Secure Banking Tips



  • Your PIN (personal identification number) is like a signature that identifies you. Never share your Card PIN with anyone.
  • Always choose a strong PIN to keep your card safe. Do not use any sequential number like 1234 or the numbers given on your card as your PIN.
  • Change your Card PIN at least once in 3 months.
  • If you receive an email requesting Personal /Financial/ Credit card information please report it to HDFC Bank helpline immediately.


  • Do not throw or return your old expired cards. Cut the card in multiple pieces especially at the magnetic strip while disposing the card.
  • Do not access or make payments using the Card from any shared computer in cyber cafes including high end protected mobile phones.
  • Do not share your OTP with anyone even if he/she claims to be a bank representative.




  • Keep your Customer ID and IPIN confidential and do not disclose it to anybody, including Bank staff.
  • Always visit the HDFC Bank's NetBanking site through HDFC Bank's home page by typing the bank's website address ( on to the browser's address bar. Check the URL as to verify the Bank’s NetsBanking page and the PAD Lock symbol at the top left of the browser.
  • Disable "Auto Complete" feature on your browser.
  • Use virtual keyboard feature while logging into your internet banking account.
  • Always type in your confidential account information. Do not copy paste it.
  • Monitor your transactions regularly. Use HDFC Bank's "InstaAlerts" service and bring any fraudulent transaction to the notice of the bank.
  • Always logout when you exit NetBanking. Do not directly close the browser.
  • Change your IPIN as soon as you receive it by logging into your NetBanking account. Memorize your IPIN, do not write it down anywhere.
  • Ensure your computer has firewall and the latest version of anti –virus software installed.
  • Keep changing your IPIN regularly.
  • On bank’s website, check for valid SSL security certificate (https). The “S” added to http represents a secure website.
  • Check your account statements periodically to ensure that all entries are correctly captured. In case of any discrepancy, inform the Bank immediately. 


  • Avoid accessing internet banking from shared computer networks such as cyber cafes or public Wifi network like hotel/airport etc.
  • Do not click on links in the emails or sites other than to access your NetBanking webpage.
  • Don’t write your passwords anywhere or share your computer with unknown sources.
  • Do not disclose your passwords, OTPs, Debit Card Number, CVV etc to anyone (including Bank Staff).
  • Don’t respond to emails that request personal information.
  • Do not choose passwords that are easy to guess like your date of birth, spouse’s name etc.
  • Never download an attachment if it is not from a trusted source
  • Don’t leave your account unattended after logging in.
RBI guidelines towards enhancing security of Card Transactions

Dear Customer,

As per recent RBI guidelines towards enhancing security of card transactions, online payment (E-Commerce) & Contactless feature on your Prepaid Card is disabled.

This guideline is applicable for customers who have not been using these features actively.

You can continue to use your Prepaid Card for ATM Cash Withdrawal & Point of Sale transaction at merchant outlets.

Follow these easy steps to enable online payment (E-Commerce) & Contactless feature of your card*:

Login to HDFC Bank Prepaid Card NetBanking > Manage My Profile > Manage Usage Limits > Select your Card > Enable the service & Set transaction/daily limit**

You may kindly ignore this email if you have already enabled these services on your Prepaid Card.

Important Note -

  • * For Multicurrency Forex Card, online payment (E-Commerce) & Contactless feature has to be enabled on each of the Currency Wallet.
  • ** For Prepaid Forex Card, you can set ATM Cash Withdrawal transaction daily limit upto USD 5,000/- (equivalent in other currencies)
  • ** For Prepaid Forex Card, POS/Ecom transaction daily limit can be set upto USD 250,000 (equivalent in other currencies)
  • ** For Prepaid INR Card, set POS/Ecom transaction daily limit can be set upto INR 100,000

Warm Regards,

Beware Of Fraudulent e-Mails.

Dear Customer,

We would like to caution you against the fraudulent emails which claim to have come from the HDFC bank. These emails ask the customer to verify their personal details by clicking on a link and some of them threaten to restrict the NetBanking access or similar such action in case you do not respond.

We would like to re-iterate that as a policy we do not ask for the following details from our customers through emails:
  • Credit Card number / Debit Card number/ Customer Identification Number/ Account Number.
  • Credit Card PIN / ATM PIN (Personal Identification Number).
  • NetBanking / PhoneBanking Password.

We seek your cooperation by forwarding all such suspicious emails to [email protected] .

Click here to learn more about the precautions for using Online Banking securely.

Yours Sincerely,

Sameer Ratolikar
Chief Information Security Officer


  • Phishing is a modus operandi where in a customer gets an e-mail that deceptively claims to be from a particular enterprise (like your Bank) and asking for account sensitive information.
  • Phishing is a spoofed e-mail that closely resembles the Bank notices. The mail aims to convince customers to divulge account sensitive information such as Credit Card Numbers, Passwords and PINs, Bank Account Details etc..
  • These Phishing mails have a legitimate-looking URL or an image, which when clicked directs the affected user to the Phishing site where in the account sensitive details are captured.
  • Alternatively, sometimes the customer is asked to download and install "Security" software attached to the spam e-mail and doing so by the customer, the scamster can retrieve all the account related details.
Some tips to Identify Phising Mails!
  • These emails generally ask for sensitive account information like Usernames, Passwords, Credit Card or Debit Card Numbers over the email.
  • The emails may include content, which is bound to make you react. For example, the email may have content which would state, "Please click here to update your Account Information in order to keep your Bank Account active". HDFC Bank will never send such emails. In such cases, always back check with the Bank.
  • Secure Site: Always look on the address bar to ensure that the NetBanking site has https:// in the address link. The HDFC Bank address bar link is
  • Be wary of e-mail messages that ask for your account sensitive information such as Customer Id and IPIN details, Card related details or any other sensitive information in reference to your account.
  • Unless the e-mail is digitally signed, you can never be 100% sure of its source!
  • Do not click any links inside an e-mail of which you have the slightest suspicion. Instead use a web browser to reach a particular web address.
    (Type instead of clicking on the link.
  • Ensure that any Web site visited is secure when submitting sensitive information such as Credit Card numbers or using your NetBanking IPIN.
    • One indication that a Web address is secure is if it starts with https:// rather than http://.
    • Another indication is a padlock icon at the bottom of the screen, which when clicked, displays a security certificate.
  • Ensure that your browser requirement is up-to-date for accessing NetBanking.
  • Consider installing security software such as those offered by anti-virus specialists that can help detect virus, filter SPAM and/or ensure secure Internet Usage (firewalls).
  • Turn off your computer when not in use, to avoid criminals gaining access and misusing it for fraudulent purposes, which includes launching Phishing attacks.
  • If you receive any suspicious e-mail or website prompts which are asking for your private and confidential information in relation to your account with the Bank, please inform us immediately. You can forward the mail to us at [email protected] or call the nearest PhoneBanking Numbers.
  • If you suspect that you have become a victim of a Phishing attack and already have divulged your sensitive account information to fraudsters, please report to your home branch or call the nearest PhoneBanking Number or write in to us at