We communicate with our customers in a variety of ways depending on their needs and preferences. As a personal banking customer, you may find that we send you letters by post or documents and messages that you can access when logged into online banking.
However, for our business customers and other clients there may be specific methods that we jointly agree are the best way to communicate with you securely. It is our policy to secure any emails containing information that could pose a risk to you or HSBC if intercepted inappropriately. This reduces the risk of electronic eavesdropping, tampering and mail forgery.
Find out more below or contact your bank or relationship manager for further details.
Most personal banking customers will receive messages from HSBC by post or via their online banking service. Our online banking facility provides a high level of security whether you log on using a desktop or laptop computer or an HSBC app on your mobile device.
Make sure that the padlock symbol is displayed in the address bar when accessing the online banking website – this indicates that the connection is secure. You should still take all reasonable precautions to keep your login details safe, such as never telling anyone your password.
Some personal customers – such as some private banking clients, for example – may receive messages from us by email. We use SecureMail, an encrypted email service, to send these messages.
Never open or click on any links in an email if you do not recognise the sender or have any doubts that the email is from HSBC.
The first time you receive a secure message via SecureMail, you will need to set up an account and register your login credentials. You will not have to download any software or provide any personal information, your bank details or any other financial information. You will simply be asked to provide a user name and password of your choice and will be assigned a personalised security image. You will see this image every time you receive an email via SecureMail from your HSBC relationship manager or representative, so you can be confident the message is from us. Once you have set up your account, you will be able to log in and view your messages at any time.
For guidance on how to open the initial SecureMail message sent by your HSBC relationship manager or HSBC representative, please refer to the step-by-step user guide or quick reference guide.
When sending emails to our business customers or other external organisations, our preferred method of encryption is Transport Layer Security (TLS), an industry-standard encryption protocol that ensures email is transmitted securely over the internet. However, for the email to be encrypted, TLS must be enabled on the mail servers of both the sender and receiver. To find out whether it is enabled on your organisation’s email accounts, you will need to speak to your email server administrator.
Furthermore, our policy is to use forced TLS wherever possible. Forced TLS guarantees that emails from HSBC are only sent over a secure connection; if such a connection cannot be established, the message will not be sent and the sender will be notified. In these circumstances, messages that have been classified as highly confidential will then be sent via SecureMail. For more information on this, refer to the Individuals section above.
We actively work with our customers, clients and other third parties to ensure that their email gateways are configured to accept emails we send via forced TLS.
For further information about TLS, download the Transport Layer Security guidance document.