Safeguarding your interests and money is a priority for us. We use industry-standard security measures to keep your privacy and investments as secure as possible. We also strive to keep you updated on ways to protect yourself when banking online with us.

Ways we protect you

1. Two-factor authentication: On top of your log-in credentials, we provide security tokens which allow you to authorise transactions securely.
2. Secure, encrypted pages: The "closed lock" icon on our online banking site means that information transmitted from your computer to our systems are encrypted.
3. Every transaction is secure: Transactions that you perform through OCBC online banking is secured with a one-time password generated from your security token.
4. Network security: All of our banking systems sit behind firewalls that prevent intruders from getting unauthorised access to the system.
5. Regular security reviews: OCBC Business Internet Banking is regularly reviewed and audited by external and internal auditors to ensure that your interest is safeguarded.

At OCBC Bank, we have implemented security measures to safeguard your account information. We recommend that you adopt the following OCBC Internet Banking security guidelines:

1. Before keying in your User ID/Username, Password and Organisation ID, you should always ensure that the website you are visiting belongs to OCBC Bank. This can be verified by scrutinising the URL displayed on your browser as well as the Bank's name in its digital certificate. This precautionary measure is to ensure you do not reveal your banking credentials to a website other than OCBC Bank.
2. It is important to protect yourself against any form of online theft of your User ID/Username, Password and Organisation ID. Each valid User ID/Username, Password and Organisation ID identifies you uniquely as one of our valued customers. Only authorised users are allowed to log in to our secured Internet Banking website(s).
3. Important tips on how you can safeguard and protect your account information:
• Your Password must contain at least 2 letters and 2 numbers.
• Characters used in your Password cannot be repeated more than twice (e.g. abcc123 is usable, abccc is unusable).
• The first two characters of your Password must be different from your User ID.
• Your Password and Organisation ID cannot be identical.
• Your Password cannot be identical to the previous 10 passwords that you have used.
• Use both uppercase and lowercase characters; and do mix letters with numbers.
• Here's an example of a strong password: velocity01# (Do note that your Password is case sensitive, e.g. Velocity01# is different from velocity01#).
• Your Password should be 8 to 12 characters long.
• Passwords should not be based on your User ID, personal telephone number, birthdate or any other personal/organisation information.
• Passwords must be kept confidential; never reveal it to anyone.
• Passwords must be memorised and not recorded anywhere.
• Your Password must be changed regularly or when there is a suspicion that it may have been compromised.
• The same Passwords should not be used for different websites, applications or services, especially when they relate to different entities.
• Do not select the browser option for storing or retaining your username and password.
• Check the authenticity of the Bank's website by comparing the URL and observing the Bank's name in its digital certificate, or by observing the indicators provided by an extended validation certificate.
• Check that the Bank's website address changes from http:// to https:// upon loading. A security icon that looks like a lock or key should appear when authentication and encryption is expected.
• Do not allow anyone to keep, use or tamper with your Two Factor Authentication (2FA) security token. Do not leave your security device unattended. Keep it under lock and key when you are not using it.
• Do not reveal your One Time Password (OTP) generated by the 2FA token to anyone.
• Do not divulge the serial number of your 2FA token to anyone.
• Check your bank account balance and transactions frequently and report any discrepancy immediately. OCBC Internet Banking will display your last login date and time (whenever you log on) to help you monitor this.
• Inform the bank immediately if you change your mobile phone number or lose your mobile phone.
• Install anti-virus, anti-spyware and firewall software in your personal/company computers and mobile devices, particularly when you are linked to the Internet via broadband connections, digital subscriber lines or cable modems.
• Update your device(s) operating systems, anti-virus and firewall products with security patches or newer versions on a regular basis.
• Remove file and printer sharing from your computers or laptops, especially when you are connected to the Internet via cable modems, broadband connections or similar set-ups.
• Make regular backups of critical data.
• Consider the use of encryption technology to protect highly sensitive data.
• Make sure to log off from all your online banking sessions and turn off your computer or laptop when it is not in use.
• Do not install software or run programmes of unknown origin.
• Delete junk or chain emails.
• Do not open email attachments from strangers.
• Do not disclose personal, financial or credit card information to unknown or suspicious websites.
• Do not use a computer or device that cannot be trusted.
• Do not use public WiFi hotspots or Internet cafe computers to access online banking or perform financial transactions.
4. You are advised not to access OCBC Velocity using unauthorised operating systems or programmes as they pose potential risks of malicious software infection.
5. If you notice unusual/unauthorised transactions, please change your Password and notify us immediately. It is important that you inform us as soon as possible by calling our Customer Service Hotline at (603) 8317 5200 from Monday to Friday, 9am to 6pm (excluding public holidays).
6. Your usage of OCBC Velocity is subject to the Accounts and Services and Transaction Banking Services Terms and Conditions. You should therefore read carefully and adhere to the recommended security practices. The Bank is not responsible for any loss or damage in connection to the use of OCBC Velocity services unless such loss is attributable to our negligence or wilful default.
7. As a user of OCBC Velocity, you have the right to (1) suspend your Internet Banking Access immediately should you suspect any unusual activity and/or unauthorised access, (2) terminate this service, (3) request for a new set of OCBC Velocity User ID and Password, and (4) obtain information from the Bank regarding your online transactions.

WARNING: All claims will be investigated and, if found to be false, rejected. If payment has been made on the claim, it must be refunded to the Bank. All expenses incurred in the investigation and in recovering the payment will be borne by the maker of the false claim. Police reports will be lodged against all false claims.

Two-factor authentication is a two-layer identity verification process that we use each time a user log in to OCBC Velocity. This results in a more secure online banking environment for you.

The first layer is your Organisation ID, User ID and password. The second is typically a security token such as hardware device, system/software or application that is uniquely binded to a user which generates a security code or one-time password.

You can follow these steps:

A. If browser is Chrome

i. Check that the secure lock is enabled. Click on the lock icon next to the address bar.

ii. Click on "Connection is secure" in the drop down.

iii. Click on "Certificate is valid" and a window with certificate information will appear.

iv. Verify the issuer information that the certificate is issued to Velocity.ocbc.com, subject is correct, and the validity is current.

B. If browser is Mozilla Firefox

i. Check that the secure lock is enabled. Click on the lock icon next to the address bar, then click on the arrow at 'Connection Secure'.

ii. Click on 'More information', then 'View Certificate' to view the Digital Certificate.

C. If browser is Microsoft Edge

i. Check that the secure lock is enabled. Click on the lock icon next to the address bar.

ii. Click on "Connection is secure" in the drop down.

iii. Click on the certificate icon to view the Digital Certificate.