OCBC Banking Security

We take your security seriously.

Safeguarding your interests and money is a priority for us. We have security measures to keep your privacy and investments as secure as possible. We also strive to update you on ways you can protect yourself.

Ways we protect you

Two-factor authentication

On top of your log-in credentials, a security token will also be provided which allows you to authorise transactions.

Secure, encrypted pages

The "closed lock" icon on our online banking site means that information transmitted from your computer to our systems are encrypted.

Every transaction is secure

Transactions that you perform through OCBC online banking is secured with a one-time password generated from your security token or an SMS sent to your mobile phone.

Network Security

All of our banking systems sit behind firewalls that prevent intruders from getting unauthorised access.

General security tips

Steps to protect yourself from unwanted scammers

  • Do not allow others to keep, use or tamper with your 2nd factor authentication (2FA) security token. Please keep your token secure at all times.

  • Check your bank account information, balance and transactions frequently and report any discrepancies

  • Be on the alert for suspicious emails and websites (which may contain malicious software) or mobile messages, purporting to be from the Bank. You should report these immediately by contacting us

  • Not make unsolicited requests for your personal, financial, bank account or credit/debit card information, or unsolicited requests that you log in and verify account validity, through e-mail, mobile messages or on phone unless you have initiated the contact. Under no circumstances will the Bank ask you to reveal your PIN/Password

  • Update us immediately when there is a change in your contact details such as mobile phone number and e-mail address so that you continue to receive SMS alerts or e-mail notifications for online banking transactions and activities

  • Please inform us immediately if:

    • Any compromise or loss of your security device or security details; or

    • You receive SMS or e-mail alerts for transactions which you did not perform; or

    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform

    • You notice any unusual/unauthorised transactions. You also have the right to do the following under such circumstances:

      • Suspend your access to OCBC online banking services

      • Cancel the relevant services

      • Request for a new set of OCBC online banking log-in credentials

      • Obtain information from the Bank regarding your online transactions.

Online Banking

Personal Banking

  • Your PIN should be:

    • Kept confidential

Business Banking

  • Password should be 8 to 12 characters.

    • It must contain at least 2 letters and 2 numerals

    • Characters cannot be repeated more than twice

    • First two characters must be different from your User ID

    • Password and Organisation ID cannot be identical

    • Password cannot be identical to the previous 10 passwords that you have used

    • Example of a password: velocity01#

    Password is case sensitive, for example Velocity01# is a different password from velocity01#

How can we help you with disputes?

Should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us by contacting one of our branches during their opening hours or call us at:

Personal Banking

Local: 1800 363 3333

Overseas: +65 6363 3333

Premier Banking

Local: 1800 773 6437

Overseas: +65 6530 5930

Business Banking

+65 6538 1111

Upon receiving your report, we will get back to you within 7 working days.
Depending on the complexity of the claims, we will inform you if we require more time for investigations.

Malware

What is Malware?

Malware are malicious programs that targets customers' computers/mobile devices in order to steal their login credentials, for example your online banking access code, PIN and One-Time Password (OTP) or Organisation ID, User ID and Password. Once your computer is infected, a cybercriminal will be able to conduct fraudulent money transfers from your account.

How Malware is spread

Cybercriminals send emails with attachments that may appear to originate from trusted companies. Malware could be hidden in the attachments in emails and in the disguise of invoices or accounting documents.

A malware may also direct you to a fake webpage that looks like OCBC Bank's login page. It may prompt you to enter any of your log-in credentials or OTP from your security token.

How to avoid getting infected

By having an up-to-date anti-virus software on your computer or mobile device, you could greatly reduce your risk of getting infected. For more information on safeguarding measures, refer to Security for PC/Mac and Security for Mobile.

Phishing scams

What is a phishing scam?

Phishing is a form of social engineering used by cybercriminals to convince you to install malicious software that leads to stealing your personal information.

How phishing works

Phishing attacks typically use emails or malicious websites to solicit personal information by posing as legitimate companies or trustworthy organisations.


For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers use it to gain access to the accounts.


Phishing attacks tend to intensify on significant current and seasonal events such as:

  • Natural disasters

  • Epidemics and health scares

  • Economic concerns

  • Major political elections

  • Holidays

How to avoid such scams

  • Ensure that emails are authentic before acting on them:

    • Do not download or open any attachments from emails you find suspicious, even if they came from someone you know

    • Delete emails that come from unknown sources

    • Do not respond to emails asking for confidential information, e.g. your financial or personal information. Phishers like to use scare tactics and may threaten to disable an account or delay services until you update certain information

    • Do not use links in an email or instant message to connect to the Bank's website unless you are certain they are authentic. Instead, open your browser and type the URL directly into the address bar

  • Protect your computer with firewall, spam filters, anti-virus and anti-spyware software. Ensure you are getting the most up-to-date software and update them regularly to ensure that you are protected against new viruses and spyware

  • For specific safeguarding measures on phishing scams, refer to Security for PC/Mac and Security for Mobile

Safeguarding your online banking experience on a PC/Mac

To ensure that your online security and account information are not compromised via your computer, please adopt the following OCBC Online Banking security measures:

  • Personally enter the domain name of the bank in your browser to log onto OCBC Online Banking service.

  • Do not display your account information in a manner that is visible to others.

  • Log off the online session when the session is no longer required. Enable your computer's screen saver with password protection or lock your computer screen when it is not in use. Do not leave your computer unattended.

  • Do not install software or run programs of unknown origin.

  • Do not open, run or install any attachments or click on any links in suspicious or unsolicited emails.

  • Do not use public computers or any devices which cannot be trusted or which you are unsure if safe to use.

  • Do not use connect to unsecured or publicly available Wifi, to access online banking or perform financial transactions.

  • Do not allow your web browser to store or retain your log-in credentials.

  • Remove file and printer sharing in computers, especially when connected to the internet.

Your usage of OCBC Internet Banking Service is subject at all times to:

Personal Banking: Terms and Conditions Governing Electronic Banking Services and Terms and Conditions Governing Deposit Accounts

Business Banking: Business Account Terms and Conditions

Things to look out for

Malware presence on a PC/Mac

Watch out for these warning signs:

  • The URL showing on the login page is different from the official page:


    Personal Banking https: https://internet.ocbc.com/internet-banking/ or


    Business Banking: https://velocity.ocbc.com/login.html

  • The login screen looks different. The legit imateOCBC login process consists of two steps:

    Personal Banking
    First step: Access code and PIN.
    Second step: Enter one-time password (OTP).


    Business Banking
    First step: Organisation ID, User ID and password.
    Second step: Enter one-time password (OTP).

  • You are prompted repeatedly for your login credentials even though you have entered the login credentials correctly.

  • A delayed pop-up screen that says the system is not available and repeatedly asks you to enter OTP or use your security token to generate an OTP.

  • You are prompted to authorize transactions which you have not initiated using OTP generated through your security token. For example: While trying to login, you are prompted to enter a 6-digit number shown on your computer screen into your security token. Then you are asked to press the 'Sign' button on the token and key in the OTP generated from the security token into the computer screen.

  • Your PIN/Password should not be masked when you type it in.

  • You receive SMS messages on OTP or transactions which you did not initiate.

  • A redirection to a third-party website, which may feature a hotline number or an unsolicited request.

  • You receive a call purportedly from a staff in OCBC asking you to verbally reveal your Access Code, PIN, OTP or security token details.

Symptoms of phishing scams on a PC/Mac

  • When you mouse over the embedded URLs in an email message, the hyperlinked address is different from the Bank's official URL.

  • An email message that contains poor spelling and grammar.

  • The message is making big promises and the offer seems too good to be true.

  • The message is making unrealistic threats, e.g. the phisher use intimidation to scare victims into giving up confidential or personal information.

  • You receive a message notifiying you of transactions that you did not perform.

  • When a message asks for confidential or personal information. The Bank does not make unsolicited request for your information via email or phones.

What to do if your PC/Mac has been compromised?

Take a screenshot or picture of the suspicious content and give us a call at:

Personal Banking

Local: 1800 363 3333

Overseas: +65 6363 3333

Premier Banking

Local: 1800 773 6437

Overseas: +65 6530 5930

Business Banking

+65 6538 1111

Safeguarding your mobile banking experience

To ensure that your online security and account information are not compromised via your mobile device, please adopt the following safeguarding measures:

  • Only access and use our Mobile Banking Services on mobile phones/devices installed with the latest operating system and anti-virus software.

  • Do not access OCBC Mobile Banking using 'jail-broken' or 'rooted' mobile phones (e.g. where the operating system has been tampered with) as it increases the risk of malicious software infection.

  • Secure your mobile device with a password, pin or relevant mechanism to prevent unauthorised use.

  • Take extra caution in safeguarding your mobile device, which may be more prone to being misplaced/lost/stolen than your computer.

  • Only click on hyperlinks from messages and emails if they are from a trusted source.

  • Only download mobile apps (including OCBC Mobile Banking app) from official sources such as the Apple App Store or Google Play Store.

  • Always install the latest updates for your device from legitimate sources (Play Store or App Store). New updates are sometimes used to fix bugs and address security vulnerabilities.

  • Be aware of what the mobile app does and what information it may access on your mobile phone/device.

  • If you are using your mobile phone to access OCBC Mobile Banking OneTouch™ service or receive SMS One-Time Password as your 2FA to access online banking, please notify us immediately in the event of loss/theft of your mobile device, and/or if you suspect there is unauthorised access to your account.

  • Do not allow your mobile device to store or retain your log-in credentials.

Things to look out for

Signs of malware presence on mobile devices

  • Unfamiliar screen pop-ups. These may ask you to install unknown apps or to grant special permission to specific apps.

  • Shown a fake overlay login page which asks for your banking login credentials or credit card information.

  • Abnormal battery drainage due to malware uitilising the system resources.

  • Experience serious performance problems as the malware is actively running in the background.

  • Experience dropped calls or strange disruptions during a conversation due to interference of mobile malware.

  • Unusual phone/data bills as a result of malware sending SMS text messages to premium-rated number.

  • Unusual change in the look-and-feel of your smartphone (such as new icons or applications).

  • Your smartphone shuts down abruptly or gets locked up with the screen displaying the message 'System update in progress' even after it has force-restarted.

Signs of phishing scams on mobile device

  • When any hyperlinks provided in the message do not match our official pages:


    Personal Banking: https://internet.ocbc.com/internet-banking/


    Business Banking: https://velocity.ocbc.com/login.html

  • The message in an email contains poor spelling and grammar.

  • The message is making big promises and the offer seems too good to be true.

  • The message is making unrealistic threats, e.g. the phisher use intimidation to scare victims into giving up confidential or personal information.

  • You receive notifications of transactions that you did not perform.

  • When a message asks for confidential or personal information. The Bank does not make unsolicited request for your information via email or phones.

What to do if your mobile device has been compromised?

  • Take a screenshot or picture of the suspicious screen.

  • Remove the battery (where possible) or disable all data connectivity.

  • Give us a call at:

Personal Banking

Local: 1800 363 3333

Overseas: +65 6363 3333

Premier Banking

Local: 1800 773 6437

Overseas: +65 6530 5930

Business Banking

+65 6538 1111

You may remove the SIM card from the mobile device and use it on another if you wish.

Our guarantee

In the unlikely event that you do online fraud, we guarantee a full refund of any money that has been fraudulently transferred out of your account via our Internet and Mobile Banking service, subject to our Terms and Conditions Governing Electronic Banking Services.


Our guarantee protects you if you have played your part in protecting yourself from fraud by adopting the following measures:

  • You have kept your hardware token secure at all times;

  • You have not shared your security details with anyone (these include your Access Code, PIN and security token);

  • You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;

  • You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Terms and Conditions Governing Electronic Banking Services and the Terms & Conditions Governing Deposit Accounts;

  • You have updated us immediately when there is a change in your contact details, such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities;

  • You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and

  • You inform us immediately if:

    • You are aware of any suspected fraud, including any compromise or loss of your security device or security details; or

    • You receive SMS or e-mail alerts for transactions which you did not perform; or

    • You are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform,

and you furnish us with all information requested by us and provide your full co-operation.


Should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us at 1800 363 3333 at any time or by contacting one of our branches during their opening hours.


Upon receipt of your report, we resolve to get back to you within 7 working days. Depending on the complexity of the claims, we will notify you accordingly if we require more time for investigations.

Terms and Conditions

We hope that the information we provide will be useful to you. However, you are expected to be responsible for the security of your devices. We regret that we will not be able to bear any financial losses resulting from unauthorised use of your account.
Personal and Premier Banking customers
Your usage of our OCBC Online Banking Service is subject at all times to our Terms & Conditions Governing Electronic Banking Services and the Terms & Conditions Governing Deposits Accounts.
Business Banking customers
Your usage of our OCBC Internet Banking Service known as Velocity@ocbc is subject at all times to the Business Account Terms & Conditions

General Disclaimer

  1. The opinions or views expressed in this document are expressed by the third parties identified, and do not represent our view.
  2. This information is intended for general circulation only. It does not consider the specific investment objectives, financial situation or needs of anyone.
  3. Before you make an investment, you should speak to your OCBC Relationship Manager who will assess whether the products are suitable to you based on your investment objectives, financial situation or needs.
  4. If you choose not to do so, you should consider if the investment product is suitable for you.
  5. We are not making an offer, solicit to buy or sell or subscribe for any security or financial instrument, enter into any transaction or participate in any trading or investment strategy with you through this document.
  6. We do not guarantee the accuracy of this information at any time. All of the information here may change any time without notice.
  7. We are not responsible for any loss or damage arising from this information.
  8. Investment involves risks. Past performance figures, predictions or projections are not necessarily indicative of future or likely performance. Actual performance may differ from the projections in this document.
  9. Any reference to a company, financial product or asset class is used for illustrative purposes and does not represent our recommendation in any way.
  10. The information in this document must not be reproduced or shared without our written agreement.
  11. We may have alliances with product providers, for which we may receive a fee. Product providers may also receive fees from investors.
  12. We may have performed or will perform broking and other financial services for the product providers.
  13. We and our related corporations and their directors and officers may have or take positions in securities mentioned in this document.

IMPORTANT INFORMATION

Any opinions or views of third parties expressed in this material are those of the third parties identified, and not those of OCBC Bank. The information provided herein is intended for general circulation and/or discussion purposes only. It does not take into account the specific investment objectives, financial situation or particular needs of any particular person. Before you make any investment decision, please seek advice from your OCBC Relationship Manager regarding the suitability of any investment product taking into account your specific investment objectives, financial situation or particular needs. In the event that you choose not to seek advice from your OCBC Relationship Manager, you should carefully consider whether the product is suitable for you. This does not constitute an offer or solicitation to buy or sell or subscribe for any security or financial instrument or to enter into any transaction or to participate in any particular trading or investment strategy.

A copy of the prospectus of each fund is available and may be obtained from the relevant fund manager or any of its approved distributors. Potential investors should read the prospectus for details on the relevant fund before deciding whether to subscribe for, or purchase units in the fund. The value of the units in the funds and the income accruing to the units, if any, may fall or rise. Please refer to the prospectus of the relevant fund for the name of the fund manager and the investment objectives of the fund.

OCBC Bank, its related companies, their respective directors and/or employees (collectively "Related Persons") may have positions in, and may effect transaction in the products mentioned herein. OCBC Bank may have alliances with the product providers, for which OCBC Bank may receive a fee. Product providers may also be Related Persons, who may be receiving fees from investors. OCBC Bank and the Related Person may also perform or seek to perform broking and other financial services for the product providers.

No representation or warranty whatsoever (including without limitation any representation or warranty as to accuracy, usefulness, adequacy, timeliness or completeness) in respect of any information (including without limitation any statement, figures, opinion, view or estimate) provided herein is given by OCBC Bank and it should not be relied upon as such. OCBC Bank does not undertake an obligation to update the information or to correct any inaccuracy that may become apparent at a later time. All information presented is subject to change without notice. OCBC Bank shall not be responsible or liable for any loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person acting on any information provided herein. The information provided herein may contain projections or other forward-looking statements regarding future events or future performance of countries, assets, markets or companies. Actual events or results may differ materially. Past performance figures are not necessarily indicative of future or likely performance. Any reference to any specific company, financial product or asset class in whatever way is used for illustrative purposes only and does not constitute a recommendation on the same.

The contents hereof may not be reproduced or disseminated in whole or in part without OCBC Bank's written consent.