Security tips

Security at Mox

Being trusted with your money is a big responsibility—and one we don’t take lightly. The security of your account and personal information is very important to us. Here are a few things we do to make sure your money is safe.

How Mox protects you

Our promise

Under normal circumstances, your maximum liability for fraudulent transactions made on your account or Mox Card, except cash advances, will not exceed HKD 500. We kindly ask you to remember that prevention is a shared responsibility, so you have a role to play, too.

Here are a few things you can do to help keep everything secure:

  • Never share your password or PIN with any other person, application or website.
  • Review your account and card activity regularly.

Report any suspicious activity to us immediately.

Signing up for Mox is simple and secure

Signing up for a Mox account is fast, secure and free. It takes only a few minutes and you can do it from your mobile phone.

Our account-opening process includes best-in-class identity verification and fraud prevention techniques.

Deposit protection

Mox is a member of the Deposit Protection Scheme in Hong Kong. Your eligible deposits here are protected by the Scheme up to a limit of HKD 500,000 per depositor.

Our security procedures

Keeping your money and information secure is our top priority. We take pride in using multi-level security procedures, including tools and techniques for encryption, identity verification and fraud prevention, in order to protect your account, transactions and personal information.

Multi-factor authentication. To log in to Mox, you need to use your password, fingerprint or facial recognition. Whenever our systems detect a risky transaction, you’ll be asked to provide additional verification.

Pairing your account to your mobile. Your account can only be paired to one smartphone and one phone number at a time.

24/7 monitoring. Our intelligent 24/7 systems monitors your account and transactions for fraudulent, unauthorised transactions. If we suspect a transaction is fraudulent, we take every step to validate the transaction. This may include:

  • Contacting you via Mox voice or Mox video call from within the Mox app.
  • Asking you to re-validate your identity with biometrics unique to you.
  • Notifying you with in-app push notifications or via the email address you signed up with.

Real-time transaction notifications

Be aware of all the activity that happens on your Mox Card and account. You can track your account activity on the Mox app in real time and immediately report any unusual activity you notice. You’ll receive instant push notifications after each account and card transaction, so you always know what’s been spent, where and when.

Paying with your Mox Card is safe

3D Secure software - Designed for safe online purchases.

Lockable card - You have full control over how you want to use your Mox Card. For extra protection, you can lock or unlock your card whenever you want.

Hard to copy - You can only access and edit your card information from your Mox app. Mox Cards don’t have the account number printed on them, so you can relax whenever you hand your card to the cashier.

Know your rights

You have a right to:

  • Access the personal data we hold about you, or get a copy of it.
  • Inform us that we need to correct inaccurate data.
  • Ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it.
  • Object to us using your data for direct marketing and, in certain circumstances, ‘legitimate interests’, research and statistical purposes.
  • Withdraw any consent you’ve previously given us.

If you wish to do any of the above, please contact us via the app.

Mox tips for keeping your account safe

1. Protect yourself from phishing attacks

What is phishing? Phishing is a fraudulent attempt to acquire sensitive information such as personally identifiable information, banking and credit card details, and passwords, by disguising oneself as a trustworthy entity in an electronic communication (e.g. email). Most of the time, phishing emails will tell you to click on a link that takes you to a site which imitate true brands, such as our Mox brand, where your personal information is requested. In addition to fraudulent emails / websites, scammers may also establish fraudulent mobile applications imitating our brand as an attempt to compromise your accounts and trick you into divulging your personal information.

What to do if things seem suspicious? If you receive a suspicious email or phone call claiming to be from us, please forward the message to, then delete the message from your email straight away.

  • Do not download Mox App from any other channels than Apple App Store and Google Play Store.
  • Apps downloaded from other channels may result with Phishing to steal your login information or installing malware to your device.
  • Do not copy or install any app from uncertain sources on your mobile device.
  • If you got suspicious on a downloaded app, or, if there are any abnormality identified with our app, such as abnormal layout or unusual slow login response, please stop any actions. Do not attempt to log in. Delete the corresponding app and contact us immediately via

If you suspect any unauthorised access or transactions on your account, please contact our Customer Care Team on +852 2888 8228 or via the app immediately.

2. Protect your mobile phone

Make sure your mobile phone has password protection, is not rooted or jailbroken, and is kept up-to-date with the latest operating system version and anti-virus / anti-malware protection.

3. Browse smartly

Install apps on your phones from trusted sources only, including official app stores like App Store or Google Play. Be cautious about what permissions (e.g. your contacts, camera, location) you grant the apps you download. Also, please access Mox website by typing into the browser or by bookmarking it for subsequent access. Treat all unsolicited emails, SMS, requests online with caution; and check hyperlinks by hovering your cursor over the link to verify its legitimacy.

4. Opt to receive real-time push notifications

You can check your account anytime in the Mox app. If you notice any unusual account activity, take action. We recommend you use the app to lock your Mox Card and contact us immediately.

5. Protect your identity

Follow our password rules to create a secure and strong password. For convenience and security, we also recommend you enable biometric authentication methods including fingerprint or facial recognition for both authentication and login.

6. Never share your password

Mox will never email, call or text asking you for your passwords or ATM PIN, or credit card details. As the account owner, only you should create and access your login details. Remember, you should never share your password or PIN with any external people, applications or websites; not even friends, family or Mox personnel. Keep your password and account number secure at all times and do not forward your one-time password to another device or reveal to anyone.

7. Be careful with Wi-Fi and Bluetooth connections

We recommend that you disable publicly accessible Wi-Fi connections and your device’s Bluetooth function before you log in to your account. If you’re using a private Wi-Fi network, you should check that it’s secured by a WPA2 system.

8. Google Pay - What if I lose my mobile device?

You can find, lock, or erase your device using Android Device Manager.

To enable the Android Device Manager, you can take the following steps:

  • Sign in to your Google account on your device in order to use the Android Device Manager
  • Turn on the location access from your device's apps menu, open 'Google Settings' and choose 'Security'
  • Under Android Device Manager, move the switches next to 'Remotely locate this device' and 'Allow remote lock and factory reset' to the 'On' position
  • Friendly reminders: Different device might have different setting menu

Please follow the instructions on Google Pay website for more details on how to remove Mox Card from Google Pay.

9. Stay alert

We will never ask you to prove your identity on behalf of other individuals or companies. This includes verifications for apartment rental contracts, lines of credit, ID, passport applications, etc. If you receive a suspicious email or phone call claiming to be from us, please report the incident via email to; or contact us via the Mox app or Customer Care Team at +852 2888 8228.

Protect yourself from bogus phone calls, fraudulent SMS messages and emails

What is a bogus phone call, fraudulent SMS messages and emails?

Bogus phone calls, fraudulent SMS messages and emails may trick customers into providing their personal information, account details/passwords, one-time password and other sensitive data or calling back a bogus hotline number quoted in the SMS messages so the caller can carry out illegitimate activities. Callers may claim to be from the government, law enforcement, banks or other service providers.

These fraudulent callers may attempt to use the compromised personal data to take control of your bank account, transfer/use funds, use services, such as applying for loans and credit cards, or hide other criminal activities.

Mox will not ask for sensitive personal information (e.g. login or account details) through pre-recorded messages or email, and will never request your passwords (e.g. One-time passwords) by phone. Never transfer money or disclose personal information to unknown parties. If you have any doubts or have encountered any suspicious calls, messages or emails, please email to or call us at +852 2888 8228 as soon as possible.

Please refer to HKMA’s website for further information on bogus phone calls, fraudulent SMS messages and emails (watch video here).

How to identify a bogus phone call, fraudulent SMS messages and emails

Here are some ways to identify bogus phone calls. Please bear in mind that these are not the only signs, so it is important to use your best judgment.

  1. Bogus calls often contain a pre-recorded message requesting passwords, PINs or other personal information. These may say they are notifying you of irregularities in your bank or credit account, and/or be offering promotional sales.
  2. In bogus calls, the caller display number may be unknown or from overseas, and the voice quality may be very poor.
  3. A bogus caller may refuse to provide their name and call-back number.
  4. A bogus caller will often seem in a hurry to close a sale and will not give details about products or services.

How to handle a suspicious call, SMS message or email

  1. Verify the caller: If you suspect you’re speaking to a fraudulent caller, request more information from them, including their department name, caller name, office number, and how they got your phone number and account information. If they are unwilling to share this information, hang up.
  2. Never share your personal information or account details: These include your passport details, bank account details, login passwords, one-time-passcodes or card details (e.g. PIN, card number, expiry date or CVC).
  3. Act fast if you have disclosed information: If you have disclosed your account details and/or personal information to a bogus caller or phishing email, please call our Customer Care Team hotline at +852 2888 8228 immediately. Our Customer Care Associate will inform you of next steps.
  4. Regularly review your activity: Regularly check and review your bank statements and card activity, and report any irregularities to Mox.

Always here to help

To us, every Mox customer is important. That’s why we’re always here to help. To contact us, you can:

  • Use the voice call or live chat function in the app
  • Call us on +852 2888 8228
  • Email us at
  • Write to us at 39/F, Oxford House, Taikoo Place, 979 King’s Road, Quarry Bay, Hong Kong