Security tips
Security advisory
Security alert

We are committed to protecting the security and confidentiality of your personal information so as to provide you with a safe and secure online environment. Our website uses commercially proven security hardware and software products. These security products include routers, firewalls, intrusion detection systems and secure operating system to safeguard your interest.

The client shall safeguard the security at the client end and user information in order to use e-banking service safely. If the client end is implanted with malicious program, it still has the risk that transaction information is altered. In this case, the risk of capital theft and transfer shall be borne by the client. Therefore, please pay attention to protecting the client end and user information.

The below security tips are for your reference only. The Bank will not be responsible for the accuracy and completeness of the network security issues. Please consult with the information security experts for details.

Protecting your password
  • Never reveal your username and password to anyone. If you suspect that someone has gained access to your username and password, change it immediately

  • Do not use the same number or letter sequence for username and password

  • Avoid using the same passwords for everything, such as email, voice-mail, etc

  • Use both upper and lower cases or mix letters with numbers and if possible include symbols

  • Avoid easily identifiable passwords such as phone numbers and birth dates

  • Change your passwords frequently using the 'Change Password' function

  • Do not leave your system unattended when you are logged on to our Internet Banking

  • Always clear your PC browser's cache after each session. This will ensure that all your account information is permanently removed from your system memory.

  • Memorise your password and do not make a physical record of it.

  • Check and ensure that your PC browser does not store your password. If you are using Microsoft Internet Explorer, your should check and ensure that the browser 'AutoComplete' function is disabled.

Protecting your WeChat banking

The OCBC Velocity WeChat user can bind his/her personal WeChat account with the OCBC Velocity user in the bank WeChat official account, then can view bank account information and submit instructions in wechat platform.

The customer and OCBC Velocity WeChat user shall be responsible or obtaining and maintaining the necessary Device and software to use the OCBC Velocity WeChat Service, and to take all necessary security measures to prevent unauthorized access or use of the WeChat Service through the Device or the user's WeChat Account. The bank shall not take any responsibility in this regard. The Customer and the use shall ensure that the Device is not tampered with (e.g. rooted, hacked, jail-broken, etc.).

The below security tips are for your reference:

  • Never reveal your wechat user ID and password to anyone.

  • If any personnel changes, please ensure to change or delete OCBC Velocity user in advance and undoing the Binding.

  • The customer and OCBC Velocity WeChat user shall be responsible for safety and confidentiality of and shall ensure that there is no unauthorized access to or use of, the Device, the Customer's WeChat Account and any information used for identity verification during the Binding (e.g. the username, password and security device of OCBC Velocity or the Customer's other relevant materials).

  • The Customer shall notify the bank immediately and suspend the OCBC Velocity user access, upon its awareness of any loss, theft, unauthorized access, attack or threatening by software, hacker or virus in respect of any of the Device, the Customer's WeChat Account, data or information, or other circumstances that may result in unauthorized use of the OCBC Velocity WeChat Service.

Protecting your PC
  • Install anti-virus, anti-spyware and firewall software to protect your personal computer (PC) against hackers, virus attacks and other malicious programmes like the "Trojan Horse". Your PC is particularly susceptible to such attacks when it is linked via broadband connections, digital subscriber lines or cable modems. Installing these security software will prevent and detect unauthorised access to your PCs. They are available at most computer software retailers.

  • Disable the 'File and Printer Sharing for Microsoft Networks' feature on your Operating System. This prevents an external party from gaining illegal control or access to your PC. The feature can be easily disabled by selecting 'Network' at the control panel and look for the configuration 'File and Printer Sharing'.

  • Do not use public / shared PCs (e.g. internet café PCs) to access your online banking account or perform any financial transactions.

  • Back up your files regularly, especially so for your critical data, to a removable disk or another computer. This is to minimise the risk of losing your computer data to accidental deletion, system problems or theft of your computer. For greater protection, keep your back up in a different location.

  • Never download programmes unless you know the website is reputable.

  • Do not open email messages with suspicious attachments as a virus may be attached to the email messages

  • Check your account and transaction history details regularly

  • Conduct regular updates of your anti-virus, anti-spyware and firewall products with security patches or up-to-date versions.

  • Consider using encryption technology to protect highly sensitive data.

  • Log off your online session and switch your PC off when not in use.

  • Do not install software or run programmes of unknown origin.

  • Delete junk or chain emails.

  • Do not open email attachments from unknown senders.

  • Do not disclose personal, financial or credit card information to little-known or suspicious websites.

  • Do not use any PC or device (e.g. thumb drives, portable hard disks) that cannot be trusted. 

Protecting your security device
  • Never reveal your security token PIN (one-time password or OTP) to anyone. If you suspect that someone has gained access to your security device, please notify the Bank immediately via the hotline.

  • DO NOT leave your security device unattended, you should keep it in a secure location(e.g. locked in your office cabinet or desk drawer).

  • DO NOT allow anyone to keep, use or tamper with your OTP security device.

  • DO NOT reveal the serial number of your OTP security token to anyone.

Security advisory on spyware and adware

I. General information

Our Bank's treats online security with utmost importance and issues this security alert on Spyware and Adware programmes so that you will be better informed on how to protect your business when using the Internet.

Recent news on Spyware reported that some companies are promising faster internet access if the User channels his web communication through these companies' servers and/or installs special programs onto their computer. In doing so, these companies are presented with opportunities to monitor your web behaviour. Some of these companies are even able to decrypt, thus exposing your online communication including encrypted information containing confidential details such as Organisation’s ID, User Name, Password and account particulars – even when keyed in at secured websites.

At our Bank, we are committed to provide the highest level of security to our customers. Hence, we strongly advise that you do not access the Bank's Internet Banking through such web services and refrain from installing dubious computer software in your computer, which can be malicious.

II. What are Spyware and Adware?

Spyware is a software programme that gathers information about a person or an organisation on the Internet without their knowledge. It is normally installed onto someone's computer to secretly gather information about the User.

Adware is a form of Spyware used by marketers to track Internet User’s surfing habits and interests for the purpose of customising future advertising material. Adware can monitor information such as the type of sites visited, nature of articles read or the types of pop-ups and banners a User clicks on. This information collected is then used to customise future advertisements targeted to the User, or can be sold to a third party for the same purpose.

Spyware and Adware programmes slow down the system performance of a computer. These programmes use memory and system resources that can cause the system to crash and be unstable. Such software programmes may also have the ability to monitor keystrokes, scan files on your hard drive, change the default home page of your browser, and relay information about your web visits to unauthorised/disreputable third parties who can potentially manipulate the information.

Hence, Spyware and Adware programmes are considered as potential forms of identity theft as they have the ability to invade your online privacy by gaining access to your Passwords and your organisation’s confidential transaction information.

III. How can you protect yourself

There are products available that can help you detect, monitor and remove Spyware from your computer. Many computer security software suites now come with a standard feature for Spyware detection and removal.

With proper precautions, you can help protect your organisation’s account information from harmful programs:

  • Be wary of banners, ads and pop-ups while surfing the Internet.

  • Refrain from clicking on them no matter how enticing they may appear.

  • Avoid downloading programmes and email attachments from unknown sources.

  • Downloads may contain hidden programmes that can compromise your computer’s security. Never download or open email attachments from unknown senders.

  • Keep your computer operating system and Web browser current.

If your computer is more than five years old, its operating system (e.g. Windows 98, XP etc.) may not offer the same level of protection as newer systems. System manufacturers such as Microsoft and Apple provide frequent updates to help make your system more secure. 

You may check out their websites: or

Install and update your computer with the latest anti-virus software. Commercially available virus protection software helps reduce the risk of contracting computer viruses that can compromise your security. These programmes offer the protection against the latest threats – provided you continuously keep the programme updated.

Install up-to-date anti Spyware programme to regularly scan your computer, locate, quarantine and delete any Spyware/Adware in your computer.

Review the terms and conditions when you install free programmes or subscribe to services from the Internet.

Never divulge your Internet Banking Password to anyone, not even to someone who claims to be a staff of the Bank. Your Internet Banking Password is personal and highly confidential. Our staff will NEVER ask for your Password either via emails, in person or over the telephone.

Change your Internet Banking Password on a regular basis.

Ensure that you are entering the bank's secured site

Phishing (pronounced "fishing") is a type of online identity theft. It uses email or fraudulent websites that are designed to steal your personal data or information such as login user id, passwords, other information. To ensure that you are entering our bank's secured site:

To validate the Domain Name:

  • - Velocity@ocbc

To validate the site's SSL certificate:

  • Double click on 'padlock" icon next to address bar

  • Click on "General" Tab

  • Verify that Certificate is issued to ""

  • Verify that Certificate is issued by "VeriSign"

  • Click on "Certification Path" tab

  • Certification status should state that "This certificate is OK."

Security tips on email and other new threats

Safeguard yourself against online scams

Be wary of:

  • any false e-mail address, logo or graphic designed to mislead you into accepting the validity of any email or website;

  • any fake domain name which appears to be the Bank's website or the website of any other financial institution;

  • any hyperlink to any fake website;

  • any embedded form in any email;

  • or any other technique or method designed to mislead you or trick you into providing personal details, such as your Internet Banking, Phone Banking or ATM PIN, user name or password, or any other sensitive information or downloading a virus;

  • other online scams

Never access Internet Banking from a link in an email.

Always enter the domain name of the Bank (ie. into your browser when logging onto the Bank's website. You are advised to take the necessary precautions and not to accept any websites at face value that redirects the link to OCBC Bank Group. If you are in doubt, please contact the bank via hotline

Never reveal your PIN to anyone. The Bank will never request for your Internet Banking, Phone Banking or ATM PINs for any reason.

Be aware of Phishing

Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit card numbers. Before entering your User ID and PIN, you should always ensure that the website you are visiting belongs to our Bank. This can be verified by the URL displayed in your browser as well as the Bank's name in its digital certificate. This precaution will ensure that you are not revealing your Organization ID, USER ID and PASSWORD to a website other than our Bank. Always check that our website address changes from http:// to https:// and a security icon, usually in the form of a lock or key, appears when authentication and encryption is expected.

Clearing your cache
  1. Click "Tools"

  2. Select "Internet Options"

  3. Click "General"

  4. Select "Temporary Internet Files" and click "Delete Files"

  5. Click "OK"

Security advisory on new phishing email and site

New phishing email and site detected

It has been brought to our attention that there is a phishing email leading to a fraudulent website bearing an identical domain name, logo and images belonging to OCBC Bank Group.If you have received an email to register your account information for some security upgrade process by our Bank,Do Not Respond. We would like to remind our customers and other members of public that the official domain name of our Bank is or Customers and other members of public are advised to be wary of suspicious websites bearing any resemblance to the Bank website.

If you have visited any such websites or received an email, short message service (SMS) text or instant message (IM) from an unknown party, instructing you to disclose or submit your banking details such as account numbers, usernames, passwords or credit card information online or otherwise, DO NOT respond but please alert us immediately by calling hotline

If you have visited any such websites or received an email, short message service (SMS) text or instant message (IM) from an unknown party, instructing you to disclose or submit your banking details such as account numbers, usernames, passwords or credit card information online or otherwise, DO NOT respond but please alert us immediately by calling hotline

When receiving an email from OCBC  bank, the sender's email address should be @OCBC.COM.

At our Bank, protecting your information is our priority.

Security tips on website security certificate warnings

What you should do when you encounter Website Security Certificate warnings

Secure Sockets Layer (SSL) and Transport Layer Security(TLS) are the standard security technology for creating an encrypted connection between the bank's web server and your browser. This connection ensures that all data passed between the bank's web server and your browser remain private and integral. SSL is an industry standard and is used by the bank in the protection of online transactions with our customers.

This secure connection has an encryption key assigned to it in the form of a SSL certificate. If you happen to access our Internet Banking through an email link or other website links and encounter the certificate warning or certificate error message indicated below, please log off immediately and inform the bank.

  • If you encounter "Certificate warning"

  • If you encounter "Certificate error"

Please make sure your web browser meet the requirement of Transport Layer Security (TLS)1.2 protocol support.