Bank
Digital Services
Online Security

If you have any doubt on an incoming call number, email address, web address, platform account, payment account, etc., you can use the Scameter in the CyberDefender website of the Hong Kong Police Force or download the Scameter+ App to assess the risk of fraud and cyber security. Please click here to learn more.

 

Stay alert to fraudulent websites, bogus calls, phishing emails, SMS and instant messages on mobile purporting to be made by DBS. Learn More

Stay Vigilant to Online Transaction Scams Targeting Sellers of Online P2P Shopping Platform

DBS Bank (Hong Kong) Limited (“The Bank”) would like to alert our customers and the public of the recent increasing online transaction scams targeting sellers of online peer-to-peer (P2P) shopping platform. Scammers impersonate as a buyer to chat with sellers on the online shopping platform, request sellers to click a hyperlink to receive the funds. The hyperlink leads to phishing site designed to deceive the sellers to input internet banking credentials and one time password, and authenticate unknown internet banking transactions resulting in financial losses.

To avoid this trap, please beware of any requests for personal or financial information through external links. Never disclose sensitive information such as internet banking credentials and one time password to unverified sources.

If customers are concerned that they may have disclosed their personal information or have conducted any transactions through such channel, they should immediately contact the Police and DBS Bank (Hong Kong) Limited’s bogus calls enquiry hotline at (852) 2290 8345.

 

Latest Update

To safeguard the security of your online banking account, we have implemented upgraded login security measures for DBS digibank HK mobile app and DBS iBanking. After entering your username and password or using biometric login when logging in to online banking, you must use two-factor authentication (2FA) methods via mobile for identification. This provides extra protection for your account.

New Device Detection notification - A new measure to protect you against unauthorised access to DBS digibank HK

Bank more securely

At DBS, we are fully committed to safeguarding your assets against criminal activities and attempts to impersonate you.

Check out the video for a useful guide on how to protect your wealth:

 

We continually take proactive steps to ensure that our security solutions are in line with enhancements and advancements in the industry. As an user, you also play a key role in safeguarding your personal and account information.

Please take some time to read through the following important information:

 

Two-factor Authentication 

Why can’t I log in directly using my username and password?
To safeguard the security of your online banking account, we have implemented upgraded login security measures for DBS digibank HK and DBS iBanking. After entering your username and password or using biometric login when logging in to online banking, you must use two-factor authentication (2FA) methods via mobile or Secure device for identification. This provides extra protection for your account.
How to log in to DBS digibank HK?
  1. Enter your username and password
  2. If you have set up the Digital Token on your device, you can log in to DBS digibank HK seamlessly
  3. If you have not set up the Digital Token on your device, you need to log in to DBS digibank HK using SMS OTP or your Secure Device
  4. To log in according to step 3, please enter the One Time Password sent to you via SMS or the Secure Device PIN to complete two-factor authenticate.
How to log in to DBS iBanking?
  1. Enter your username and password
  2. Choose to authenticate using the Digital Token, an SMS OTP or the Secure Device:
    1. If you log in using the Digital token, open your DBS digibank HK and tap “Digital Token” next to the “Log In” Review before you tap “Approve”
    2. If you log in using an SMS OTP, enter the 6-digit SMS OTP sent to your registered mobile number
    3. If you log in using your Secure Device, press and hold the button on the Secure Device to generate a 6-digit Secure PIN. Please click here for more details.

Activity History

How can I view my activity history?
For digibank, you can find "Activity History" under More tab. You can also view your activity history in DBS iBanking under the “Internet Banking” tab.
What is Activity History and what kind of information is included?
Activity History allows you to review and monitor account activities on DBS iBanking and digibank. By default, it displays the past 5 days’ activities with date, time, geo-location, device information. You may search for activity over the past 90 days by specifying a date range.

These transaction types are covered in Activity History. 

  • Login to DBS iBanking or digibank 
  • Funds Transfer to Registered 3rd Party Account 
  • Increase Registered 3rd Party Account Daily Transfer Limit 
  • Funds Transfer to Non-Registered 3rd Party Account 
  • Add New Recipient 
  • Increase Non-Registered 3rd Party Account Daily Transfer Limit 
  • Transfer Any Amount to Non-Registered 3rd Party Account 
  • Funds Transfer to Overseas Account and DBS Remit 
  • Add New Overseas Recipient 
  • Increase Overseas Transfer Daily Limit 
  • Set up Standing Instructions 
  • PayFast, eLaisee and Scan & Pay Daily Limit Activation 
  • Increase PayFast, eLaisee and Scan & Pay Daily Limit 
  • Bill Payment for Selected Merchant Categories 
  • Set up Direct Debit Authorisation 
  • Add New Bill Payee 
  • Update Personal Details  
  • Reset ATM Card PIN 
  • Replace ATM Card  
  • Set up / Amend / Delete My Alerts 
  • Update My Alert Contact 

 

If you notice any suspicious activity, please contact our Customer Service Hotline at 2290 8888 as soon as possible. 

New Device Detection notification

New Device Detection is a security measure to notify customers when we detect a new mobile device being used for the first time to log in to DBS digibank HK.

Can I opt out of the New Device Detection notifications?

Customers cannot opt out of the New Device Detection notifications as this measure is intended to help customers detect any unauthorised login from a new mobile device.

Is it possible for customers to receive New Device Detection notifications even when they are using a device that they have used to log in to DBS digibank HK before?

There are 3 possibilities:

  1. The Bank’s New Device Detection system (“System”) captures customers’ mobile device information for DBS digibank HK logins from 3 Sep 2023 and onwards. For DBS digibank HK logins before 3 Sep 2023, the mobile device information would not be in the System’s record and therefore, any subsequent logins would trigger the New Device Detection notification.

  2. The System captures customers’ last 5 mobile devices used to log in to DBS digibank HK. If the mobile device used for DBS digibank HK login is not one of those 5 devices, this will trigger the New Device Detection notification as well.

  3. The customer’s last DBS digibank HK login is more than 2 years ago.

Security Quick Tips

Below are some quick tips for you to bank safely and securely online.

Internet / mobile banking credential
  • The username and password of your DBS iBanking, DBS digibank HK or DBS Card+ should be difficult to guess. Do not use easily accessible personal information such as your telephone number or date of birth in your passwords.
  • Never use the same DBS iBanking, DBS digibank HK or DBS Card+ password for other financial or non-financial web-based services such as for email, online shopping, digital identity and other online subscription services.
  • Never store your username and password in or keep them with any devices. Make sure you disguise them if you write them down.
  • Keep your username and password confidential at all times. Do not let anyone else use them.
  • Never reveal your One Time Password, or Secure PIN generated by Secure Device or Digital Token.
  • Regularly change your DBS iBanking, DBS digibank HK or DBS Card+ password.
  • Log off your online session every time after use.
Keep your device safe
  • Do not install suspicious software or applications from un-authenticated sources or third-party platforms on the Internet.
  • Avoid using shared/public computer (e.g. computers at coffee shops / libraries) or devices to log in to DBS iBanking, DBS digibank HK or DBS Card+.
  • Never leave your device unattended.
  • Keep your Secure Device in a safe place.
  • Clear your browser’s cache and history after each session.
  • Set a passcode / lock screen pattern for your mobile phone that is difficult to guess. Activate the auto-lock function.
  • Use the latest versions of operating system, applications and browser. Do not use mobile phone / tablet which is jailbroken / rooted.
  • Install mobile applications from Apple App Store or Google Play Store or Huawei AppGallery only.
  • Review application permissions and ensure permissions requested are appropriate for the type of application being downloaded.
  • Install and regularly update anti-virus or anti-malware software.
  • Consider downloading an ad blocker to enable the device’s browser to block advertisements and pop-ups.
  • Keep your login and biometric credentials (such as fingerprint) used to unlock your device safe and secure to prevent unauthorised use of your device.
  • Always read the authentication message carefully, including the transaction details, date and time, before authenticating any transaction with your Digital Token.
Secured network
  • Ensure adequate security (e.g. choose encrypted network and avoid using public Wi-Fi) for wireless network and devices, and take extreme caution when accessing public Wi-Fi connections. Regularly remove unnecessary Wi-Fi connection settings.
  • Turn off any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) and contactless mobile payment features (e.g. payment apps) when not in use to reduce the risk of electronic pick-pocketing.
  • Always connect to DBS iBanking by typing our web address https://www.dbs.com.hk, bookmarking it for subsequent access or via the official DBS digibank HK. Always connect to DBS Card+ by typing our web address https://cards.dbs.com.hk , bookmarking it for subsequent access or via the official DBS Card+ mobile app.
Be vigilant at all time
  • Check your account and transaction history details regularly.
  • Check our SMS messages and email notifications in a timely manner.
  • Notify us immediately by calling Customer Service Hotline (852) 2290 8888 in case of any suspicious last logon time for DBS iBanking, DBS digibank HK or DBS Card+, unusual transactions or situations (e.g. suspicious pop-up screens or abnormal login steps).
  • Update us via DBS iBanking or branches as soon as possible when you change your contact details.
  • Do not open or click on hyperlinks in SMS, MMS, or email messages from unknown or suspicious sources.
  • Do not open unsolicited emails and their attachments.
  • Do not input login credential or any personal information via any hyperlink embedded in an email. We or our business partners / agents will not send you emails with embedded hyperlinks or QR code that direct you to our login page of DBS iBanking, DBS digibank HK or DBS Card+.
  • Do not disclose your sensitive personal information via suspicious calls. We will not ask for your sensitive personal information such as your password and One Time Password via phone calls or emails.
  • Do not forward any of our SMS or emails which you might use to access DBS iBanking, DBS digibank HK or DBS Card+ to another device or email address.

 

 

How DBS Safeguard Customer Asset Against Fraudsters

As a bank that cares, here are some security features that we have developed to protect your wealth.

 

Latest Security Advice on Online Scams & Frauds

Stay updated on the latest security news that might change the way you bank online.

 

Social Media Advertisement Phishing

Beware of Scammers using mobile malware to access and conduct fraudulent fund transfers from your bank account. Scammers may use attractive offers, discounts, and promotions to encourage you to download and install third-party applications via unofficial app stores, web links, email attachments, or WhatsApp file downloads.

The scammer or the app will ask for certain permissions, such as:

  • Accessibility services.
  • Change your SMS app to the newly installed app.
  • View and send SMSes.
  • Granting full control over your device.

Once these malicious apps are installed, the malicious apps grant the scammers remote access to your phone. With this remote access to your mobile device and your login credentials, the scammer will take over your phone and conduct unauthorized transactions such as changing to your transfer limits, adding payee and make fund transfer using your bank account.

Social Media Advertisement Phishing

Remember that if a deal seems too good to be true, it often is.

  • Be wary of deals that seem too good to be true, such as unbelievably low prices on iPhones, durians, or services like cleaning or pet grooming. Scammers often prey on your emotions with these enticing offers through ads, emails, SMS, or WhatsApp messages.

Only download mobile apps from official app stores like Google Play Store and Apple App Store.

  • Official app stores have security measures to minimize your risk of installing a malicious app. However, always check the reviews and ratings of apps to ensure their trustworthiness. Never sideload apps from third-party websites, emails, SMSes, or social media.

Pay attention to the permissions an app asks for and use a reputable mobile security software.

  • Think twice if an app requests accessibility permissions, full control over your device, or access to sensitive information like SMS and emails. These requests are often red flags for malicious activities. Consider using reputable mobile security software to detect and block any malicious apps or alert you to potential risks.

If you suspect that your phone is compromised by malware, do this immediately:

  • Turn on airplane mode on your phone or turn off your phone.
  • Call DBS immediately so we may help you.

Customers are advised to be mindful of such scams

Customers are reminded to check that they're on DBS's official websites and social media accounts or use DBS's official mobile applications to conduct any DBS bank-related requests.

  • DBS will not send you login links in our official SMSes.
  • DBS will never ask you for your credit card details, CVV, SMS or email OTPs, or Digital Token approvals to verify or unlock your account.
  • Do not call phone numbers, click on URL links, or scan QR codes in unsolicited emails, SMS, or other Messaging Application messages.
  • Always verify the authenticity of the message with the official websites or sources.
  • Never disclose your card numbers or OTPs to unverified sources. Bank staff and government officials will never request your card details, OTPs, or Digital Token Approvals through SMS, voice calls, or unofficial websites.

Report scams to protect your family, friends, and our community

If customers are concerned that they may have disclosed their personal information or have conducted any suspicious transactions through such channel, they should immediately contact the Police and DBS Bank (Hong Kong) Limited’s bogus calls enquiry hotline at (852) 2290 8345.

Don't Lend/Sell Your Account

Do not sell or lend your accounts to others as these may be abused for unlawful purposes and you may expose yourselves to the risk of committing money laundering offences.  Please click here to learn more.

 

Created with Sketch.
Created with Sketch.

For more digital security tips published by The Hong Kong Monetary Authority, please click here.

Additionally, you may visit the Security & You section of DBS Singapore website for more online security information. 

Prevention From Malware and Scammers

With the rise of malware threats, we are going to enhance our security measures on DBS digibank HK to assure you a safe and secure digital banking experience throughout the whole journey from login to completing funds transfers!

What we are doing to protect you?

Enhanced anti-malware tool can detect potential risks on your Android device and alert you when you are accessing DBS digibank HK. This includes:

  1. Known malware Apps to the Bank’s knowledge
  2. Apps downloaded from unofficial app stores and enabled accessibility permission for these apps
  3. Mobile device with unauthorised screen-sharing

What should you do if your DBS digibank HK access is restricted?
  1. Known malware Apps to the Bank’s knowledge


    This device is likely infected with malware, or has been jailbroken or rooted. To protect you from being exposed to scammers, your access to DBS digibank HK on this device is blocked for now. To safeguard your account, you are highly recommended to: You may wish to perform a factory reset on your device. If this does not work, you may need to setup your DBS digibank HK on another device which has not been jailbroken or rooted.


    To safeguard your account, you are highly recommended to:
    You may wish to perform a factory reset on your device. If this does not work, you may need to setup your DBS digibank HK on another device which has not been jailbroken or rooted.

  1. Our anti-malware tool has detected apps that are potentially risky to DBS digibank HK.


    To safeguard your account, you are highly recommended to:

    • Delete the listed apps from your device as shown in the alert message; or
    • Turn off “Accessibility” for the above apps (Go to Settings > Accessibility > Installed apps)
  1. Our anti-malware tool has detected potentially unauthorized screen-sharing on your device.


    It means what you see on your device is being shared and shown on other devices.


    To safeguard your account, you are highly recommended to:

    • Stop screen-sharing if you are doing so: or
    • Delete the listed apps from your device as shown from the alert message


    Your DBS digibank HK access will be restored immediately after you take these steps.​


    Your privacy matters: Use of our anti-malware tool is limited to the detection of malware activity and security threats. No additional personal data from your device is collected.

Useful links


Important Notes:

DBS Bank will never send emails / SMS asking you to provide your DBS iBanking or DBS digibank HK usernames, passwords or verify your accounts online. You should never disclose your login credential to anybody and never use hyperlinks in emails (including those presented as QR code), SMS or Internet search engines to access your DBS iBanking or DBS digibank HK accounts.

If you are in any doubt of the authenticity of any website from which you are accessing your DBS iBanking or DBS digibank HK account, contact us at Customer Service Hotline at (852) 2290 8888 / Bogus Calls Enquiry (852) 2290 8345 immediately.

Thank you. Your feedback will help us serve you better.

Was this information useful ?

We're sorry to hear that.
How can we do better?