HSBC security loophole left customers exposed

11 August 2006
A loophole in the security systems of HSBC's online banking network left millions of its customers exposed to fraud for a period of over two years.

According to a report in the Guardian on Thursday, a group of researchers from Cardiff University said that throughout the period in question, a defect in the log-in system used by the 3.1 million online customers of HSBC had left them at risk.

Fraudsters were able to use key-logging devices to record the keystrokes of targeted computers which would allow them to gain access to people's accounts after just a few attempts.

"There are serious issues here," Professor Antonia Jones, who led the Cardiff research team, told the Guardian.

"For banks or institutions that are making huge amounts out of their customers not to protect them is pretty scandalous."

A spokesperson for HSBC said the bank considered its online customers "more than adequately protected" but it would look into the findings closely to see if its systems can be improved.

Other UK online banks use a different log-in system, where customers select the requested letters from their security key word from a drop-down menu, rather than typing them in, which reduces the risk of hackers being able to duplicate the word.

To read more about banking, click here.

track© Adfero Ltd