HSBC was last week said by researchers at Cardiff University to have a major security loophole in its UK online banking service.
According to reports in the Guardian newspaper the flaw had been known about, but no action was taken, leaving over three million accounts vulnerable to fraud.
HSBC International, which is headquartered in the Island, declined to comment about its own specific services.
But HSBC’s chief press officer, Tim Pie, said: ‘In this instance the supposed flaw uncovered is not one that we have seen criminals use.
It is an extremely sophisticated attack that would require a particular and time-consuming focus on one individual victim.
In this instance the potential problem seems to have involved the access codes which each customer is required to provide before gaining access to the system; for example, user name, password, and a secret phrase of which the bank might ask the user to type in, for example, the first, fourth and eighth letters.
Jersey specialist Ritchie Jeune, founder of Evolution Systems, explained: ‘The longer each piece of data, the more secure it is.
It would appear that HSBC use the same method as other banks but have not enforced a long-enough minimum length of either password or secret pass phrase.
