Help And Support
OCBC Digital Banking - Online Security
-
OCBC kill switch
What is the OCBC kill switch?The kill switch enables OCBC customers to immediately freeze all their current and savings accounts (including joint accounts), ATM access, debit and credit cards and digital banking, as well as OCBC Pay Anyone™ app access, if they suspect they are a victim of a scam or if they believe key account-related details have been otherwise compromised.
Once the kill switch is activated, no transactions – whether done digitally, via an ATM or at branches – can be made. Even recurring or pre-arranged fund transfers will be disabled.
How it worksCustomers can activate the kill switch by calling OCBC’s official contact number – 1800 363 3333 (+65 6363 3333 if calling from overseas) – and selecting option ‘8’. It can also be activated at selected OCBC Bank ATMs and via the OCBC Digital app.
The kill switch disables all of the following:
- Cash withdrawals and deposits (including salary credit)
- Local and overseas funds transfers (incoming and outgoing)
- Bill payments
- GIRO transactions (incoming and outgoing)
- NETS transactions
- Visa & MasterCard transactions using ATM/ credit/ debit cards physically and digitally
- Digital banking transactions, including on the OCBC Pay Anyone app
An OCBC Bank customer service executive will contact the customer after the kill switch is activated to remove compromised bank account access or cards, and issue new ones. Only a bank branch employee or customer service executive can deactivate the switch – and would only do so after receiving duly verified instructions from the customer. Once the kill switch is deactivated, the customer’s account will return to ‘normal’ and all settings prior to the account suspension – including GIRO arrangements and future-dated funds transfers – will be reinstated.
Step-by-step guide to activating the kill switch
There are three ways for customers to activate the kill switch without human intervention: Calling the bank’s official contact number, at OCBC Bank ATMs, or via the OCBC Digital app.
1. Call OCBC Bank’s official contact number (1800 363 3333 or +65 6363 3333 if calling from overseas):
- Press 8 to temporarily suspend your accounts
- Enter 7-digit NRIC number followed by the hash key
- Press 1 to confirm NRIC number
- Enter 16-digit credit or debit card number, or 10-digit ATM card number
- Press 1 to confirm card number
- Press 1 to confirm account and cards suspension
- Press 0 at any time to speak with a customer service executive
2. Go to an OCBC Bank ATM:
- Login with an ATM / debit / credit card and PIN
- Select ‘More Services’
- Select ‘Suspend your accounts and cards’
- Select ‘Confirm’
- Launch the OCBC Digital app and navigate to 'More Services' > 'Kill Switch'
- Select your identification type (NRIC/passport) and provide details
- Key in an SMS OTP to authenticate the request
- Your accounts and cards will be suspended immediately
- A Customer Service Executive will contact you and remove access to bank accounts and cards you believe to be compromised. New cards will be issued if needed.
3. Go to the OCBC Digital app:
-
OCBC Online Banking Security Guarantee
Our online security commitment to you
At OCBC Bank, we are committed to protecting the security of your online transactions. We use leading-edge and industry-standard technology and processes to help ensure that your privacy and transactions are not compromised on our servers, and that your interests are safeguarded.
Our guarantee against fraudulent transfers
As an assurance of our commitment, we guarantee a full refund of any money that has been transferred out of your account due to fraud via our Internet and Mobile Banking service, subject to our Electronic Banking Terms & Conditions. If you play your part in protecting yourself from fraud, you can bank online with peace of mind that the money in your account is protected against fraud.
Play your part in protecting yourself from fraud
Our guarantee protects you if you have played your part in protecting yourself from fraud by adopting the following measures:
- You have not shared your security details with anyone (these include your Access Code, PIN and security token);
- You have kept your hardware token secure at all times;
- You have secured your mobile device with passcode/biometric authentication to prevent another person from accessing your phone;
- You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;
- You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts;
- You have updated us immediately when there is a change in your contact details, such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities;
- You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and
- You inform us immediately if:
- you are aware of any suspected fraud, including any compromise or loss of your security device or security details; or
- you receive SMS or e-mail alerts for transactions which you did not perform; or
- you are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform,
- and you furnish us with all information requested by us and provide your full co-operation.
Suspected unauthorised transactions? Inform us immediately
In the event should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us at 1800 363 3333 or (65) 6363 3333 if you are calling from overseas or by visiting one of our branches during our opening hours.
After receiving the information required to facilitate the investigation, the Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases. We will notify you accordingly if we require more time for investigations.
-
Safeguarding your Internet Banking Access
For more information, click here
-
Unauthorised transactions on account
In the event you’ve detected unauthorised transaction in your account, please do the following:
-
Change your PIN immediately
- Login to OCBC Online Banking
- Under the “Customer service” menu, locate “Online banking settings”
- Select “Change PIN”
- Enter your new 6-digit PIN
Contact us immediately at 1800 363 3333 or (65) 6363 3333 if you are calling from overseas or by visiting one of our branches during our opening hours.
After receiving the information required to facilitate the investigation, the Bank will complete an investigation of any relevant claim within 21 business days for straightforward cases or 45 business days for complex cases. We will notify you accordingly if we require more time for investigations.
For more information on the reporting process for unauthorised transactions, please refer to our E-payments User Protection Guidelines
-
Prevent browser from storing access code/PIN
Deactivate the function accordingly:
Mozilla Firefox
- Launch the Firefox browser and click on “Tools” >> “Options” >> “Security”.
- Under Passwords, uncheck “Remember passwords for sites”.
- Click "OK" to save your settings.
Google Chrome
- Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
- Click “Options” >> “Personal Stuff”.
Under Passwords, check “Never save passwords”
-
Verify that the website is secure
Mozilla Firefox
- Site Identity Button will display in one of three colors - grey, blue, or green.
- Grey indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
- Blue indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
- Green indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.
Google Chrome
- Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
- Click “Options” >> “Under the Bonnet”.
- Under HTTPS/SSL, check the box for “Check for server certificate revocation”.
-
Clear browser cache after online banking session
Mozilla Firefox
- Go to “Tool” >> “Clear recent history”
- Check the boxes for “Browsing & Download History” and “Cookies”
Google Chrome
- Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
- Click “Options” >> “Under the Bonnet”.
- Under “Privacy”, click “Clear browsing data”.
-
Error message indicating an unsecured connection
Please check that your browser is able to carry out secured transactions. This is how you can enable your browser to make such connections:
On 18 January 2018, we have upgraded to Transport Layer Security (TLS 1.2) for necessary improvements to your online security. If your web browser does not support TLS 1.2 by 18 January 2018, you will not be able to view our web pages and online banking services.
If your web browser appears to be ready for TLS 1.2 but you still cannot access OCBC web pages or online banking services, please ensure your web browser is not running in legacy mode.
For Chrome
- Launch your Google Chrome browser
- Click on menu icon at top right corner of the browser
- Select 'Settings' - > 'Show Advance Setting' hyperlink
- Click 'Change proxy settings' -> 'Advanced' tab
- Scroll down to 'Security' section and uncheck the options 'Use SSL 2.0', 'Use SSL 3.0'
- Check the options 'Use TLS 1.0', 'Use TLS 1.1' (if available), 'Use TLS 1.2' (if available)
- Click 'Apply' then 'OK'
- Close all browser tabs and re-open browser to ensure settings are changed
- Access https://www.ocbc.com/login again
For Firefox
- Launch your Firefox browser
- Type 'about:config' in address bar
- You will see a warning message : 'This might void your warranty!'. Click on 'I'll be careful, I promise!'
- d) Type 'TLS' in 'Search' bar
- Under 'Preference Name', select 'security.tls.version.max'. Place mouse cursor under 'Value', right click to 'Modify' and change value to '3' to enable TLS 1.2. Click 'OK'
- Under 'Preference Name', select 'security.tls.version.min'. Place mouse cursor under 'Value', right click to 'Modify' and change value to '1' to make TLS 1.0 the minimum required security protocol. Click 'OK'
- Close all browser tabs and re-open browser to ensure settings are changed
- Access https://www.ocbc.com/login again
-
Difference between the 'OTP' and 'SIGN' buttons on the OCBC hardware token
The 'OTP' button allows you to generate a one-time password for you to login to Online and Mobile banking as well as for transactions that require OTP.
The 'SIGN' button is used to generate a unique code based on a series of numbers that you will enter into the token for important transactions. This code is then required to complete the transaction on online and mobile banking.
There will be an on-screen step-by-step instruction to guide you on Online and Mobile banking as you perform those transactions that require the use of the 'SIGN' button.
-
Online and Mobile Banking transactions that require use of the 'SIGN' button for OCBC hardware token users
The following transactions require use of the 'SIGN' button on the new token:
- Add new payees
- Funds transfer/MEPS/TT above transaction limit1
- Pay other banks' credit card above transaction limit1
- Change transaction limit1
- Change daily limit2
- Update mobile number
- Update mailing address
1Default limit per transaction is $25,000
2Default total amount allowed per day for each service is S$3,000 -
New OCBC OneToken activation
Simply download the latest OCBC Mobile Banking app and follow the step-by-step guide to activate OCBC OneToken.
IMPORTANT: If you are an existing hardware token user, you will need it to set up and activate your OneToken.
-
Discarding faulty hardware token
After activating your newly replaced hardware token, you may discard your older token as it will be deactivated automatically. You do not need to return it to the Bank.
-
Security alert on malware