HSBC has played down reports that a flaw in its online
banking system could give fraudsters using keylogging software easy
access to millions of customer accounts.
Antonia Jones, who led a research team from Cardiff University,
last week claimed criminals could potentially crack HSBC accounts
“within five attempts, and definitely within nine”.
The bank rebutted the claim of an unspecified vulnerability,
calling it a “supposed flaw” and said, “We are satisfied our
customers are adequately protected.”
HSBC also said that Jones’s warning overlooked the fact that the
system would lock out a hacker after three failed attempts to log
on.
“Our three million regular users of online banking only log in
on average once every other day, so for a hacker to make up to nine
attempts to get into the system could easily take a week. This is
not how hackers usually operate,” the bank said.
John Colley, president of global information security
certification body (ISC)2, said Trojans posed a bigger risk to
online banking than key loggers.
“Trojans will not only record the keys pressed, but will also
record the mouse movements and what is on the screen. If you are
using a drop-down menu, the Trojan would pick up what you are
pointing to.”
However, Colley said online banking was essentially secure. “To
the man in the street there is virtually no risk unless they do
something stupid, such as bank from an internet cafe.”
HSBC is continuing to look at ways to improve security. Earlier
this year, it rolled out a two-factor authentication system to its
business customers for online banking.
Since May, the bank has been issuing its 180,000 UK business
customers with Vasco secure tokens, following successful
deployments in the US and Hong Kong.
Read
article:
Why we must shout about IT security
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats