HSBC online banking fears

Researchers claim they have discovered a vulnerability in HSBC's online banking security

Written by Tom Young

A group of researchers at Cardiff University claim to have discovered a defect in HSBC's online banking system which could leave over three million customers vulnerable to attacks.

Customers using the internet service may have been vulnerable to attack for at least two years. The researchers found that anyone exploiting the flaw could succeed in cracking an account within nine attempts.

The Cardiff researchers are planning to publish full details in security journals this year, but decided to go public now.

'There are serious issues here,' said Professor Antonia Jones, the scientist leading the research team.

'Banks are in the business of safeguarding your money, and if they tell you that it's safe then you assume that's the case. But as long as this flaw exists, customers are at risk.'

The scam requires installing keylogging devices on PC's which record keystrokes. These can be in the form of physical devices, as in the attempted £220m Sumitomo Mitsui hack, or viruses which sit on the hard drive.

A spokesman for HSBC said: 'The supposed flaw uncovered is not one we have seen criminals use. It is an extremely sophisticated attack that would require a particular and time-consuming focus on one individual victim. It is therefore not likely to be a profitable way for criminals to behave.

'Online fraud via HSBC's internet banking system is substantially lower than the market average and we are satisfied our customers are adequately protected.'

HSBC has issued devices for two-factor authentication – a more secure form of online authentication - to online business customers, but does not yet plan to do so with individual consumers.

What do you think? Email us at feedback@computing.co.uk

Further Reading:

Barclays to tighten web security

HSBC to issue security tokens to online business customers

Phishers crack two-factor authentication

Mobiles set for key role in card authentication

  • Have your say
  • Send to a friend
  • Print this
  • Share

Tags:

reader comments

related articles

 

Online banking fraud rises again

MasterCard SecureCode and Verified by Visa proving succesful but malware attacks on banking customers rise 07 Oct 2009

IronKey boosts corporate banking security

USB device combines authentication, malware scanning and a virtualised isolated environment 22 Feb 2010

Consumer group slams online banking security

Financial institutions must do more to protect customers, says Which? report 27 Aug 2009

related whitepapers

today's top stories

Face facts: social media is the future

No organisation can afford to ignore the way business communications are changing 18 Mar 2010

Is the data watchdog about to pounce?

Experts believe the Information Commissioner’s Office is itching to use its new power to impose hefty fines for data breaches. Martin Courtney reports 18 Mar 2010

Lloyd’s of London gears up for regulation

CIO Peter Hambling tells Angelica Mari about how the insurance market has updated its IT infrastructure to comply with new regulations 18 Mar 2010

Protests greet new Digital Economy Bill amendment

ISPs, digital rights groups and Liberal Democrat supporters cry foul 05 Mar 2010

IT Leaders' Forum in association with IBM

A unique opportunity to hear from expert speakers and engage in a debate about the future of the CIO job function 29 Jan 2010

Advertisement

Keys to successful Service‐Oriented Architecture implementation

This white paper explores best practices and general design patterns for service oriented architecture (SOA).

The Roadmap to IT Maturity — Matching Strategy to Infrastructure for Business Success

This paper defines a roadmap for matching infrastructure strategy to business success.

Advertisement

Keep up to date with the latest products, services and technologies from the world's leading IT companies; ITHound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

Job alerts

Sign up here

Find your next job

IT Salary Checker

Check salary here

Advertisement

Latest poll

NHS centralised data

NHS centralised data

Do you think the NHS can be trusted to safely look after personal data electronically?

View poll results

Latest audio and video articles

Video

HP unveils S Series notebooks

'Prosumer' line overhauled 01 Mar 2010

Web Seminar Listings

Preparing for enterprise-scale Windows 7 migration

The web seminar on 18 Feb will discuss how Windows 7 migration can increase IT efficiency in large enterprises, freeing up budgetary and personnel resources to focus on business innovation. Our panel of experts will examine the strategies, tools and services IT leaders can use to migrate successfully and reap the rewards of increased efficiency. 19 Feb 2010

Latest in-depth articles

Smiths Group CIO Brian JonesAnalysis

Q&A: Brian Jones, CIO, Smiths Group

How should conglomerates be looking at the new IT technologies coming through? Brian Jones explains. 19 Mar 2010

Analysis

What security strategy should enterprises adopt after the recession?

Act now to put your your firm on higher growth path advise CISOs 19 Mar 2010

Primary Navigation