Device Theft | HSBC UK

You could be the victim of device theft if a criminal is able to steal your mobile phone or tablet.

If your device is stolen, fraudsters may try to access your personal data, files, emails and apps usually with the aim of accessing your banking apps. If they’re successful, they could make fraudulent payments using your banking apps to accounts you haven’t authorised.

Criminals are opportunistic, it just takes a moment of distraction for your device to be stolen.

How it happens

Fraudsters usually make payments from stolen devices by stealing unlocked devices or by knowing your unlock PIN.

Unlocked device

Usually swiped from your possession

If your device is stolen while you’re using it, fraudsters will get hold of an unlocked phone or tablet. They’ll then move across different applications, such as your social media and notes, to steal your data and access your banking apps to commit fraud.

Unlock PIN

PIN compromised by shoulder surfing

Fraudsters may linger around you to watch you enter your PIN to unlock your device. Once they have this, they may steal your phone or tablet, unlock it, steal data from apps like social media and notes, before accessing your banking apps to commit fraud.

These aren’t the only ways fraudsters can use a stolen device to make payments from your account. Depending on what’s stolen e.g. debit or credit card, fraudsters may also use the device to authenticate fraudulent card payments or read One Time Passcodes.

How to protect yourself

Activate and use biometric authentication, especially in public settings. By using your fingerprint or facial recognition to access your device and apps, your PIN and passcodes remain secure.
Use a unique and secure unlock PIN for banking apps that’s different to the PIN used to unlock your device. If you need to use your PIN to unlock your device and fraudsters saw what it was, they wouldn’t be able to use it to access your banking apps.
If you have sensitive messages or files on your device, create a unique and strong password/PIN to access these e.g. password protect certain notes so another layer of security is required before they can be accessed. Social media apps such as WhatsApp can also be protected in the same way.
Never store passwords or PINs on your device that aren’t within a reputable password manager app.
Make sure your device unlock PIN is robust and secure. Avoid using repeating digits and anything less than 6 digits long. The PIN used to unlock your device shouldn’t be used to access anything else.
Turn off message previews so fraudsters can’t read One Time Passcodes from your device whilst it’s locked. Visit your handset providers help page to learn how to do this.
Consider a security pin for your SIM card, so fraudsters can’t use or access your information by putting your SIM into another device.
Routinely keep your device backed up so you can recover your data if your device is stolen.
Keep your device and cards separate to stop thieves from using both of these to access your account.

What to do if your device is lost or stolen

1. Report it to your bank

If you believe you have been a victim of fraud or a scam, please report it to us. We can take steps to safeguard your HSBC account against unauthorised access.

2. Report to the manufacturer

By using your device manufacturers security features, you may be able to lock and/or wipe your device. Reporting the incident to the manufacturer may also help them lock the device.

3. Report it to the Police

You should also report the incident to Action Fraud on 0300 123 2040 or the Action Fraud website. If you’re a resident in Scotland, please report it to the Police directly by calling 101.

Further Resources

Take 5 – Stop, Challenge and Protect

NCSC – National Cyber Security Centre advice and guidance on a range of cyber topics

iPhone – View additional handset support for Apple devices

Google – View additional handset support for Google devices

Android – View additional handset support for Android devices