This is the world of . The Password is Dead (Long Live the Token) For years, banking security was a dirty secret. Your "secret word" or "memorable date" was floating around in databases that were getting hacked constantly. If you used "Password123" for your gym membership and your bank, you were a thief’s lottery ticket.
A victim in London receives a call from "HSBC Fraud Department." The number on the caller ID matches the bank’s real number (spoofed). The voice says, "Someone in Manchester is using your card. We are sending a Secure Code to your phone. Read it to us so we can cancel the transaction."
HSBC Secure Code proves you have the phone. It does not prove that you aren't being tricked. The bank has solved cryptography, but it hasn't solved gullibility. The "Silent" Transaction: A Feature You Don't Know About There is a ghost mode to Secure Code that most customers never notice. hsbc secure code
The criminal, who is simultaneously on the checkout page of a luxury goods site, types in that code. The bank thinks the victim approved it. The money is gone.
Because in the war between the code and the con artist, the code has never lost. Only the human has. Have you received a suspicious "Secure Code" request? Contact your bank immediately using the number on the back of your card, not the number in the text message. This is the world of
This is the friction point of modern banking. It is annoying. It is intrusive. And according to the cybercriminals who tried to steal $500 million last year, it is the single most effective wall they face.
Never, ever give your HSBC Secure Code to a human being who called you. The bank will never ask for it. Ever. If you used "Password123" for your gym membership
Instead of a 6-digit number, the bank asks you to look at your phone. Facial recognition verifies it’s you , not just your phone. Additionally, "Location Confirmation" is rolling out—if your phone is in London and the transaction is in Tokyo, the code auto-fails regardless of what you type.
