HSBC to 'review' online security

HSBC is to review its online security after researchers at Cardiff University found a loophole which could allow access to customers' online accounts. A bank spokesman said the loophole had not been used by fraudsters and was not a viable way for a hacker to steal. But he added the bank would now "look at different ways of doing things". Meanwhile, an independent security expert urged HSBC and other banks to tighten security to prevent customer accounts being accessed by fraudsters. Loophole The flaw - exposed by researchers at Cardiff University's school of computer science - centres on the way HSBC customers access their online banking service. It relies on "keyloggers" - gadgets or software which capture the keystrokes made on a particular computer - which can enable a hacker to work out the information needed to successfully log onto an account within a few attempts. According to the research, it was possible with the help of a keylogger to access customer accounts in just nine attempts. "Nine attempts suggests that HSBC's system is not robust enough," Michael Panhallurick, computer forensic manager at the Risk Advisory Group, told BBC News. In response, a HSBC spokesman told BBC News that loophole exposed by the researchers was "not a viable route for fraudsters". "It involves a fraudster targeting a single customer over the course of a few days," he said. "The reality is that it would be more profitable for that fraudster to concentrate his or her efforts elsewhere." The spokesman added that online fraud was "a very, very minor part of the fraud that we see, a far bigger problem is people disposing of bank letter and utility bills inappropriately." Bank statements and utility bills are often used by fraudsters to perpetrate identity fraud. Experts warn that a cracked bank account could also be used in a wider identity theft scam without necessarily involving large-scale theft direct from the account. In addition, cracked accounts could be used to assist with money-laundering. Determined hackers Mr Panhallurick told BBC News that few online bank accounts were safe from determined hackers. This was due to a combination of bank failings and online customers not keeping their anti-virus software up to date. "Most home computers are vulnerable to dangerous software such as spyware and keyloggers. "Banks, therefore, need to ensure they have multiple identity and password checks in place. "After all, the more layers of security you have in place the more likely you are to deter the fraudsters... they will move on elsewhere."

print this article

Return to internet news headlines
View Internet News Archive

Share with: