[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 10 August 2006, 13:42 GMT 14:42 UK
HSBC to 'review' online security
HSBC website
HSBC said no fraud has been carried out
HSBC is to review its online security after researchers at Cardiff University found a loophole which could allow access to customers' online accounts.

A bank spokesman said the loophole had not been used by fraudsters and was not a viable way for a hacker to steal.

But he added the bank would now "look at different ways of doing things".

Meanwhile, an independent security expert urged HSBC and other banks to tighten security to prevent customer accounts being accessed by fraudsters.

Loophole
The reality is that it would be more profitable for that fraudster to concentrate his or her efforts elsewhere
HSBC spokesman

The flaw - exposed by researchers at Cardiff University's school of computer science - centres on the way HSBC customers access their online banking service.

It relies on "keyloggers" - gadgets or software which capture the keystrokes made on a particular computer - which can enable a hacker to work out the information needed to successfully log onto an account within a few attempts.

According to the research, it was possible with the help of a keylogger to access customer accounts in just nine attempts.

"Nine attempts suggests that HSBC's system is not robust enough," Michael Penhallurick, computer forensic manager at the Risk Advisory Group, told BBC News.

In response, a HSBC spokesman told BBC News that loophole exposed by the researchers was "not a viable route for fraudsters".

"It involves a fraudster targeting a single customer over the course of a few days," he said.

"The reality is that it would be more profitable for that fraudster to concentrate his or her efforts elsewhere."

The more layers of security you have in place the more likely you are to deter the fraudsters
Michael Panhallurick, Risk Advisory Group

The spokesman added that online fraud was "a very, very minor part of the fraud that we see, a far bigger problem is people disposing of bank letter and utility bills inappropriately."

Bank statements and utility bills are often used by fraudsters to perpetrate identity fraud.

Experts warn that a cracked bank account could also be used in a wider identity theft scam without necessarily involving large-scale theft direct from the account.

In addition, cracked accounts could be used to assist with money-laundering.

Determined hackers

Mr Penhallurick told BBC News that few online bank accounts were safe from determined hackers.

This was due to a combination of bank failings and online customers not keeping their anti-virus software up to date.

"Most home computers are vulnerable to dangerous software such as spyware and keyloggers.

"Banks, therefore, need to ensure they have multiple identity and password checks in place.

"After all, the more layers of security you have in place the more likely you are to deter the fraudsters... they will move on elsewhere."




SEE ALSO
Taxman targets offshore savers
18 May 06 |  Business
Police warning over banking scams
13 Mar 06 |  Staffordshire
Cash card taps virtual game funds
02 May 06 |  Technology
Virus creators target their work
15 Nov 05 |  Technology
Lloyds steps up online security
14 Oct 05 |  Business

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific