Secure email communications

At HSBC, security and the protection of customer data is one of our highest priorities. Our aim is to always deliver a safe and secure banking experience at all times, including when we communicate confidential information to customers.

We communicate with our customers in a variety of ways depending on their needs and preferences. A personal banking customer may find that we send letters by post or documents and messages that can be accessed when logged into online banking.

Security tip

Never open or click on any links in an email if you do not recognise the sender or have any doubts that the email is from HSBC. Contact the HSBC representative that sent you the encrypted email for further guidance or support.

However, for our business customers and other clients there may be specific methods that we jointly agree are the best way to communicate securely. It is our policy to secure any emails containing information that could pose a risk to you or HSBC if intercepted inappropriately. This reduces the risk of electronic eavesdropping, tampering and mail forgery.

For help and support, refer to the Further guidance and support section.


Most personal banking customers will receive messages from HSBC by post or via their online banking service. Our online banking facility provides a high level of security whether you log on using a desktop or laptop computer or an HSBC app on your mobile device.

Make sure that the padlock symbol is displayed in the address bar when accessing the online banking website – this indicates that the connection is secure. You should still take all reasonable precautions to keep your login details safe, such as never telling anyone your password.

Personal customers - such as some private banking clients, for example - may receive encrypted emails from us. We currently support the use of two solutions to send these encrypted emails: Voltage SecureMail and Proofpoint Encryption Email. Where possible Voltage SecureMail is being replaced by Proofpoint Encryption Email.

For further information and user guides, refer to the Further guidance and support section, or contact the HSBC representative that sent you the encrypted email.

How to distinguish which solution was used?

When you receive a notification email in your inbox that you have received an encrypted email, examine the footer. It will clearly state which service was used to contact you.

The first time you receive an encrypted email via Proofpoint Encryption or Voltage SecureMail, for either solution you will be prompted to set up an account and register your log-in credentials. Setting up an account is easy. There is no need to provide any bank details or any other financial information.

Registering with Proofpoint Encryption Email:

Proofpoint will ask for your name, password, and to answer a security question. As long as you keep the notification email sent by HSBC, you will be able to sign into Proofpoint and view the encrypted email again at a later date, for up to one month.

Registering with Voltage SecureMail:

You will simply be asked to provide a username and password of your choice and will be assigned a personalised security image. You will see this image every time you receive an email via Voltage SecureMail from your HSBC representative, so you can be confident the encrypted email is from us. Once you have set up your account, you will be able to log in and view your encrypted emails at any time.

Further guidance and support:

For further guidance on how to open the initial Proofpoint Encryption and Voltage SecureMail encrypted email sent by your HSBC representative, please refer to:

For further support, please contact the HSBC representative that sent you the encrypted email.


When sending emails to our business customers or other external organisations, HSBC leverage a Classification to identify the sensitivity of the content of the email. By using this Classification label we will send email via either Voltage or Proofpoint Encrypted mail or by using TLS. Transport Layer Security (TLS), an industry-standard encryption protocol that ensures email is transmitted securely over the internet. TLS must be enabled on the mail servers of both the sender and receiver.

For further information about TLS, download the Transport Layer Security guidance document (PDF 157KB).