Security tips

Security at Mox

Being trusted with your money is a big responsibility—and one we don’t take lightly. The security of your account and personal information is very important to us. Here are a few things we do to make sure your money is safe. 

How Mox protects you

Signing up for Mox is simple and secure

Signing up for a Mox Account is fast, secure and free. It takes only a few minutes and you can do it from your mobile phone.

Our account-opening process includes best-in-class identity verification and fraud prevention techniques.

Deposit protection

Mox is a member of the Deposit Protection Scheme in Hong Kong. Your eligible deposits with Mox (in any currency) are protected by the Deposit Protection Scheme up to a limit of HKD500,000 (or its equivalent) per depositor.

Our security procedures

Keeping your money and information secure is our top priority. We take pride in using multi-level security procedures, including tools and techniques for encryption, identity verification and fraud prevention. This helps us to protect your account, transactions and personal information.

Your Mox app is protected by multi-factor authentication. Your Mox Account is paired to your smartphone and can only be paired to one smartphone and one phone number at any one time. The Mox app then requires an additional factor to your device including your passcode, fingerprint or facial recognition in order to log in. Whenever our systems detect a risky transaction, you'll be asked to provide additional authentication.

Mox is monitoring 24/7. Our intelligent 24/7 systems monitor your Mox Account activities against fraudulent, and unauthorised transactions. If we suspect a transaction is fraudulent, we take every step to validate the transaction. This may include: 

  • Contacting you via Mox voice or Mox video call via the Mox app.
  • Asking you to re-validate your identity with biometrics unique to you. 
  • Notifying you with in-app push notifications or via the email address we have on record for you.

Real-time transaction notifications

Be aware of all the activity that happens on your Mox Card and your accounts held with Mox. You can track your Mox Account activity on the Mox app in real time and immediately report any unusual activity you notice. You’ll receive instant push notifications after each Mox Account and Mox Card transaction, so you always know what’s been spent, where and when. 

Paying with your Mox Card is safe

Enjoy peace of mind when making online purchases with your Mox Card using 3D Secure. When making online purchases at merchants that support 3D Secure, you will be prompted with options to either authorise your purchase using Mox app or SMS OTP. This is a free-of-charge service to Mox customers. 

Note:  You may not receive a prompt to authorise an online purchase: 

  • If you do not have push notifications and cannot receive SMS OTP from Mox Bank
  • Additional authentication process is applicable only to websites that have enabled the security feature. 

The Mox Card is lockable. You have full control over how you want to use your Mox Card. For extra protection, you can lock or unlock your Mox Card whenever you want. 

You can only access your Mox Card information from your Mox app so that only you can access it securely by the app. Mox Cards don’t have the card number, expiry date and CVV printed on them, so you can relax whenever you hand your card to the cashier. 

Know your rights

You have the right to:

  • Access the personal data we hold of yours, or get a copy of it.
  • Inform us that we need to correct inaccurate personal data of yours we hold.
  • Ask us to delete, ‘block’ or suppress your personal data, although for legal reasons we might not always be able to do it. 
  • Object to us using your personal data for direct marketing and, in certain circumstances, ‘legitimate interests’, research and statistical purposes.
  • Withdraw any consent in relation to your personal data you’ve previously given us.

If you wish to do any of the above, please contact us via the Mox app or call our Customer Care Team.

Mox tips for keeping your account safe

1. Protect yourself from phishing attacks

What is phishing? Phishing is a fraudulent attempt to acquire sensitive information such as your personal data, banking and credit card details, and passcodes, by disguising oneself as a trustworthy entity in an electronic communication (e.g. an email). Most of the time, phishing emails will tell you to click on a link that takes you to a site which imitate true brands, such as our Mox brand, where your personal data is requested. In addition to fraudulent emails and websites, scammers may also establish fraudulent mobile applications imitating our Mox brand as an attempt to compromise your Mox Account and trick you into divulging your personal data. 

What to do if something seems suspicious? If you receive a suspicious email or phone call claiming to be from Mox, please forward the message to hoax@mox.com, then delete the message from your email straight away.

  • Do not download the Mox app from any other channels other than the Apple App Store or the Google Play Store.
  • Mox apps downloaded from other channels may result in phishing to steal your login information or installing malware on your device.
  • Do not copy or install any application from uncertain sources on your mobile device. 
  • If you are suspicious of a downloaded application, or you identify an abnormality within the Mox app, such as abnormal layout or unusually slow login response, please stop any actions and do not attempt to log in. Delete that application and contact our Customer Care Team immediately. 

If you suspect any unauthorised access to your Mox app or transactions on your Mox Account(s), please contact our Customer Care Team on +852 2888 8228 or via the Mox app immediately.

2. Protect your mobile phone

Make sure your mobile phone has passcode protection, is not rooted or jailbroken, and is kept up-to-date with the latest operating system version and anti-virus / anti-malware protection.

3. Browse smartly

Install applications on your phones from trusted sources only, including official app stores like the App Store or Google Play. Be cautious about what permissions (e.g. your contacts, camera, location) you grant the applications you download. Also, please access Mox’s website by typing “mox.com” into the browser or by bookmarking it for subsequent access. Treat all unsolicited emails, SMSs and online requests with caution; and check hyperlinks by hovering your cursor over the link to verify its legitimacy.

4. Opt to receive real-time push notifications

You can check your Mox Account at anytime in the Mox app. If you notice any unusual account activity, take action. We recommend you use the Mox app to lock your Mox Card and contact us immediately.

5. Protect your identity

Follow our passcode rules to create a secure and strong passcode. For convenience and security, we also recommend you enable biometric authentication methods including fingerprint or facial recognition for both authentication and login.

6. Never share your passcode

  • Mox will never email, call or text asking you for your any Mox Account information, your Mox app passcode or your Mox Card PIN or details. As the account owner, only you should create and access your login details so please ensure your devices with stored passcodes are not left unattended and do not allow others to use them.  
  • Mox will never email or text you a link to ask you to download any update or require you to login to your Mox app.
  • Remember to never write down your Mox app passcode or Mox Card PIN on any device for accessing e-banking services or on anything usually kept with or near your device – This includes not writing down, storing or recording the secret code anywhere without disguising them. Never share your Mox app passcode or Mox Card PIN with any other person (or allow them to use them), application, website, friend, family or Mox personnel. Keep your Mox app passcode, Mox Card number and Mox Account number secure at all times and do not forward a one-time passcode to another device or reveal to anyone else.
  • When setting your Mox app passcode and Mox Card PIN, never use easily accessible personal information such as telephone numbers or dates of birth. Also do not use the same passcodes for accessing other services (for example, connection to the internet or accessing other websites).

7. Be careful with Wi-Fi and Bluetooth connections

We recommend that you disable publicly accessible Wi-Fi connections and your device’s Bluetooth function before you log in to the Mox app. If you’re using a private Wi-Fi network, you should check that it’s secured by a WPA2 system.

8. Google Pay - What if I lose my mobile device?

You can find, lock, or erase your device using Android Device Manager. 

To enable the Android Device Manager, you can take the following steps:

  • Sign in to your Google account on your device in order to use the Android Device Manager. 
  • Turn on the location access from your device's apps menu, open 'Google Settings' and choose 'Security'.
  • Under Android Device Manager, move the switches next to 'Remotely locate this device' and 'Allow remote lock and factory reset' to the 'On' position.
  • Remember: Different devices may have different settings menus.

Please follow the instructions on the Google Pay website for more details on how to remove your Mox Card from Google Pay.

9. Stay alert

We will never ask you to prove your identity on behalf of other individuals or companies. This includes verifications for apartment rental contracts, lines of credit, ID, passport applications, etc. If you receive a suspicious email or phone call claiming to be from us, please report the incident via email to hoax@mox.com; or contact us via the Mox app or by calling our Customer Care Team at +852 2888 8228. 

You should refer to and comply with the security warnings and advice provided by Mox from time to time.

Mox tips for keeping your card safe

Your maximum liability for fraudulent transactions, except for cash advances, made on your Mox Card should not be more than HKD500 provided that you have not acted fraudulently or with gross negligence.

You will have to bear all losses when Mox Card has been used for any unauthorised transaction if you have acted fraudulently, with gross negligence or have not contacted our Customer Care Team as soon as reasonably practicable after having found that your Mox app passcode or Mox Card PIN has been compromised or is known by someone else, your Mox Card has been lost or stolen, or that unauthorized unauthorised transactions have been conducted over any of your accounts held with Mox. You will not however be liable for any fraudulent transaction(s) made on your Mox Card after you have contacted our Customer Care Team to report any loss or theft of your Mox Card. 

We kindly ask you to remember that prevention is a shared responsibility, so you have a role to play too. 

Here are a few things you can do to help stay secure:

  • Never share your Mox app passcode or Mox Card PIN with any other party, application or website.
  • Keep your mobile device with your Mox app secured and do not share it with any other party.   
  • Review your Mox Account and Mox Card activity regularly. 
  • Set up transaction limits that fit your banking needs. The Mox app enables you to define your transaction limits for card spending, local/ overseas withdrawals, fund transfer and bill payments.  
  • If you lose your Mox Card, login to the Mox app to lock your card, and call us immediately to tell us and for assistance.

Remember - report any suspicious activity to us immediately. 

Protect yourself from bogus phone calls, fraudulent SMS messages and emails

What is a bogus phone call, fraudulent SMS messages and emails?

Bogus phone calls, fraudulent SMS messages and emails may trick customers into providing their personal information, account details/passcodes, one-time passcodes and other sensitive data or calling back a bogus hotline number quoted in an SMS message so the caller can carry out illegitimate activities. Callers may claim to be from the government, law enforcement, banks or other service providers.

These fraudulent callers may attempt to use the compromised personal data to take control of your bank accounts, transfer/use funds, use services, such as applying for loans and credit cards, or hide other criminal activities. 

Mox will not ask for sensitive personal information such as your Mox login or account details through pre-recorded messages or emails, and will never request your passcodes or one-time passcodes by phone. Never transfer money or disclose your personal data to unknown parties. If you have any doubts or have encountered any suspicious calls, messages or emails, please email care@mox.com or call us at +852 2888 8228 as soon as possible.

Please refer to HKMA’s website for further information on bogus phone calls, fraudulent SMS messages and emails (watch video here).

How to identify a bogus phone call and fraudulent SMS messages and emails

Here are some ways to identify bogus phone calls. Please bear in mind that these are not the only signs, so it is important to use your best judgment – never trust and always verify!

  1. Bogus calls often contain a pre-recorded message requesting passcodes, PINs or other personal data. These may say they are notifying you of irregularities relating to your bank or credit account, and/or be offering promotional sales.
  2. In bogus calls, the caller display number may be unknown or from overseas, and the voice quality may be very poor.
  3. A bogus caller may refuse to provide their name and call-back number.
  4. A bogus caller will often seem in a hurry to close a sale and will not give details about products or services.

How to handle a suspicious call, SMS message or email

  1. Verify the caller: If you suspect you’re speaking to a fraudulent caller, request more information from them, including their department name, caller name, office number, and how they obtained your phone number and/or Mox Account or Mox Card information. If they are unwilling to share this information, hang up immediately. 
  2. Never share your personal data or account details: These include your passport details, Mox Account  details, Mox app login passcode, one-time passcodes or Mox Card details such as your Mox Card PIN, card number, expiry date or CVC.
  3. Act fast if you have disclosed information: If you have disclosed your Mox Account or Mox Card details and/or personal data to a bogus caller or phishing email, please call our Customer Care Team hotline at +852 2888 8228 immediately. Our Customer Care Associate will inform you of next steps. 
  4. Regularly review your activity: Regularly check and review your Mox statements and Mox Card activity, and report any irregularities to Mox.

Always here to help

To us, every Mox customer is important. That’s why we’re always here to help. To contact us, you can:

  • Use the in-app or live chat function in the app
  • Call us on +852 2888 8228
  • Email us at care@mox.com
  • Mail to us at G.P.O. Box 9488, Hong Kong

Last updated: 23 January 2024.