Michael Bond and Richard Clayton claimed that software, together with a £700 device, could crack the high-security IBM 4758 crypto-processor, which is used by banks, financial institutions and governments.
The pair stated on BBC's Newsnight programme that it was possible to download sensitive financial information, including PIN numbers, which could leave banks' systems open to substantial theft.
IBM dismissed the claims, telling CW360.com that the students' method of attack could only work in laboratory conditions.
"Normal bank practice and procedure would prevent any possibility of launching such an attack," said IBM. "This academic study is based on specific laboratory conditions. In the real world there are too many physical safeguards and authenticity protections for such an attack to be successful."
Financial institutions contacted by CW360.com said they were investigating the claim.
Nationwide Building Society told CW360.com, "We are looking into what has been said. It's unclear at the moment whether this would affect us."
NatWest refused to comment, saying that security is an internal issue. Barclays and HSBC said they did not use the IBM 4758 crypto-processor.
APACS, the Association for Payment and Clearing Services, would not comment, but sources at the association said while they were considering the implications of the claim, they were reassured by IBM's statement.