Security

Online Security

It’s safe to bank online with UOB. Enjoy the full convenience of secure online banking transactions with our multi-layered security programme. Learn more about how we keep your transactions safe.

WHAT WE DO TO PROTECT YOU ONLINE
SecurePlus token
provides additional
security authentication

UOB uses the SecurePlus token which uses Two-Factor Authentication (2FA). You will be prompted to enter a unique One-Time Password which can be retrieved from your SecurePlus token for your online transactions.

Firewalls keep
your account safe

Multiple levels of firewalls act as a barrier between the bank system and Internet to protect your account and personal information.

128-bit SSL encryption safeguards your transactions

We protect the confidentiality of your account details and transaction data. Our 128-bit Secure Sockets Layer (SSL) encryption protects your information as you complete your online transactions.

Unique Username and Password protects your identity

Only by using your unique Username and Password can you log on to our secure website(s) to perform your transactions.

UniAlerts keeps you informed of your transactions

You can opt in to our UniAlerts service which provides SMS alerts for a wide range of banking transactions such as adding a new payee and online funds transfers made over a certain threshold. Click here to sign up for or manage your UniAlerts today.

Automatic Log Out prevents information theft

You will be logged out of your Internet banking session after a period of inactivity to ensure that your account and details are not compromised.

HOW TO CONTACT US

If you suspect that your account has been compromised,
please change your password and contact us immediately by calling

1800 222 2121

(24 hours, toll-free)

RELATED INFORMATION

Top Security Tips

When it comes to keeping your account secure, your role as an online banking user is just as important as ours. You may consider adopting these best practices to keep your account safe.


Keep your password confidential at all times
and do not divulge it to anyone.

UOB and our partners will never request for your password,
PIN or One-Time-Password (OTP) over the phone, email or SMS.
Your password, PIN and OTP are private to you – Never reveal them to anyone.

Do not use personal information such as your telephone number, birth date or the like as your password as these will not make strong passwords.

Change your
password regularly.

Change your password immediately if you suspect your account has been compromised.

Always use a mobile device or computer that you trust.

Always log out after an online banking session.

Always clear your cache after your online banking session before moving to another website.

Install and maintain the latest anti-virus software on your mobile device or computer.

Use operating systems and browsers that are up to date.

Type in the URL of UOB website directly into your browser.

Do not key in your username, password, mobile number or OTP into suspicious websites or mobile apps.

Check your statements regularly.

Contact the bank immediately when you suspect your account has been compromised.

Latest Online Threats

Online threats come in various forms and are constantly evolving. With a better understanding of the latest threats, you can stay well informed on how to keep your finances safe.

Beware of phishing claiming to be from UOB
There have been reports of people falling prey to phishing email scams recently.
(read more)

Potential victims receive phishing emails claiming to be from UOB, informing them that someone has logged into their account.
How a phishing email might work
  • Potential victims would be asked to click on a link or button such as “Stop Request Now”
  • This redirects them to a fake website for disclosure of confidential information (e.g. user ID, password, One-Time Passwords, etc).
  • Once such confidential information is disclosed, the fraudsters would then use the information to transfer money out of the victims’ bank account.

The victims would also receive SMS alerts notifying them of the successful fund transfers to unknown payees.
Here is how a phishing email could look like.
It is important to note that this email is not from UOB.
Tips to protect yourself from such phishing email scams:
  1. Do not click on links or buttons in such emails
    By hovering your mouse pointer over the link or button, you are able to see the actual hyperlinked internet address, which is usually a fake website’s internet address. (Where emails are read on mobile phones, pressing and holding on the link for a while would reveal the actual internet address).
  2. Do not download or open any attachment in suspicious emails
  3. Do not provide your confidential information over email or phone
    Please note that the Bank will never ask you for confidential information (such as your user ID, password, One-Time Password, etc) through email or phone.
  4. Change password and report immediately
    If you have inadvertently provided such information, immediately login to your Internet banking account to change your password. Should you suspect that your account has been compromised, please inform the Bank immediately at 1800 222 2121
 
(hide)
Phone scam alert
Our customers should note that UOB and our partners would never request for your user ID, password, PIN or One-Time-Password (OTP) over the phone, email or SMS. Your username, password, PIN and OTP are confidential and should not be shared with anyone.
(read more)

There have been reports of phone scams where individuals have received automated voice calls requesting them to enter numbers on their phones which will then connect them to a “telephone operator” or “bank employee”.

From there, the “telephone operator” or “bank employee” may request for personal information, and then transfer their call to another person who may claim to be a “police officer”. Individuals may then be instructed to submit confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs) on a website.

Using the information acquired, the perpetrator will then initiate a funds transfer to an overseas bank account.

We advise customers to do the following when they receive such calls:
  • Be alert. Do not provide any personal information, bank account information (including user ID, password and OTP) and credit card details on websites or with the callers.
  • Be safe. Do not transfer any money.
  • Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please call the bank immediately at 1800 222 2121.
  • If in doubt, please also call 999 for police assistance.
 
(hide)
SMS scam alert
There have been reports of scams where individuals receive SMS messages offering low interest rates from the bank for personal loans or other similar “offers”. These SMS messages contain a phone contact for interested individuals to call.
(read more)

If the individual calls that number, the perpetrator will attempt to get him or her to disclose confidential information such as bank account numbers, internet banking usernames, passwords and One Time Passwords (OTPs), which will then be used to initiate a funds transfer out of the individual’s bank account.

We advise customers to do the following when they receive such SMS messages:
  • Be alert. Do not provide any personal information, bank account information (including user ID, password and OTP) and credit card details on websites or with the callers.
  • Be safe. Do not transfer any money.
  • Inform the bank. If you are unsure of the call you have received, or have inadvertently disclosed your personal or bank information, please call the bank immediately at 1800 222 2121.
  • If in doubt, please also call 999 for police assistance.
For more information on such scams, please visit: http://www.scamalert.sg/types-of-scams/impersonation-scam  
(hide)
Security Alert: Malware "Dyreza"
A malware, Dyreza has been recently found spreading which may affect the legitimacy of banking websites.
(read more)

This malware is spread through phishing emails with malicious attachment. When the said malicious attachment is opened, the malware infects the customers' computers or devices.

Once customers' computers or devices are infected, the malware will attempt to steal the customers' login and authorisation credentials (such as User ID, Password, One Time Password) by altering the flow of logging on to the UOB website.

After the first login page, it will show a message "We are currently processing your information, please wait...." which does not exist in the legitimate UOB website.

Symptoms that your computer could possibly be infected with Malware
  • Prompt to input your login credential multiple times even if your supplied information is correct.
  • Sudden slowness in your computer and/or requests you to wait while the system is processing for an extended time.
  • Unusual logon/authorisation procedures and/or re-direct to the unfamiliar website.
How can I protect against Malware?
  • Always protect your computer by using an anti-virus/anti-malware software and keep it updated with the latest anti-virus. Scan your computers regularly.
  • Do not download or open attachments in suspicious emails.
  • Never reply to unsolicited emails.
  • Avoid accessing unknown and unsecured websites.
  • If you suspect that your computer has been infected by malware, please scan your computer with latest anti-virus/anti-malware software and refrain from using banking websites until your computer is cleaned.
  • Check your last login and transaction history regularly for any abnormal transactions.
UOB would like to assure you that our internet banking systems are secure. Please contact UOB helpline immediately, if you notice unknown transactions appearing on your account.  
(hide)
Security Alert: Vulnerability in Secured Sockets Layer 3.0 (SSL 3.0)
A vulnerability known as “POODLE” has recently been discovered on SSL 3.0 used by older versions of web browsers such as Internet Explorer 6.
(read more)

In view of this vulnerability, we will not be supporting older versions of web browsers as of 21/11/2014.

We recommend customers to download and install the latest versions of your web browsers to ensure optimal user experience.

UOB would like to encourage our customers to take the following steps to safeguard your passwords for a safe and secure online banking experience.

  • Use a username and password for your online banking account(s) that is different from other non-banking related accounts.
  • Select a password that is at least eight characters long, contains alphanumeric characters and does not have any repeated characters.
  • Change your passwords regularly, at least once every three months.
    Disable the “Auto Complete” function on your web browser to avoid theft of information.
  • Do not disclose your username or password to anyone.
If you encounter any suspicious activities in relation to your account(s), please contact us at 1800 222 2121.
(hide)
Security Alert: OpenSSL Bug (HeartBleed)
A bug has recently been discovered in OpenSSL, a software that protects sensitive data online.
(read more)

Please be assured that UOB's Internet and Mobile Banking systems are not affected by the OpenSSL bug.

UOB would like to use this opportunity to encourage our customers to adopt the following best practices to safeguard their passwords for a safe and secure online banking experience. Customers should:

  1. Use a different username and password for their online banking accounts from other non-banking related accounts.
  2. Select a password that is at least eight characters long, contains alphanumeric characters and does not repeat any character.
  3. Change their passwords regularly, at least once every three months.
  4. Not reveal their account username or password to anyone.
  5. Disable the “Auto Complete” function on the browser to avoid theft of information.

If you encounter any suspicious activities in relation to your account(s), please contact us at 1800 222 2121.

(hide)

Mobile Security

Even as you enjoy the convenience of banking on the go, it’s important to keep your account safe. Read more about our security and privacy policies and how to safeguard your mobile banking activities today.

What is your security policy?

We are committed to meeting and exceeding all industry standards. Protecting your information is our job, and we take it very seriously. Find out how we protect you or take a look at our security policies.

How do you handle my personal information?

We are committed to maintaining the highest standard on privacy practices. We and our partners will never sell, rent or loan any personal information that you share with us.

We will never request for your password or PIN over the phone, email or SMS. Your password and PIN are private to you – Never reveal them to anyone.

What is the fraud policy for Pay with UOB Mighty?

If you notice something amiss, you can call our customer hotline at 1800 222 2121 (Calling from local) or (65) 6222 2121 (Calling from overseas) to block your digitised card right away.

If your mobile device is lost or stolen, your liability will be limited to S$100.00 but only if you take all of the following steps:

  • You immediately notify us of the loss or theft of your mobile device or the disclosure of your wallet PIN;
  • You take all reasonable steps to help recover or stop the use of the digitised card(s) and wallet PIN;
  • You give us a police report or a legal document called a statutory declaration in the form approved by us and any other document or information we require; and
  • You have established, and we are satisfied that, you have not by your acts or omissions (directly or indirectly) caused or contributed to the occurrence of the loss, theft or disclosure of the wallet PIN and the loss, theft of your mobile device or disclosure of the wallet PIN is not due to your negligence, fraudulent act or default.

Enhanced Security

Enjoy banking with peace of mind with our SecurePlus token, your personal security device. It enables you to generate a One-Time Password (OTP) for both online and mobile banking transactions, and comes with Transaction Signing, a security feature that uses transaction-specific information to generate an OTP.

Transactions that require transaction signing:
  • Add new payee
  • Change of personal particulars and address
  • Change of UniAlerts Subscriptions
  • Change of funds transfer, bill payment or remittance transaction limits
  • Change of One-time Password (OTP) settings
  • Transactions with amount higher than the OTP threshold1
HOW TO USE SECUREPLUS

You will need to activate your SecurePlus token before using it.

To activate:

  1. Login to UOB Personal Internet Banking or UOB Mighty
  2. Select Activate Now button
  3. Follow on-screen instructions to activate

The SecurePlus token allows you to generate a secure One-time Password (OTP). This OTP is nessasary for login and to perform selected UOB Personal Internet Banking and UOB Mighty transactions.

Generate OTP:

Press and hold to generate a One-time Password

The button icon design may differ for some tokens.

Transaction Signing uses transaction-specific information to generate an OTP, thus providing you with greater security.

Transaction Sign:

  1. Press and hold to begin
  2. Enter transaction-specific data using the keypad, as instructed on your internet banking screen
  3. Press and hold a second time to obtain OTP

The button icon design may differ for some tokens.

FREQUENTLY ASKED QUESTIONS

As part of an industry-wide initiative to enhance online security, we have launched a new security device for online banking.

The SecurePlus token is your personal security device that enables you to generate a One-time Password (OTP) for internet (UOB Personal Internet Banking) and mobile (UOB Mighty) banking transactions. It comes with a security feature called Transaction Signing which uses transaction-specific information to generate an OTP. Transaction Signing offers added security capabilities for your online transactions.

For more information on the SecurePlus token, please visit uob.com.sg/security.

From December 2012, you must use the SecurePlus token to perform transaction signing for the below transactions.

  • Add new payees
  • Pay a new non UOB credit card
  • Change of personal particulars and address
  • Change of UniAlerts subscriptions
  • Change of funds transfer, bill payment or remittance transaction limit
  • Change of One-Time-Password settings
  • Transactions with amount higher than the One-Time-Password threshold limit

On-screen instructions in UOB Personal Internet Banking / UOB Mighty will guide you through to use the Transaction Signing feature. See demo.

The first SecurePlus token issued to you is complimentary.

If you have not received your SecurePlus token, you may request for one from any of these channels:

  1. Login to UOB Personal Internet Banking, click on ‘Apply For’ > ‘SecurePlus Token Application’ on the left menu.
  2. Complete the UOB Personal Internet Banking and UOB Mighty Update Form available on our website at www.uob.com.sg and mail it to the Bank. Your requested will be processed within 5 business days for local addresses and 14 business days for overseas address
  3. Apply at any UOB Branch.

Once your SecurePlus token has been mailed out, you will be prompted to activate the token when you next log in to your UOB Personal Internet Banking or UOB Mighty. The prompt means you can expect to receive your SecurePlus token soon.

For Singapore registered addresses, you should receive your SecurePlus token within 5 business days. For Overseas addresses, please allow 14 business days for your SecurePlus token to reach you.

Your SecurePlus token will be mailed to your primary linked account’s mailing address that we have on our records. You can update your address and other details with the Bank by completing the Change of Address & Contacts (for existing UOB customers) Form available on our website at www.uob.com.sg.

You may email helpme@uobgroup.com or call our 24-hour hotline at 1800 222 2121 (or +65 6222 2121 when calling from overseas) for assistance.

You must activate your SecurePlus token before you can begin using it.

Activation of the token is easy. Simply log on to UOB Personal Internet Banking or UOB Mighty and follow the prompts. You will be guided through the steps to activate the SecurePlus token.

To request for replacement, login to UOB Personal Internet Banking (PIB) and select “Apply For › SecurePlus Token Application”. Alternatively, you could also fill up this form or visit any UOB branch.

If you have not use your token at least once in the past year, you may encounter this error message - "The Token-OTP verification has failed due to invalid/expired OTP entered. Please request for another Token-OTP and try again."



What should I do in this scenario?
Press the red button of your token to generate another OTP and attempt to submit the OTP for two more times.

On the third attempt, you should be automatically logged out of PIB and will see this message below, after 10 minutes, you can log back in PIB and proceed to use the token.



If you are not automatically logged out of PIB after your third attempt, it means that your token could have been deactivated as it has not been used for a long time. This is a security measure to safeguard your bank account(s).

To request for a token replacement, login to PIB and select "Apply For > SecurePlus Token Application".

As a security measure, if your token has not been used at least once in 12 months, it will be deactivated.

This indicates that the token battery is running low and the token should be replaced soon. Please refer to Question 12 on how to get a token replacement.

1 The bank's default OTP threshold amount would be changed from $1,000 to $25,000 from December 2012. If you have personalised your OTP threshold amount before December 2012, your OTP threshold amount will remain unchanged as per your personalisation. Funds Transfers between your own UOB accounts (regardless of amount) will no longer require Two-Factor Authentication (2FA) authorisation from December 2012.

Convenient Updates

Bank with peace of mind and stay informed on selected day-to-day banking and credit/debit card transactions with SMS or email alerts. For greater flexibility, you can even customise the service by resetting the alerts trigger amount to suit your lifestyle.

TYPES OF UNIALERTS
Local ATM Cash Withdrawal

Cardholders with UOB ATM Cards, UOB Debit Cards and UOB Credit Cards linked to their Current/Savings accounts will receive an SMS alert when a local ATM cash withdrawal at or above a default threshold amount is made.

Overseas ATM Cash Withdrawal

Cardholders with UOB ATM Cards, UOB Debit Cards and UOB Credit Cards linked to their Current/Savings accounts will receive an SMS alert when an overseas ATM cash withdrawal at or above a default threshold amount is made.

Funds Transfer to OCBC Accounts at UOB ATMs

Alerts you when a funds transfer transaction at or above your default threshold amount is made from your account to an OCBC account at an UOB ATM.

NETS Transactions

Alerts you when a NETS payment at or above your default threshold amount has been debited from your account.

Cheque Payment & Encashment

Alerts you when any cheque payment and encashment at or above your default threshold amount.Local ATM Cash Withdrawal.

Cardholders with UOB ATM Cards, UOB Debit Cards and UOB Credit Cards linked to their Current/Savings accounts will receive an SMS alert when a local ATM cash withdrawal at or above a default threshold amount is made.

Bill Payment

Alerts you when a bill payment at or above your default threshold amount is made from your account.

Funds Transfer

Alerts you when a funds transfer transaction at or above your default threshold amount is made from your account.

Cashier's Orders, Demand Drafts and Telegraphic Transfers

Alerts you when online transactions for Cashier’s Orders, Demand Drafts and Telegraphic Transfers at or above your default threshold amount are made from your account.

eNets

Alerts you when an eNets transaction at or above your default threshold amount is made from your account.

Mobile Cash Transactions

Alerts you when a Mobile Cash transaction is sent from your account and notifies you when your Mobile Cash recipient receives the Cash.

GIRO Application & Standing Instruction

Alerts you when your GIRO application is approved. You’ll also receive alerts 3 working days before an upcoming GIRO Standing Instruction payment is due from your account.

Securities Application Status

Alerts you on the status of your IPO and Unit Trust applications made through UOB Personal Internet Banking.

Transactions above default threshold

Alerts you when a transaction* charged to your UOB Credit/Debit Card is at or above the default threshold amount set by UOB.

*Applicable to credit/debit card purchases and credit card cash advance transactions.
Scheduled Cash Transfers (via Internet Banking)

Alerts you 3 working days before a scheduled Cash Advance transfer is made via UOB Personal Internet Banking.

Credit Card Bill Payment

Alerts you when your UOB Credit Card bill payment has been received by the bank.

Credit Card Payment Reminder

Alerts you 7 working days before the due date of your UOB Credit Card payment.

Low Available Credit Limit

Alerts you when your total available credit is low.

All customers are automatically subscribed to UniAlerts for ATM Cash Withdrawals locally and overseas. To subscribe to all other UniAlerts, please log in to UOB Personal Internet Banking (PIB) and click on Account Services > Manage Alerts.

Here's how you can change your UniAlerts default threshold amounts:

  • For UOB PIB customers, simply login to UOB Personal Internet Banking in 2FA (SMS or Token-OTP) mode, click on Account Services > Manage Alerts.
  • For non-PIB customers, you can click here to apply for PIB access and change your default threshold amounts through Account Services > Manage Alerts. Or complete this form to change your default threshold amounts for ATM & Other Banking Services and submit it at any UOB branch.
  • To update your registered mobile phone number with us, please complete this form and submit it at any UOB branch.

Read our Frequently Asked Questions (FAQ) for more information.