Online & Mobile Banking

Online security

OCBC Online Banking Security Guarantee

 

Our online security commitment to you

 

At OCBC Bank, we are committed to protecting the security of your online transactions. We use leading-edge and industry-standard technology and processes to help ensure that your privacy and transactions are not compromised on our servers, and that your interests are safeguarded.

 

 

Our guarantee against fraudulent transfers

 

As an assurance of our commitment, we guarantee a full refund of any money that has been transferred out of your account due to fraud via our Internet and Mobile Banking service, subject to our Electronic Banking Terms & Conditions. If you play your part in protecting yourself from fraud, you can bank online with peace of mind that the money in your account is protected against fraud.

 

 

Play your part in protecting yourself from fraud

 

Our guarantee protects you if you have played your part in protecting yourself from fraud by adopting the following measures:

  • You have kept your hardware token secure at all times;
  • You have not shared your security details with anyone (these include your Access Code, PIN and security token);
  • You have equipped your computer or mobile device with the latest operating system security patches, anti-virus, anti-malware and firewall software. The installed software should be regularly updated to the latest version and run with latest signatures;
  • You have followed our recommendations on Safeguarding Your Internet Banking Access and complied with all your obligations under the Electronic Banking Terms & Conditions and the Terms & Conditions Governing Deposit Accounts;
  • You have updated us immediately when there is a change in your contact details, such as mobile number and e-mail address, for the purposes of receiving SMS alerts or e-mail notifications for online banking transactions and activities;
  • You have updated us immediately when you change your mobile number for receiving One-time Password (OTP) via SMS; and
  • You inform us immediately if:
    • you are aware of any suspected fraud, including any compromise or loss of your security device or security details; or
    • you receive SMS or e-mail alerts for transactions which you did not perform; or
    • you are alerted on change of daily withdrawal limit or add beneficiary for transfer to an account which you do not know of or did not perform,
    and you furnish us with all information requested by us and provide your full co-operation.

 

 

Suspected fraud? Inform us immediately

 

In the unlikely event should you become a victim of an unauthorised transaction, please inform us immediately. You can report to us at 1800 363 3333 at any time or by contacting one of our branches during their opening hours.

Upon receipt of your report, we resolve to get back to you within seven (7) working days. Depending on the complexity of the claims, we will notify you accordingly if we require more time for investigations.

 

Safeguarding your Internet Banking Access

For more information, click here

Unauthorised transactions on account

Change your PIN and contact us immediately at 1800 363 3333 or (65) 6363 3333 if you are calling from overseas.

To change your PIN:

 

  1. Login to Online Banking.
  2. Select “Customer Service” menu, click “Change Pin”
  3. Enter your new PIN, confirm and submit

 

Prevent browser from storing access code/PIN

Deactivate the function accordingly:


Internet Explorer

 

  1. Launch your Internet Explorer browser and click on "Tools" >> "Internet Options" >> "Content".
  2. Under "AutoComplete", click on "Settings".
  3. Uncheck "User names and passwords on forms".
  4. Click "OK" to save your settings.

 


Mozilla Firefox

 

  1. Launch the Firefox browser and click on “Tools” >> “Options” >> “Security”.
  2. Under Passwords, uncheck “Remember passwords for sites”.
  3. Click "OK" to save your settings.

 


Google Chrome

 

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Personal Stuff”.

 

Under Passwords, check “Never save passwords”

Verify that the website is secure

Things to remember:

 

  1. Check that you are on our official website at https://www.ocbc.com/internet-banking   
  2. Check that the lock icon displayed is enabled at the bottom right-hand of the screen or beside the URL address bar for IE 7 and above.
  3. You can also verify that the website has the security certificate. If you receive a SSL server certificate warning, one of the possible reasons is the security certificate may not belong to the bank, please terminate the login session and call the bank at 1800 363 3333.
  4. This is how you can verify that the website has the security certificate:

 

Internet Explorer

 

  1. Right-click your mouse.
  2. Select “Properties”.
  3. Click on “Certificates”.
  4. For secured site, you will see the details of the security certificate information.
  5. For unsecured site, there is no security certificate information.

 


Mozilla Firefox

 

  1. Site Identity Button will display in one of three colors - grey, blue, or green.
  2. Grey indicates that the site doesn't provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
  3. Blue indicates that the site's domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
  4. Green indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.

 


Google Chrome

 

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under HTTPS/SSL, check the box for “Check for server certificate revocation”.

 

Clear browser cache after online banking session

Internet Explorer 

 

  1. Go to “Tools”.
  2. Go to “Internet Options”.
  3. Select “General”.
  4. Under browsing history, click the “Delete” button and select “Temporary Internet files” and “Cookies” for IE8 and above.
  5. Click “OK” to delete all temporary internet files and cookies.

 


Mozilla Firefox 

 

  1. Go to “Tool” >> “Clear recent history”
  2. Check the boxes for “Browsing & Download History” and “Cookies”

 


Google Chrome

 

  1. Launch the Chrome browser and click on the “Customise and control Google Chrome” icon.
  2. Click “Options” >> “Under the Bonnet”.
  3. Under “Privacy”, click “Clear browsing data”.

 

Error message indicating an unsecured connection

Please check that your browser is able to carry out secured transactions. This is how you can enable your browser to make such connections:

 

Internet Explorer

 

  1. Select “Tools” from the pull-down menu in your browser.
  2. Select “Internet Options”.
  3. Select “Advanced” tab.
  4. Scroll down to Security. Ensure that “Use SSL 3.0” is selected.
  5. Click “OK”.

 


Mozilla Firefox

 

  1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and click “Options”.
  2. Select the “Advanced” panel.
  3. Click the “Encryption” tab.
  4. Verify that “Use SSL 3.0” and “Use TLS 1.0” are checked. 
  5. Click “OK”.

 


Google Chrome

 

  1. Click “Customise and Control Google Chrome” menu.
  2. Click “Options”.
  3. Select “Under the Bonnet” tab.
  4. Go to “HTTPS/SSL” section.
  5. Click “Manage certificates”.

 

In the “Certificates” window you can Import, Export and Remove your SSL certificates.

Learn about Transaction Signing and the new OCBC hardware token

By 20 December 2012, important transactions such as adding of new payees will require enhanced security. You will be required to enter transaction-specific details such as your payee account number or card number into your token to generate a unique code. This is termed as 'Transaction Signing' and can only be done using the new token issued to you.

Difference between the 'OTP' and 'SIGN' buttons on the new OCBC token

The 'OTP' button allows you to generate a one-time password for you to login to Online and Mobile banking as well as for transactions that require OTP.

The 'SIGN' button is used to generate a unique code based on a series of numbers that you will enter into the token for important transactions. This code is then required to complete the transaction on online and mobile banking.

There will be an on-screen step-by-step instruction to guide you on Online and Mobile banking as you perform those transactions that require the use of the 'SIGN' button.

Online and Mobile Banking transactions that require use of the 'SIGN' button

The following transactions require use of the 'SIGN' button on the new token:

  • Add new payees
  • Funds transfer/MEPS/TT above transaction limit1
  • Pay other banks' credit card above transaction limit1
  • Change transaction limit1
  • Change daily limit2
  • Update mobile number
  • Update mailing address

1Default limit per transaction is $25,000
2Default total amount allowed per day for each service is S$3,000

Impact to existing SMS OTP users issued with new OCBC token

If you have already received your token, you should activate it within 30 days from the date your token is mailed out (based on the date of the letter). Else, you will not be able to perform transactions that require the token.

For your convenience, you can continue to use SMS to login to Online Banking and for transactions that require OTP.

Impact to existing hardware token users issued with new OCBC token

If you have already received your token, you should activate it within 30 days from the date your token is mailed out (based on the date of the letter). Else, you will not be able to perform transactions that require the token.

Moreover, if you are an old token customer, you will not be able to login to Online Banking from 1 April 2013 using the old token.

IMPORTANT: Please note that you will need your existing (old) hardware token to login BEFORE you can activate your new token. After activation, you may discard your older token as it will be deactivated automatically.

New OCBC hardware token activation

Simply log on to OCBC Online Banking and follow the step by step guide on how to activate your token.

IMPORTANT: If you are an existing hardware token user, you will need your existing (old) hardware token to login BEFORE you can activate your new token. After activation, you may discard your older token as it will be deactivated automatically.

Discarding old hardware token

After activating your new OCBC hardware token, you may discard your older token as it will be deactivated automatically. You do not need to return it to the Bank.

Security alert on malware