An extra security check for your online card payments
When shopping online, you may need to confirm your card payments. One way to do this is by using a one-time passcode that we’ll send you by text message. You’ll enter this code into the verification screen. Please make sure we have your correct mobile number. You can update it by logging on to online banking.
There's now also an extra security check when you choose to confirm payments in this way. This involves using behavioural biometric data.
What is behavioural biometric data?
Analysing behavioural biometrics is a way of measuring patterns in human behaviour. We will assess your behavioural biometric data by asking you to enter your email address on the payment verification screen.
We’re not checking your email address here or updating our records. It’s how you enter it that matters (including your key strokes). It’s hard for other people to copy your behavioural biometric data, as it should be unique to you.
Why do I need to enter my email address?
We use a third party, Callsign, who act on our behalf to capture how you enter your email address, including recording and assessing your keyboard strokes. We use this behavioural biometric data, alongside information about your location, your device and how you interact with it, to help us check it’s you making a transaction and not a fraudster. The data collected via your browser as part of assessing behavioural biometrics is stored by Callsign.
As fraud attempts become more advanced, it is in the substantial public interest to enhance fraud prevention measures. For more information about how we use your data, please view our privacy notice.
What if I don’t want to enter my email address?
If you don’t want us to collect your biometric data, you can use the HSBC UK Mobile Banking app to confirm your online card payments, or contact us to order a card reader.
How does using my behavioural biometric data help to protect me from fraud?
We build a profile based on how you enter your email address, alongside other information like your location, your device and how you use it. We’ll compare this information next time you make a payment. If it doesn’t match, your payment may be declined because we couldn’t confirm it was you making the payment.
How do I challenge a declined payment?
We may decline a payment where our fraud checks (including the behavioural biometric data) indicate it may not be you making the payment. If we’ve got this decision wrong, please contact us.
Don’t fall victim to a scam. Never share your one-time passcodes with anyone including us. Fraudsters pretend to be people you trust like a company you pay bills to, HSBC UK, or even the police.