Banking giant HSBC has a flaw in its online banking
system which could give fraudsters using keylogging software easy
access to millions of customer accounts, researchers have
claimed.
The academics, from Cardiff University, told the Guardian
newspaper they were concerned at the potential simplicity of such
an attack, should the flaw be found by criminals.
“You would most likely get in within five attempts, and
definitely within nine”, said Anthony Jones, who led the research
team.
HSBC has played down the seriousness of the unspecified
vulnerability, calling it a “supposed flaw” and said, “We are
satisfied our customers are adequately protected.”
“HSBC would be very interested to hear any expert commentary on
the security of its personal internet banking services. However, in
this instance the supposed flaw uncovered is not one we have seen
criminals use,” a spokesperson said.
The bank has taken steps recently to beef up security for
customers. In May, it began using SAS's Fraud Management for
Banking software to try to stem criminal activity around its
customers’ accounts. It is using the technology to analyse its full
transactional database for patterns that could signify criminal
activity.
It has also just finished rolling out two-factor authentication
security to its business customers for online banking. Since May it
has been issuing 180,000 business customers with Vasco secure
tokens, following deployments in the US and Hong Kong.
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats