HSBC_ID (www.twitter.com/hsbc_id) and the official Facebook account of PT. Bank HSBC Indonesia is Facebook Fan Page HSBC Indonesia (www.facebook.com/HSBCIndonesia).

Never share any personal data and debit/credit card information such as card numbers, CVV, PIN numbers, card expiry date information or OTP code to anyone, including those on behalf of PT. Bank HSBC Indonesia.

HSBC never gives authority to any parties to pick up your Credit/Debit Card and PIN for any reasons. Please be careful of fraud attempts using the name of HSBC. All losses arising as a result of the Credit/Debit Card transfer would be of your full responsibilities.

Protecting your interest

• Do not sign blank form(s). Please ensure you have understood every field to be completed prior to signing any transaction form.
• For investment and insurance transaction, please ensure you have been explained about the product feature (including product risk) of the product offered.
• Please ensure you have acknowledged and understood the terms and conditions applied to any banking product and service offered.

Protect Yourself from Mobile Phone Number Take Over (SIM Swap). SIM Swap is mobile phone SIM card replacement that is done illegally through cellular operator by fraudster, in order to get access to your banking transaction such as receiving OTP (One-Time Password) for online transaction that you have not done.

Below are Tips to Avoid SIM Swap

• Immediately contact your cellular operator when mobile phone is stop functioning, such as unable to make / receive call or SMS.
• Immediately contact HSBC Phone Banking at 1500 700 (Premier), 1500 808 (Signature & Platinum), 64722 from mobile phone (Other HSBC Credit Card) if finding indication / receiving information that you are victim of SIM Swap.
• Not publishing mobile phone number at social media or using different mobile phone number for your banking activity.
• Be cautious when you share personal data (date of birth, mobile phone number) to other party, and when use your credit card information (card number, valid period, CVV/CVC number - 3 digits number at the back of the card).

Ensure your personal information update

Inform the Bank for every changes on your (or your attorney's) personal data together with the relevant supporting document(s). Such data includes but not limited to the following:

Personal CustomerGo to footnote¹

1. Full name
2. Job title or line of business.
3. Residential Address / Office Address.
4. Email address.
5. Home / Office / Mobile Phone Number
6. ID (KTP/passport/staying permit) number and expiry date.
7. NPWP number (mandatory for existing/prospective securities account holder).
8. Type of transaction(s) which will be frequently performed.
9. Purpose of account opening.
10. Nationality.
11. Marital status.
12. Source of fund and income.

Corporate CustomerGo to footnote¹

1. Business License (nature of business activities).
2. Articles of Association (including subsequent amendment if any).
3. Address and contact details.
4. Source of fund and purpose of account opening.
5. Taxpayer Registration Number (NPWP).
6. Composition of Board of Directors and Commissioners (along with their ID Card: KTP/passport/staying permit).
7. Company's shareholding structure up to the ultimate beneficial ownerGo to footnote².

Using an ATM

• Stay vigilant. Don't allow yourself to be distracted.
• Cover the keypad when you enter your PIN. Do not disclose your PIN to anyone including the Bank / Contact Centre.
• Be cautious and report to HSBC if you observe any suspicious devices (e.g. pin hole camera).
• Reject any offers of assistance from strangers when you are performing ATM transactions.
• If you encounter any difficulties when using the ATM, cancel your transaction and inform HSBC.
• Please be alert when you encounter retained card problem in ATM machine, if you suspect fraud and card counterfeit, please report to HSBC 24 hours Phone Banking Services or nearest branch to block & replace the card.
• Do not use the ATM if you spot any sticker on the ATM machine requesting you to contact a phone number other than the HSBC Contact Centre i.e. HSBC 24 hours Phone Banking Services: (021) 5291 4722 / 0804-1-86-4722, and Corporate Contact Centre: (021) 25514777 / 0807-1-86-4722. If you experience any problem when using the ATM machine, please contact the above HSBC Contact Centre.

Tips to keep your Debit Card PIN safe

• Never tell your Debit Card PIN to other people and/or other parties.
• Immediately change your Debit Card PIN after receiving the first PIN from HSBC.
• Memorize your PIN and do not write it down.
• Change your Debit Card PIN regularly.
• When doing Debit Card transactions in ATM, please ensure that nobody could see you typing your PIN.
• Select PINs that cannot easily be guessed by anyone, don't use ones that can be easily guessed such as date of birth, phone number, etc.

Tips to safeguard your Debit Card

• Immediately sign in the space provided at the back of your Debit Card as soon as you receive it.
• Keep your Debit Card in the safe place.
• To avoid the misuse of card, please ensure that all transactions using your debit card are conducted in front of you.
• Always put your Debit Card away from magnetic items like hand phone and other electronic devices.
• Take care of your Debit Card like any of your personal belongings and ensure that your Debit Card is not handled, controlled and used by others. All financial losses arising from your negligence in using the Debit Card would be of your full responsibilities.
• Observe your surroundings before, during and after doing the Debit Card transactions. If there are any suspicious or unusual behaviors, we suggest that you should beware in doing the transactions in such surroundings and if needed contact the authorized police officer.
• In case you lose your Debit Card, please contact HSBC phone banking service at 1500 700 (accessible from all cities within Indonesia) and (6221) 2551 4722 (accessible from overseas) for HSBC Premier customers or 1500 808 (accessible from all cities within Indonesia) and (6221) 2552 6603 (accessible from overseas) for HSBC Advance customers.

Tips to safeguard your PIN

• Memorize your PIN and do not write it down
• Select PINs that cannot easily be guessed by anyone, don't use ones that can be easily guessed such as date of birth, phone number, etc.
• Use different PINs for different channels (e.g. Internet Banking, ATM and Phone Banking).
• Never disclose your PIN to anyone, not even someone claiming to be from the bank or the police.
• Immediately change your PIN after you receive it from HSBC.
• Change your PIN regularly.
• Ensure that no one is looking whenever you are keying-in your PIN.

1. Keep your computer secure.
   1. Make sure you have the latest security updates and patches.
      To check for patches and updates you should visit the publisher's website, typically in their Download section.
      Microsoft users can visit: http://windowsupdate.microsoft.com which can automatically check what is required, and then suggest that you download it.
   2. Use and regularly update anti-virus software.
      There are many effective programs to choose from, but the most common commercial products are from McAfee, Symantec (Norton) and Sophos.
      It is also possible to obtain free anti-virus protection. A search for "free anti-virus" on Google will provide a list of the most popular.
      Always update your anti-virus software with the latest "virus definition" files. If you are unsure how to do this, you should refer to the program's own Help function.
   3. Use personal firewalls.
      Firewall is another small program that helps protect your computer and its contents from outsiders on the Internet. When properly installed, it stops unauthorized traffic to and from your PC.
      There are many effective programs to choose from. Common commercial examples are from Zone Alarm, Symantec (Norton), McAfee and Computer Associates.
   4. Read our password advice.
      Memorize your password and do not write it down.
      Select password that cannot easily be guessed by anyone, don't use ones that can be easily guessed such as date of birth, phone number, etc.
      Never disclose your password to anyone, not even someone claiming to be from the bank or the police.
      Change your password regularly.
      Ensure that no one is looking whenever you are keying-in your password.
   5. Use an anti-spyware program.
      Spyware is often loaded onto a PC as part of a free download of another service.
      Spyware is not the same as a virus in that it only records what you do rather than altering how your machine works. Because of this, anti-virus software is not effective in identifying and removing spyware, you will need to download and run a specialized anti-spyware program.
      Anti-spyware security software currently available include McAfee, Spybot Search and Destroy, AdAware, Spyware Eliminator, Spyware Doctor and Microsoft anti-spyware. We strongly recommend that you install and use a reputable anti-spyware product to protect yourself against spyware on your PC.

   Top Tips

   1. Don't share computers
      Disable your computer's "File and Printer Sharing" capabilities to help prevent unauthorized access. Use your computer's Help function for instructions.
   2. Filename extensions
      Most operating systems use filename extensions. For example, a word document ends with .doc and a photo image may end with .jpg
      By default some operating systems do not show these extensions. Whilst this presents cleaner looking file names, it also provides viruses with a means to hide. Use your computer's Help function (Index and then "display") for steps needed to display file extensions. Any file with what appears to be a double extension - e.g. wow.jpg.pif is almost certainly a virus and should never be opened.
   3. Be wary of opening any unexpected email messages with attachments
      A common way for a virus to spread is via email. Some viruses send copies of themselves to everyone in the infected PC's address book. This means it could appear to come from someone you know. Never open an email attachment that contains a file ending with .exe, .pif, .vbs as these are commonly used with viruses.


2. Keep your Internet Banking session secure
   1. Logging in
      Ensure you enter your correct password(s) without the details being inadvertently disclosed to someone who may be looking over your shoulder
   2. Logging off
      Always remember to log off from the Internet Banking session and close your browser when you have finished your online banking. This will clear all traces of your visit from the PC's memory.

   Tips

   1. Memorize the keys to your access.
      Your Internet Banking ID and password are your keys to accessing our online services. Only the right combination of these allows you access.
   2. Don't use links to access our site.
      Always enter the web address or use a Favorite. Do not use a link as this may take you to a phony web site that may look exactly like ours.
   3. Avoid using shared computers for Internet Banking.
      Try to avoid using shared public PCs, such as those in Internet cafes, to access Internet Banking.


3. Keep your email secure.
   Generally, email that is sent or received through a regular email address (e.g., yourname@hotmail.com) is not secure or encrypted to protect the content. Therefore, any personal information you include in an email is at risk of being intercepted by unauthorized individuals. Do not send your Internet Banking ID and/or passwords by email to anyone ever.

   Top Tips

   1. Never send sensitive information by email. Don't answer any unexpected email messages requesting personal information.
   2. Be wary of opening any unexpected email messages with attachments. A common way for a virus to spread is via email. Some viruses send copies of themselves to everyone in the infected PC's address book. This means it could appear to come from someone you know.
   3. Never open an email attachment that contains a file ending with .exe, .pif, .vbs as these are commonly used with viruses.
   4. Any file that appears to have a double extension is almost certainly a virus and should be deleted. Use your computer's Help function for further instructions.

During telephone conversation:

1. If you receive phone calls claiming to be from HSBC, identify the caller and ensure that he/she is a genuine Bank staff. Our Bank staff will clearly express their name, job title, branch/department, and contact telephone number.
2. Bank staff will clearly express their name, job title, branch/department, and contact telephone number.
3. Phone PIN verification is not required for general enquiry.
4. Phone PIN verification is only required for transactions or other requests and/ or maintenance. Phone PIN must be input directly to the voice response system by customer.
5. Never read out your password or PIN to our Bank staff over the phone - HSBC would never ask customer to read out the PIN to anyone, not even someone claiming to be from the Bank.
6. Do not proceed to input PIN if you have doubt about the call.

How to Read Your Banking Statement

General points to remember

1. Check your statements immediately upon receipt.
2. If you spot any unusual transactions, report them to the Bank immediately .
3. Consider using Internet Banking to check the transactions on your account more frequently.

We recommend frequently reviewing your account activity online:

1. Over 50 percent of all identity fraud is first discovered by the victim.
2. The sooner fraud is detected, the lower the financial impact.
3. Customers who access their accounts online detect identity crime earlier than those who rely on mailed statements.
4. Customers who choose to receive electronic statements instead of mailed statements reduce their risk of mail fraud

When using Credit Card

• Try to keep your Credit Card in sight when using it for a transaction.
• Ensure that your card is returned after each transaction.
• Do not sign Credit Card slips without an amount.
• Keep all Credit Card receipts / statements in a safe place, or destroy them.
• Do not disclose your Credit Card number over the phone, unless you are dealing with a reputable company.
• Avoid entering Credit Card information when using public computers, such as those in internet cafes, or when using websites that are not secure.
• Do not respond to emails that ask you to provide Credit Card information.
• Shut off paper statement, opt to use online statement instead.
• Check receipts against your online monthly billing or account statements to verify all of your transactions. Report any unauthorized transactions immediately. Once you have reconciled your billing statements, shred up all receipts and discard them at home.
• Check your statements and watch your charges. View your statements to verify that they properly reflect the amounts you have authorized. Also, watch for multiple charges.

Protecting your cards

• Sign your cards as soon as you receive them.
• Treat cards like cash. Never leave them unattended or lend them to anyone.
• Carry only the cards that you need.
• Make a list of your Credit Card numbers and the telephone numbers that you should use to report lost or stolen cards. Keep the list in a safe place, away from the cards.
• Check your card expiry date. If a replacement card has not arrived at least one week before your current card expires, contact the Bank to find out why.

To raise a complaint

• HSBC Credit Card customers can use the following channels: Contact Centre (021 - 5291 4722) Contact Centre (021 - 5291 4722)
• HSBC Advance customers can use the following channels: Contact Centre (021 - 5291 4722)
  Contact Centre (021 - 5291 4722)
  Branches
• HSBC Premier customers can use the following channels: Premier Contact Centre (021 - 500 700)
  Premier call center (021 - 500 700)
  Branches

Spotting Mail Fraud, if it sounds too good to be true, it's probably a scam. Be suspicious of the following:

• Pre-approved credit offers that charge a fee to get your card.
• Job scams asking you to pay for more information
• Work-at-home schemes that require you to buy something before you can start work.
• Donation requests to unregistered charities.
• Sweepstakes and lotteries where you have to pay to receive your prize or those involving a foreign country.

Beware of Credit Card Skimming

Credit card skimming is illegal act to replicate data from credit card magnetic stripe. Skimming could occur anywhere you do transaction including restaurants, gas stations and other retail locations. Please be aware and avoid these:

• Merchant process your credit card twice, once dipping your credit card into EDC machine for your purchase and a second time through a skimming device (as general rule, don't let your card out of your sight). If you spot your credit card is processed inappropriately, please call HSBC Phone Banking Services immediately.
• Someone looking over your shoulder at the register to spot your credit card PIN. Please protect your PIN.
• If receipts and carbon copies are not immediately given to you, ask for them and file them in a safe place or destroy them before you put in a bin.

Your HSBC Credit Card has already embedded with Chip to make your personal data safer and very hard to replicate. Please ensure that your card is dipped into EDC machine and not swiped. For your overseas transaction, not every EDC machine equipped with Chip Reader, please ensure your credit card only swiped for your purchase.

Keep the Confidentiality of your Credit Card, Debit Card, and PIN / OTP data

PT Bank HSBC Indonesia ("HSBC") never request and / or authorize any party to request Credit Card and Debit Card data in the form of a credit / debit card number, 3 last digit behind the card, expiry date, PIN or your OTP (One Time Password) code with any reason by telephone (including as if using an official HSBC phone number), sending letter / e-mail, or even visit you directly. Please be careful with various fraud attempt on behalf of HSBC.

How to Protect Your Credit Card/Debit Card

BEWARE

Fraud attempt on behalf of HSBC can be done in various ways, including by pretending to be a staff member of HSBC. Fraudster will try to ask for personal data, physical credit/debit cards, information about credit/debit cards (name on card, credit/debit card number, 3 last digit behind the card and expiry date), PIN, OTP (One Time Password) code, username and password of your internet banking account.

Fraud attempt can be done by telephone (including as if using an official HSBC phone number), sending letter / e-mail, or even visit you directly.

PROTECT YOURSELF

Do not give any information of personal data, credit/debit card data, and other important information to any party. Keep your personal and banking data in a safe place and known by you only.

Your address (home, office and email) and telephone number (home, office, cellular) are used by HSBC as a means of communication and correspondence. Make sure you always update these data to avoid sending information of your banking account and credit/debit card transactions to unauthorized parties.

If you are in doubt of a request from any party, do not give further response. Please contact HSBC Contact Center for further information and assistance.

Any losses incurred as a result of giving your personal data, your banking data, PIN or OTP code to any party will become cardholder responsibility.

Protect Your Personal and Account Data from Mobile Malware

Mobile Malware or Mobile Malicious Software is a software designed to bring harm to your mobile devices such as smartphone or tablet to damage its operating system or application and or stealing your personal and banking data. For a safe banking transaction with your mobile device, please ensure:

• Install reliable anti-virus/anti-malware to your mobile device (if you do not have it installed yet) and update your anti-virus/anti-malware or other mobile endpoint protection software regularly;
• Install mobile application only from legitimate apps store;
• Do not install suspicious mobile application that asks for excessive permission;
• Do not jailbreaking* or rooting* your mobile device;

HSBC Credit Card offers you even more protection when shopping online. With 3D Secure Authentication, which provides additional authentication through One-Time Password (OTP). The OTP will be sent to your mobile phone each time you do an online transaction at secure merchant (participating merchant in 3 Domain Secure / 3D Secure).

One-Time Password (OTP) for your online purchases

You are required to key in an One-Time Password (OTP) whenever you make an online purchase at participating 3 Domain Secure (3D Secure) merchants using your HSBC Credit Card. A pop-up screen will appear, prompting you to key in the One-Time Password (OTP) which will be sent to your mobile phone number registered in our system.

What is One Time Password (OTP)?

One Time Password (OTP) is a randomly generated six digit password sent via SMS to your mobile device, which provides a stronger method for authenticating your online transactions you feel comfortable when shoping onlineAction here to go to footnote¹.

What is 3D Secure?

3D Secure is a security protocol used by banks worldwide to authenticate online credit card transactions. You can recognize 3D Secure merchants by the "Verified by Visa" or "MasterCard SecureCode" logos on the online merchant's website.

For more info click here.