You are here  IT Management Risk Management

HSBC denies online accounts vulnerability

by Christian Annesley
Thursday 10 August 2006 12:50

Banking giant HSBC has played down reports that a flaw in its online banking system could give fraudsters using keylogging software easy access to millions of customer accounts.

The claim was made by academics from Cardiff University, who told the Guardian newspaper they were concerned at the potential simplicity of an attack, should the vulnerability be found by criminals.

“You would most likely get in within five attempts, and definitely within nine”, said Antonia Jones, who led the research team.

HSBC has played down the seriousness of the unspecified vulnerability, calling it a “supposed flaw” and said, “We are satisfied our customers are adequately protected.”

“HSBC would be very interested to hear any expert commentary on the security of its personal internet banking services. However, in this instance the supposed flaw uncovered is not one we have seen criminals use,” a spokesperson said.

HSBC also said that Jones’s warning overlooked the fact that the system would lock out a hacker after three failed attempts.

“Even our three million regular users of online banking only log in on average once every other day, so for a hacker to make up to nine attempts to get into the system could easily take a week. This is not how hackers usually operate.”

The bank is continuing to look at ways to beef up security for its customers. In May, it began testing SAS's Fraud Management for Banking software to try to stem criminal activity around its customers’ accounts. It is testing the technology in its credit card division to look for patterns that could signify criminal activity.

It has also just finished rolling out two-factor authentication security to its business customers for online banking. Since May it has been issuing 180,000 business customers with Vasco secure tokens, following deployments in the US and Hong Kong.


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats
An error occurred on this page.
An error occurred on this page.