Risk: Low
Researchers say the log-in systems used by HSBC and another major high street bank could be easily cracked by keylogging devices.
Cardiff University researchers said that they discovered a flaw that could allow hackers to break into accounts within nine attempts, leaving 3.1 million UK customers at risk. Unlike many other banks, HSBC asks for a numeric-only passcode and does not regularly change the order of digits it requests, making it easier for hackers to obtain the number. It does, however, require keylogging software to be installed to successfully exploit the vulnerability.
HSBC said in a statement that attacks of this kind are unlikely as they require "a particular and time-consuming focus on one individual", although it invited feedback from experts on its online banking service. "In this instance the supposed flaw uncovered is not one that we have seen criminals use [and] it is not likely to be a profitable way for criminals to behave."