Risk Management

04:05 PM
Connect Directly
LinkedIn
Twitter
Facebook
Google+
RSS
E-Mail
50%
50%

It's Hard to Ignore the Hype: HSBC Security Flaw

By Greg MacSweeney, Wall Street & Technology At first glance, the security flaw within HSBC's online banking system that has been exposed by two researchers working within Cardiff University's School of Computer Science looks like another black eye for financial firms, which are battling the growing perception that personal data risks aren't being taken seriously. Howe

By Greg MacSweeney, Wall Street & Technology

At first glance, the security flaw within HSBC's online banking system that has been exposed by two researchers working within Cardiff University's School of Computer Science looks like another black eye for financial firms, which are battling the growing perception that personal data risks aren't being taken seriously. However, as often is the case with press coverage, the hype surrounding the flaw is probably a greater risk to HSBC than the actual security flaw itself.According to a release from Cardiff's School of Computer Science, "The researchers demonstrated (without in any way hacking or even entering the system) that the problem they observed, together with the illegal use of a keylogger (a device that records keystrokes and can later play them back), would, in principle, allow an attacker to gather all the necessary information required to enter any customer account." Added one of the researchers, Professor Antonia J. Jones, "What is truly amazing about this particular problem is that it apparently has not been illegally exploited for at least two years, during which time all user accounts were, in principle, open to the access procedure we describe. This fact alone raises some serious questions about the wisdom of having any sensitive system online and about online banking in general." But blogger David Nicholson points out that while the flaw is a risk, it isn't as "glaring" as the flurry of press coverage implies because the Cardiff research assumes that HSBC account holders would have keylogging software -- virus software that captures the keystrokes made on a computer -- on their own computer.

So it may turn out that the greater risk to HSBC is how customers react to this flaw by possibly closing accounts or deterring new customers from opening new accounts -- not the actual data that might have been exposed by the security flaw. Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio

Comment  | 
Print  | 
More Insights
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.