HSBC is considering rolling out security certificates in
a move to prevent phishing attacks across 650 websites worldwide
after rolling out the technology in itsUK retail operation.
The bank is attempting to increase customer confidence in online
banking by installing software to show customers they are on a
genuine HSBC website rather than a phishing website designed to
steal customer's banking details.
The bank's UK retail websites will use Verisign's Extended
Validation
SSL certificates from May. The software displays a green bar on
the screen to reassure customers they are on a genuine website.
"We have the capability available so [we] can roll it out
globally," said Barry Jones, senior manager group IT security. "Now
that it is in the UK business it will be given impetus." He said
the bank tries to ensure
consistency across the globe but it is a business decision for each
region.
The bank is looking at where else in the UK business the
certificates can be used. "This is only retail banking at the
moment, but it could be extended to businesses like mortgages and
loans," he said.
HSBC has 3,500 registered domains with more than 650 websites.
These include 77 country websites, 42 personal Internet banking
sites and 28 commercial internet banking sites.
Jones said the added security is easy to implement by loading a
piece of software on to a webserver. Each certificate costs between
£900 and £1,300.
The number of
phishing attacks in the UK alone was 10,000 in the first
quarter of this year according to the Association of Payment
Clearing Services. This represented a 200% increase.
Criminals use phishing attacks to steal personal details such as
bank account numbers and passwords by tricking customers into
typing their details into fake websites.
"Limiting the number of attacks that succeed in stealing
information is vital to keep customers confident," said Jones.
HSBC has 125 million global customers with 40 million using
online banking. It has 15.6 million UK customers with three million
using online banking.