Researchers at Cardiff University claim to have found a flaw in the UK version of HSBC’s online banking system that put “millions” of online accounts at risk for at least two years. However, the sketchy details provided in the Guardian indicated that the attacker would need a keylogger installed on the victim’s machine. Bruce Schneier commented, “If this is the biggest flaw in HSBC's login authentication system, I think they're doing pretty good.”
HSBC has confirmed that its Hong Kong online banking system does not have the same flaw.