One of Britain´s biggest high street banks knew about a security loophole in its online banking service that left millions of accounts open to fraud and did nothing about it for almost two years. HSBC initially denied the defect in its computer banking but conceded yesterday that the problem had been known about since the system was introduced.
The defect, uncovered by researchers at Cardiff University and exposed in yesterday´s Guardian, was the result of a conscious decision by those building the system two years ago, a spokesman for the bank said. “It wasn´t there accidentally,” he said. “When the system was being designed, research was done into it and the decision was made [to leave the loophole]. Often times these are judgment calls.”
Industry professionals say it is common for companies to know about large numbers of flaws while designing their online banking systems, but often they leave some to concentrate on other problems. HSBC said the system´s builders had decided against closing the loophole to focus on more pressing threats.Read Full Story