Help And Support

Digital Banking - Online Security

Frequently asked questions
  • OCBC Online Banking Security Guarantee

    Our online security commitment to you

    At OCBC Bank, we are committed to protecting the security of your online transactions. We use leading-edge and industry-standard technology and processes to help ensure that your privacy and transactions are not compromised on our servers, and that your interests are safeguarded.


    Our guarantee against fraudulent transfers

    As an assurance of our commitment, we guarantee a full refund of any money that has been transferred out of your account due to fraud via our Internet and Mobile Banking service, subject to our Electronic Banking Terms & Conditions. If you play your part in protecting yourself from fraud, you can bank online with peace of mind that the money in your account is protected against fraud.


    Play your part in protecting yourself from fraud

    Our guarantee protects you if you have played your part in protecting yourself from fraud by adopting the following measures:

    • You have kept your hardware token secure at all times;
    • You have not shared your security details with anyone (these include your Access Code, PIN and security token);
    • You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;
    • You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts;
    • You have updated us immediately when there is a change in your contact details, such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities;
    • You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and
    • You inform us immediately if:
      • you are aware of any suspected fraud, including any compromise or loss of your security device or security details; or
      • you receive SMS or e-mail alerts for transactions which you did not perform; or
      • you are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform,
      and you furnish us with all information requested by us and provide your full co-operation.


    Suspected fraud? Inform us immediately

    In the unlikely event should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us at 1800 363 3333 at any time or by contacting one of our branches during their opening hours.

    Upon receipt of your report, we resolve to get back to you within seven (7) working days. Depending on the complexity of the claims, we will notify you accordingly if we require more time for investigations.

  • Safeguarding your Internet Banking Access

    For more information, click here

  • Unauthorised transactions on account

    Change your PIN and contact us immediately at 1800 363 3333 or (65) 6363 3333 if you are calling from overseas.

    To change your PIN:

    1. Login to Online Banking.
    2. Select “Customer Service” menu, click “Change Pin”
    3. Enter your new PIN, confirm and submit


  • Prevent browser from storing access code/PIN

    Deactivate the function accordingly:

    Internet Explorer

    1. Launch your Internet Explorer browser and click on "Tools" >> "Internet Options" >> "Content".
    2. Under "AutoComplete", click on "Settings".
    3. Uncheck "User names and passwords on forms".
    4. Click "OK" to save your settings.


    Mozilla Firefox

    1. Launch the Firefox browser and click on “Tools” >> “Options” >> “Security”.
    2. Under Passwords, uncheck “Remember passwords for sites”.
    3. Click "OK" to save your settings.


    Google Chrome

    1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
    2. Click “Options” >> “Personal Stuff”.


    Under Passwords, check “Never save passwords”

  • Verify that the website is secure

    Internet Explorer

    1. Right-click your mouse.
    2. Select “Properties”.
    3. Click on “Certificates”.
    4. For secured site, you will see the details of the security certificate information.
    5. For unsecured site, there is no security certificate information.


    Mozilla Firefox

    1. Site Identity Button will display in one of three colors - grey, blue, or green.
    2. Grey indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
    3. Blue indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
    4. Green indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.


    Google Chrome

    1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
    2. Click “Options” >> “Under the Bonnet”.
    3. Under HTTPS/SSL, check the box for “Check for server certificate revocation”.
  • Clear browser cache after online banking session

    Internet Explorer 

    1. Go to “Tools”.
    2. Go to “Internet Options”.
    3. Select “General”.
    4. Under browsing history, click the “Delete” button and select “Temporary Internet files” and “Cookies” for IE8 and above.
    5. Click “OK” to delete all temporary internet files and cookies.


    Mozilla Firefox 

    1. Go to “Tool” >> “Clear recent history”
    2. Check the boxes for “Browsing & Download History” and “Cookies”


    Google Chrome

    1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
    2. Click “Options” >> “Under the Bonnet”.
    3. Under “Privacy”, click “Clear browsing data”.
  • Error message indicating an unsecured connection

    Please check that your browser is able to carry out secured transactions. This is how you can enable your browser to make such connections:

    On 18 January 2018, we have upgraded to Transport Layer Security (TLS 1.2) for necessary improvements to your online security. If your web browser does not support TLS 1.2 by 18 January 2018, you will not be able to view our web pages and online banking services.

    If your web browser appears to be ready for TLS 1.2 but you still cannot access OCBC web pages or online banking services, please ensure your web browser is not running in legacy mode.

    How to enable TLS 1.2 in your Internet Explorer web browser settings
    1. On the Internet Explorer menu bar, click on "Tools" and select "Internet Options"
    2. Under "Internet Options", select "Advanced" tab
    3. Scroll down to the "Security" category, ensure that "Use TLS 1.2" is selected
    4. Click "Ok"
    5. Close and restart Internet Explorer


    For Chrome

    1. Launch your Google Chrome browser
    2. Click on menu icon at top right corner of the browser
    3. Select 'Settings' - > 'Show Advance Setting' hyperlink
    4. Click 'Change proxy settings' -> 'Advanced' tab
    5. Scroll down to 'Security' section  and uncheck the options 'Use SSL 2.0', 'Use SSL 3.0'
    6. Check the options 'Use TLS 1.0', 'Use TLS 1.1' (if available), 'Use TLS 1.2' (if available)
    7. Click 'Apply' then 'OK'
    8. Close all browser tabs and re-open browser to ensure settings are changed
    9. Access again


    For Firefox

    1. Launch your Firefox browser
    2. Type 'about:config' in address bar
    3. You will see a warning message : 'This might void your warranty!'. Click on 'I'll be careful, I promise!'
    4. d) Type 'TLS' in 'Search' bar
    5. Under 'Preference Name', select 'security.tls.version.max'. Place mouse cursor under 'Value', right click to 'Modify' and change value to '3' to enable TLS 1.2. Click 'OK'
    6. Under 'Preference Name', select 'security.tls.version.min'. Place mouse cursor under 'Value', right click to 'Modify' and change value to '1' to make TLS 1.0 the minimum required security protocol. Click 'OK'
    7. Close all browser tabs and re-open browser to ensure settings are changed
    8. Access again

  • Difference between the 'OTP' and 'SIGN' buttons on the OCBC hardware token

    The 'OTP' button allows you to generate a one-time password for you to login to Online and Mobile banking as well as for transactions that require OTP.

    The 'SIGN' button is used to generate a unique code based on a series of numbers that you will enter into the token for important transactions. This code is then required to complete the transaction on online and mobile banking.

    There will be an on-screen step-by-step instruction to guide you on Online and Mobile banking as you perform those transactions that require the use of the 'SIGN' button.

  • Online and Mobile Banking transactions that require use of the 'SIGN' button for OCBC hardware token users

    The following transactions require use of the 'SIGN' button on the new token:

    • Add new payees
    • Funds transfer/MEPS/TT above transaction limit1
    • Pay other banks' credit card above transaction limit1
    • Change transaction limit1
    • Change daily limit2
    • Update mobile number
    • Update mailing address

    1Default limit per transaction is $25,000
    2Default total amount allowed per day for each service is S$3,000

  • New OCBC OneToken activation

    Simply download the latest OCBC Mobile Banking app and follow the step-by-step guide to activate OCBC OneToken.

    IMPORTANT: If you are an existing hardware token user, you will need it to set up and activate your OneToken.

  • Discarding faulty hardware token

    After activating your newly replaced hardware token, you may discard your older token as it will be deactivated automatically. You do not need to return it to the Bank.

  • Security alert on malware