Security tips

Security at Mox

Being trusted with your money is a big responsibility—and one we don’t take lightly. The security of your account and personal information is very important to us. Here are a few things we do to make sure your money is safe. 

How Mox protects you

Signing up for Mox is simple and secure

Signing up for a Mox Account is fast, secure and free. It takes only a few minutes and you can do it from your mobile phone.

Our account-opening process includes best-in-class identity verification and fraud prevention techniques.

Deposit protection

Mox is a member of the Deposit Protection Scheme in Hong Kong. Your eligible deposits with Mox (in any currency) are protected by the Deposit Protection Scheme up to a limit of HKD800,000 (or its equivalent) per depositor.

Our security procedures

Keeping your money and information secure is our top priority. We take pride in using multi-level security procedures, including tools and techniques for encryption, identity verification and fraud prevention. This helps us to protect your account, transactions and personal information.

Your Mox app is protected by multi-factor authentication. Your Mox Account is paired to your smartphone and can only be paired to one smartphone and one phone number at any one time. The Mox app then requires an additional factor to your device including your passcode, fingerprint or facial recognition in order to log in. Whenever our systems detect a risky transaction, you'll be asked to provide additional authentication.

Mox is monitoring 24/7. Our intelligent 24/7 systems monitor your Mox Account activities against fraudulent, and unauthorised transactions. If we suspect a transaction is fraudulent, we take every step to validate the transaction. This may include: 

  • Contacting you via Mox voice or Mox video call via the Mox app.
  • Asking you to re-validate your identity with biometrics unique to you. 
  • Notifying you with in-app push notifications or via the email address we have on record for you.

Real-time transaction notifications

Be aware of all the activity that happens on your Mox Card and your accounts held with Mox. You can track your Mox Account activity on the Mox app in real time and immediately report any unusual activity you notice. You’ll receive instant push notifications after each Mox Account and Mox Card transaction, so you always know what’s been spent, where and when. 

Paying with your Mox Card is safe

Enjoy peace of mind when making online purchases with your Mox Card using 3D Secure. When making online purchases at merchants that support 3D Secure, you will be prompted with options to either authorise your purchase using Mox app or SMS OTP. This is a free-of-charge service to Mox customers. 

Note:  You may not receive a prompt to authorise an online purchase: 

  • If you do not have push notifications and cannot receive SMS OTP from Mox Bank
  • Additional authentication process is applicable only to websites that have enabled the security feature. 

The Mox Card is lockable. You have full control over how you want to use your Mox Card. For extra protection, you can lock or unlock your Mox Card whenever you want. 

You can only access your Mox Card information from your Mox app so that only you can access it securely by the app. Mox Cards don’t have the card number, expiry date and CVV printed on them, so you can relax whenever you hand your card to the cashier. 

Know your rights

You have the right to:

  • Access the personal data we hold of yours, or get a copy of it.
  • Inform us that we need to correct inaccurate personal data of yours we hold.
  • Ask us to delete, ‘block’ or suppress your personal data, although for legal reasons we might not always be able to do it. 
  • Object to us using your personal data for direct marketing and, in certain circumstances, ‘legitimate interests’, research and statistical purposes.
  • Withdraw any consent in relation to your personal data you’ve previously given us.

If you wish to do any of the above, please contact us via the Mox app or call our Customer Care Team.

Mox tips for keeping your account safe

1. Protect yourself from phishing attacks

What is phishing? Phishing is a fraudulent attempt to acquire sensitive information such as your personal data, banking and credit card details, and passcodes, by disguising oneself as a trustworthy entity in an electronic communication (e.g. an email). Most of the time, phishing emails will tell you to click on a link that takes you to a site which imitate true brands, such as our Mox brand, where your personal data is requested. In addition to fraudulent emails and websites, scammers may also establish fraudulent mobile applications imitating our Mox brand as an attempt to compromise your Mox Account and trick you into divulging your personal data. 

What to do if something seems suspicious? If you receive a suspicious email or phone call claiming to be from Mox, please forward the message to hoax@mox.com, then delete the message from your email straight away.

  • Do not download the Mox app from any other channels other than the Apple App Store or the Google Play Store.
  • Mox apps downloaded from other channels may result in phishing to steal your login information or installing malware on your device.
  • Do not copy or install any application from uncertain sources on your mobile device. 
  • If you are suspicious of a downloaded application, or you identify an abnormality within the Mox app, such as abnormal layout or unusually slow login response, please stop any actions and do not attempt to log in. Delete that application and contact our Customer Care Team immediately. 

If you suspect any unauthorised access to your Mox app or transactions on your Mox Account(s), please contact our Customer Care Team on +852 2888 8228 or via the Mox app immediately.

2. Protect your mobile phone

Make sure your mobile phone has passcode protection, is not rooted or jailbroken, and is kept up-to-date with the latest operating system version and anti-virus / anti-malware protection. Never share your phone unnecessarily so that you can minimise the risk to your sensitive information and apps.

3. Browse smartly

Install applications on your phones from trusted sources only, including official app stores like the App Store or Google Play. Be cautious about what permissions (e.g. your contacts, camera, location) you grant the applications you download. Also, please access Mox’s website by typing “mox.com” into the browser or by bookmarking it for subsequent access. Treat all unsolicited emails, SMSs and online requests with caution; and check hyperlinks by hovering your cursor over the link to verify its legitimacy.

4. Opt to receive real-time push notifications

You can check your Mox Account at anytime in the Mox app. If you notice any unusual account activity, take action. We recommend you use the Mox app to lock your Mox Card and contact us immediately.

5. Protect your identity

Follow our passcode rules to create a secure and strong passcode. For convenience and security, we also recommend you enable biometric authentication methods including fingerprint or facial recognition for both authentication and login.

6. Never share your authentication factors

  • There is risk involved in using biometric or device binding as one of the authentication factors used for initiating relevant transactions (e.g. contactless mobile payments), including the potential for data breaches and cyber attacks .You are advised to follow the Security Tips here to keep your account safe.
  • Mox will never email, call or text asking you for your any Mox Account information, or any of your Mox app authentication factors such as passcodes or PINs. As the account owner, only you should create and access your login details so please ensure your devices with stored passcodes are not left unattended and do not allow others to use them.
  • Mox will never email or text you a link to ask you to download any update or require you to login to your Mox app.
  • Mox uses Device Binding as one of your key authentication factors. Because of this be sure to maintain the security of your device by only downloading applications from official Android or Apple stores, and never compromise your phones security by jailbreaking or otherwise modifying the mobile device outside the device’s operating system vendor supported settings or warranted configurations. Using the Mox app and the device-bound Security Key or Biometric Authentication function on a jail-broken or rooted device could compromise your device’s security and lead to fraudulent transactions or compromised personal information.
  • You should not take any action to disable any function provided by, and/or agreeing to any settings of, your mobile device(s) that would otherwise limit or compromise the security of the use of your biometric credentials for Biometric Authentication.
  • Remember to never write down your Mox app PIN/authentication factor/card information on any device for accessing e-banking services or on anything usually kept with or near your device – This includes not writing down, storing or recording the authentication factors such as pins and passwords anywhere without disguising them. Never share your Mox app authentication factors with any other person (or allow them to use them), application, website, friend, family or Mox personnel. Keep your Mox app passcode, Mox Card number and Mox Account number secure at all times and do not forward a one-time passcode to another device or reveal to anyone else.
  • When setting your Mox app passcode and Mox Card PIN, never use easily accessible personal information such as telephone numbers or dates of birth. Also do not use the same passcodes for accessing other services (for example, connection to the internet or accessing other websites).

7. Be careful with Wi-Fi and Bluetooth connections

We recommend that you disable publicly accessible Wi-Fi connections and your device’s Bluetooth function before you log in to the Mox app. If you’re using a private Wi-Fi network, you should check that it’s secured by a WPA2 system.

8. Google Pay - What if I lose my mobile device?

You can find, lock, or erase your device using Android Device Manager. 

To enable the Android Device Manager, you can take the following steps:

  • Sign in to your Google account on your device in order to use the Android Device Manager. 
  • Turn on the location access from your device's apps menu, open 'Google Settings' and choose 'Security'.
  • Under Android Device Manager, move the switches next to 'Remotely locate this device' and 'Allow remote lock and factory reset' to the 'On' position.
  • Remember: Different devices may have different settings menus.

Please follow the instructions on the Google Pay website for more details on how to remove your Mox Card from Google Pay.

9. Stay alert

We will never ask you to prove your identity on behalf of other individuals or companies. This includes verifications for apartment rental contracts, lines of credit, ID, passport applications, etc. If you receive a suspicious email or phone call claiming to be from us, please report the incident via email to hoax@mox.com; or contact us via the Mox app or by calling our Customer Care Team at +852 2888 8228. 

You should refer to and comply with the security warnings and advice provided by Mox from time to time.

Mox tips for keeping your card safe

Your maximum liability for fraudulent transactions, except for cash advances, made on your Mox Card should not be more than HKD500 provided that you have not acted fraudulently, with gross negligence and has inform us as soon as reasonably practicable after having found that your card/authentication factor has been lost or stolen, or their authentication factor or card information has been compromised.

You will have to bear all losses when Mox Card has been used for any unauthorised transaction if you have acted fraudulently, with gross negligence or have not contacted our Customer Care Team as soon as reasonably practicable after having found that your Mox app passcode or Mox Card PIN/authentication factor/card information has been compromised or is known by someone else, your Mox Card has been lost or stolen, or that unauthorized transactions have been conducted over any of your accounts held with Mox. You will not however be liable for any fraudulent transaction(s) made on your Mox Card after you have contacted our Customer Care Team to report any loss, theft of your Mox Card/authentication factors or card information/authentication factor has been compromise.

We kindly ask you to remember that prevention is a shared responsibility, so you have a role to play too. 

Here are a few things you can do to help stay secure:

  • Never share your Mox app passcode or Mox Card PIN with any other party, application or website.
  • Keep your mobile device with your Mox app secured and do not share it with any other party.   
  • Review your Mox Account and Mox Card activity regularly. 
  • Set up transaction limits that fit your banking needs. The Mox app enables you to define your transaction limits for card spending, local/ overseas withdrawals, fund transfer and bill payments.  
  • If you lose your Mox Card, login to the Mox app to lock your card, and call us immediately to tell us and for assistance.

Remember - report any suspicious activity to us immediately. 

Protect yourself from bogus phone calls, fraudulent SMS messages and emails

What is a bogus phone call, fraudulent SMS messages and emails?

Bogus phone calls, fraudulent SMS messages and emails may trick customers into providing their personal information, account details/passcodes, one-time passcodes and other sensitive data or calling back a bogus hotline number quoted in an SMS message so the caller can carry out illegitimate activities. Callers may claim to be from the government, law enforcement, banks or other service providers.

These fraudulent callers may attempt to use the compromised personal data to take control of your bank accounts, transfer/use funds, use services, such as applying for loans and credit cards, or hide other criminal activities. 

Mox will not ask for sensitive personal information such as your Mox login or account details through pre-recorded messages or emails, and will never request your passcodes or one-time passcodes by phone. Never transfer money or disclose your personal data to unknown parties. If you have any doubts or have encountered any suspicious calls, messages or emails, please email care@mox.com or call us at +852 2888 8228 as soon as possible.

Please refer to HKMA’s website for further information on bogus phone calls, fraudulent SMS messages and emails (watch video here).

How to identify a bogus phone call and fraudulent SMS messages and emails

Here are some ways to identify bogus phone calls. Please bear in mind that these are not the only signs, so it is important to use your best judgment – never trust and always verify!

  1. Bogus calls often contain a pre-recorded message requesting passcodes, PINs or other personal data. These may say they are notifying you of irregularities relating to your bank or credit account, and/or be offering promotional sales.
  2. In bogus calls, the caller display number may be unknown or from overseas, and the voice quality may be very poor.
  3. A bogus caller may refuse to provide their name and call-back number.
  4. A bogus caller will often seem in a hurry to close a sale and will not give details about products or services.

How to handle a suspicious call, SMS message or email

  1. Verify the caller: If you suspect you’re speaking to a fraudulent caller, request more information from them, including their department name, caller name, office number, and how they obtained your phone number and/or Mox Account or Mox Card information. If they are unwilling to share this information, hang up immediately. 
  2. Never share your personal data or account details: These include your passport details, Mox Account  details, Mox app login passcode, one-time passcodes or Mox Card details such as your Mox Card PIN, card number, expiry date or CVC.
  3. Act fast if you have disclosed information: If you have disclosed your Mox Account or Mox Card details and/or personal data to a bogus caller or phishing email, please call our Customer Care Team hotline at +852 2888 8228 immediately. Our Customer Care Associate will inform you of next steps. 
  4. Regularly review your activity: Regularly check and review your Mox statements and Mox Card activity, and report any irregularities to Mox.

New safety feature for Android devices to protect you from malware

What is the new safety feature?

Starting from Android app version 2.17.0, a new safety feature will be added to the Mox app to protect your Android mobile device from malicious software which may jeopardise the security of your device and result in potential fraud.

The new safety feature will examine and scan your Android mobile device for apps installed from unofficial app stores and which have been granted excessive permissions. We do not and will not collect other personal data from your mobile device. Access to the Mox app will be temporarily blocked in the event that a risk has been detected. To restore access to the Mox app, you will be required to follow the detailed instructions as per the block alert.

In order to use this new safety feature, please update the Mox app to the latest app version.

How will I know if my device is at risk?

warning-at-risk

When you are using the Mox app, a security alert will be displayed if a risk has been detected.

A list of detected apps from unofficial app stores and which have been granted excessive permissions will be shown on the screen.

Access to Mox app will be temporarily blocked if:

  • you have installed apps from untrusted sources/app stores; and
  • any of these apps have been granted excessive accessibility permission

For Android third party apps, the trusted sources/app stores are:

Google Play Store
Huawei App Gallery
Samsung Galaxy Store
Xiaomi Market (Xiaomi GetApps)
LG SmartWorld
Amazon AppStore
Vivio V-Appstore
Oppo App Market

How do I restore my access to the Mox app?

To restore your access to the Mox app, please proceed with one of the following options:

Method 1: Uninstall the app(s) listed; or
Method 2: Disable accessibility services for app(s) listed (Go to mobile device settings > Accessibility)

Disabling accessibility permissions for Android mobile devices:

To manage your accessibility permissions for the apps on your phone, find your mobile device from the list here and follow the provided instructions.

Bank safely with us

Be alert and protect yourself from fraud and malware:

  • Never use a “jailbroken” (iOS) or “rooted” (Android) device for your banking transactions. They make it easier for hackers to access and manipulate your phone’s operating system.
  • Only download and install apps from trusted sources/app stores.
  • Never grant control or excessive permissions to third party apps unless you are absolutely certain of the app’s credibility.

Keep your contact details with us updated

Remember to ensure your contact details registered with us us to up to date, to receive important notifications from us on a timely basis (for example, SMS and email notifications for online payments).

Always here to help

To us, every Mox customer is important. That’s why we’re always here to help. To contact us, you can:

  • Use the in-app call or chat function in the app
  • Call us on +852 2888 8228
  • Email us at care@mox.com
  • Mail to us at G.P.O. Box 9488, Hong Kong

Last updated: 30 September 2024.