Security
(For clients using Hong Kong registered mobile phone numbers only)
To assist the public in identifying SMS sender and prevent them from falling prey to phishing SMS, the Hong Kong Office of the Communications Authority, the Hong Kong Monetary Authority, the Hong Kong Police Force, the Hong Kong Association of Banks and the telecommunications industry have established the “SMS Sender Registration Scheme” ("Scheme"). Under the Scheme, only registered organisations are able to send SMS to local subscribers of mobile services in Hong Kong using their Registered SMS Sender IDs with prefix "#". As such, you can easily identify whether an SMS is received from a registered sender by the prefix “#” in the SMS sender ID.
UBS is a participant in the Scheme. From now, the sender address of one-time SMS sent by UBS to clients using Hong Kong registered mobile phone numbers will be replaced as #UBS as the Registered SMS Sender ID.
Please note that the Scheme is not appliable to:
1. SMS messages of which receiving parties are expected to reply to the senders via phone numbers (2-way SMS) ; or
2. Local subscribers of Single-Card-Multiple-Numbers/One-Card-Two-Numbers mobile service provided by non-Hong Kong operators.
General
You should always logout from your UBS E-Banking and UBS Mobile Banking sessions before moving away from your computer and mobile devices. This ends your digital banking session and prevents any unauthorized access to your data and fraudulent transactions.
Clear your web browser cache and history after logging out and close your web browser to ensure that all your account information is removed.
UBS is committed to providing you the best service and support. UBS staff will not ask you to disclose sensitive personal information in unsolicited emails, telephone calls or instant messages.
If you suspect that your security has been breached or that unauthorized access to your UBS E-Banking account has occurred, you should contact the UBS emergency hotline immediately.
You may also contact your client advisor if the UBS emergency hotline cannot be reached.
Recognize fraud and take action
Research has shown that people click on phishing emails much more often in times of uncertainty.
Never give out personal data like contract and access card numbers or security codes if someone asks for them, even when the sender appears to be UBS.
Never use your UBS Access Card and card reader any other time than in UBS E-Banking, even if someone asks you to. UBS will never ask you to do this.
After logging in, only confirm entries that you have undertaken yourself with the UBS Access Card and card reader. For example, new payment recipients or changing your security settings.
Tip: UBS Mobile Banking and UBS Access App communicate with each other directly and automatically establish a secure connection to UBS. If you login to UBS Mobile Banking using this method, phishing fraudsters don’t stand a chance.
Keeping your access secure
Using sophisticated authentication and encryption technology, UBS Digital Banking ensures that you enjoy convenient and secure access to your accounts. UBS security practices are designed to safeguard your data and privacy online.
Complete peace of mind
For confidentiality, data transferred between you and UBS Digital Banking is subject to 256-bit Secure-Socket Layer (SSL) encryption. Even if your data is intercepted, it will be unreadable.
UBS Access Card
For your security, login information on your UBS Access Card cannot be copied. Safeguard your UBS Access Card at all times. Do not allow anyone to keep, use or tamper with your UBS Access Card. Do not reveal any code generated by your UBS Access Card to anyone. Do not divulge the card number printed on your UBS Access Card to anyone.
Three incorrect PIN entries will permanently deactivate the UBS Access Card. Should you require any assistance, please contact the UBS Digital Banking hotline.
PIN
Keep your PIN confidential at all times. Do not reveal it to anyone, including UBS staff or law enforcement agents. Nobody at UBS will ever ask you for your PIN.
Dispose of your initial PIN information once you have used it. After memorizing your new PIN, do not write it down or store it anywhere. Your PIN should not use the same character more than twice. Do not base your PIN on your contract ID, birthdate, telephone number, identification number, or any other personally identifiable information. Change your PIN regularly. Do not reuse the same PIN over time. Do not use the same PIN for different websites, applications or services, particularly when they relate to different entities.
Change your PIN immediately if you suspect that someone else knows it or if you suspect that any unauthorized access has occurred.
Automatic time out
If you have been logged in for 10 minutes with no activity, your session will be automatically terminated.
Login
Before entering your contract ID, ensure that the website you are visiting is using a secure connection and belongs to UBS. The security of the connection can be verified by checking that the URL displayed in the address bar on the browser begins with “https://” and whether the site belongs to UBS.com by confirming that the URL has the domain "ubs.com".
If you receive any SSL Certificate-related warnings, please check the authenticity of the website, clear the cache, and reopen your browser window to try again. You can also try navigating to the login page from the UBS main website: www.ubs.com. If the error persists or if you suspect the site is not secure, please contact the UBS Digital Banking hotline immediately.
Do not store your login details in the browser (see the general security precautions and practices section below for details on how to change this setting).
Track last login
UBS records your last login date and time, enabling you to check unauthorized account access.
Constant monitoring
A dedicated UBS online security team monitors the system for irregularities around the clock. To protect yourself against security threats, please carefully check the alerts and notifications as well as account statements/advice sent by us. If you see any unusual or unauthorized transactions, please contact us immediately.
Reminder about Mis-Transfer of Funds
Please be reminded to exercise caution and avoid errors when making fund transfers. If you discover an error in your fund transfers, please contact your client advisor immediately.
In the event that you have received funds that are mis-transferred to you, please contact your client advisor immediately to arrange for the mis-transferred funds to be returned. Failure to return any mis-transferred funds may attract criminal liability.
General security precautions and practices
- Do not use an untrustworthy computer or device for online banking, particularly a publicly accessible computer.
- Do not disclose your personal, financial or credit card information to untrustworthy, little-known or suspicious web sites.
- Check your account information and transaction history on a regular basis to ensure there have been no unauthorized transactions.
- Update us immediately if you lose your mobile phone, or when making any changes to your contact numbers and address.
- Protect yourself against computer viruses by installing the latest spyware detection, virus detection and firewall software, particularly if you are linked to the internet via broadband connections, cable modems or digital subscriber lines.
- Update your operating system, spyware detection, virus detection and firewall software regularly with security patches or newer versions.
- Avoid downloading or installing any files or programs from unknown sources.
- Scan any attachments you receive via email using your virus detection software and immediately delete any suspicious email messages that have attachments.
- You are encouraged to delete junk or chain emails. Do not open any email attachments from strangers.
- Use a web browser which supports 256-bit or higher encryption to ensure that you will enjoy the highest level of security available.
- Disable the "Auto Complete" function on the browser.
- If you are using a Windows operating system on your computer, disable the “File & Printer Sharing” feature.
- Make a regular backup of your critical data.
- Do not use the same PIN for different websites, applications or services, particularly when they relate to different entities.
- Consider the use of personal encryption technology to protect highly sensitive and confidential data.
- If you suspect that your security has been breached or that unauthorized access to your digital banking account has occurred, you should contact the UBS emergency hotline immediately. You may also contact your client advisor if the UBS emergency hotline cannot be reached. Your role in ensuring good security measures is critical. Your fraudulent act or gross negligence may cause losses for which you will be fully liable.
UBS Access App
UBS Access App is based on a state-of-the-art UBS security solution. Logging in with UBS Access App offers optimum security.
Key security features:
- UBS Access App checks the security of your mobile device before every login.
- Your personally chosen PIN protects UBS Access App – even if you lose your smartphone.
- The security code for login is calculated automatically and sent directly to UBS via a highly secure data connection.
- We keep UBS Access App fully updated in order to offer you optimum protection at all times.
- iOS mobile devices that are jailbroken and Android mobile devices that are rooted will not be able to register or login using UBS Access App.
iPhone screen lock check is an additional security measure to protect UBS Access App from unauthorized access.
If you deactivate your iPhone's screen lock after installing and activating UBS Access App, the app will no longer work. For security reasons, re-enabling the screen lock is not enough to be able to use UBS Access App again. You have to go through the activation process again (see Getting started).
Please note the requirements for using UBS Access App. We always recommend installing the latest app version from Google Play Store.
Below you will find information on common problems:
"Rooted device" error message
This can occur if the usage restrictions defined by the manufacturer are removed from a mobile device (Rooting, Custom ROMs). For security, UBS Access App will no longer be usable. Please reset the device back to its original state, in order to use UBS Access App.
Installed apps like SuperSU can also block UBS Access App, as these could affect the security of the app. Removing such apps could help to resolve the problem.
Downloading problems
If problems are experienced while downloading and installing UBS Access App, please empty the Google Play Store cache.
For example, with Samsung devices:
1. Open the device's settings.
2. Select "Apps".
3. Select "Google Play Store".
4. Select "Storage".
5. Select "Delete cache" and "Delete data".
Other errors
It helps us a lot if you activate the function for sending error reports to Google. We can analyze these messages and thus resolve the problems. We also appreciate your feedback in the Google Play Store – in case of problems or simply if you like UBS Access App. If you provide a specific problem description, this will enable us to help you better.
In the event of loss, theft or suspicion of misuse, for security reasons you should immediately block UBS Access App for your device. Contact the UBS emergency hotline:
If your mobile device is recovered, contact the UBS Digital Banking hotline to lift the block. You will not need to activate UBS Access App again.
If the device is not recovered, deactivate UBS Access App by contacting the UBS Digital Banking hotline or follow the self-service steps via UBS E-Banking (Refer to Deactivation).
Upon activation of UBS Access App, you will receive digital banking security messages via UBS Access App push notification. In the event of non-delivery of this push notification, you will receive an SMS notification within 30 minutes. Additionally, you will receive an SMS notification if you do not launch UBS Access App for 24 hours* to read the security notifications.
*Subject to change.
Below are examples of digital banking security notifications that are sent to UBS Access App:
- Digital banking contract number/ Login ID is blocked
- Mobile banking/Quotes password (1FA) is set/reset
UBS Access App-related events such as activation, PIN change and de-registration security notifications will be sent to you via SMS.
These digital banking and UBS Access App security notifications are also available in the message center of the app for your reference.
Note: The date/time displayed in UBS Access App message center and message header is in Coordinated Universal Time (i.e. UTC, which is eight hours behind SG/HK time).
1. Launch UBS Access App.
2. Go to “Settings”.
3. Select “Manage PIN”.
4. Select your chosen contract.
5. Select “Reset”.
OR
While you are on the PIN entry page when logging in with UBS Access App:
- Select "Forgot PIN" on the UBS Access App login page.
- UBS Access App will be deactivated.
- You can then reactivate UBS Access App and set a new PIN (Refer to Getting started).
- Launch UBS Access App.
- Go to “Settings”.
- Select “Manage PIN”.
- Select “Change”.
- Select the respective contract, if you have activated UBS Access App for more than one contract.
- Enter the current PIN.
- Enter a new PIN.
- Enter the new PIN again.
- Select "Save".
Want to know more about security?
Want to know more about security?
Discover what’s new and learn how UBS Access App will make your banking experience more secure.
Emergency hotline
Emergency hotline
If you receive SMS alerts or notifications that you have not initiated or authorized, please call our support.
Monday - Friday: 9am – 5:30pm
We’re here to help
We’re here to help
UBS Digital Banking hotline
Available from Monday - Friday: 7am - 8pm; Saturday: 9am - 5pm