Banking giant HSBC has a flaw in its online banking system which could give fraudsters using keylogging software easy access to millions of customer accounts, researchers have claimed.
The academics, from Cardiff University, told the Guardian newspaper they were concerned at the potential simplicity of such an attack, should the flaw be found by criminals.
“You would most likely get in within five attempts, and definitely within nine”, said Anthony Jones, who led the research team.
HSBC has played down the seriousness of the unspecified vulnerability, calling it a “supposed flaw” and said, “We are satisfied our customers are adequately protected.”
“HSBC would be very interested to hear any expert commentary on the security of its personal internet banking services. However, in this instance the supposed flaw uncovered is not one we have seen criminals use,” a spokesperson said.
The bank has taken steps recently to beef up security for customers. In May, it began using SAS's Fraud Management for Banking software to try to stem criminal activity around its customers’ accounts. It is using the technology to analyse its full transactional database for patterns that could signify criminal activity.
It has also just finished rolling out two-factor authentication security to its business customers for online banking. Since May it has been issuing 180,000 business customers with Vasco secure tokens, following deployments in the US and Hong Kong.
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats