The beautiful thing about the Internet is the way it empowers the consumer. In pre Internet times, we as consumers were largely powerless when we became victims of corporate arrogance. Now, we can at least make our voices heard.
I have been banking with HSBC over many years. I, and my family have accounts with HSBC in 5 countries. I still believe that there are worse banks than HSBC. However, from using the bank on many transactions, I know that not all is well with HSBC.
One problem is arrogance. HSBC likes to be an elite bank (the likes of Bank of America or Citibank). Something for rich people (in newspeak they are called "high net worth" people. More on that later.
Another problem for years has been what I consider lax security of their Internet banking. I became interested in the hacking of Internet bank accounts after an account of mine (not with HSBC) has been hacked and the funds stolen. (My fault, said the bank).
Some banks have sophisticated Internet banking which I wouldnt know how to hack. Banks in Germany are on a good level. HSBC wasnt for many years.
Im not a criminal. I dont steal money from the Internet accounts of other people. But I easily could have done so, if these other people had their bank accounts with HSBC.
The problem is that Internet banking with HSBC (and many other banks) is / was based solely on keying in a user name and a password. Such systems are not save.
I only have to install a keylogger program on a bank customers computer, combined with a mail engine, and then I will receive at my email address, anywhere in the world, the bank customers login combination. Any shareware library has keyloggers that can be downloaded by just anybody, and there are a good number of Trojan viruses that can be used to smuggle a keylogger into a remote computer.
I have brought the matter to the attention of some people at one of the HSBC branches I do business with. Not that the clerk would have cared and Im sure that she didnt inform any superior. Of course, she pretended to be interested ("thats interesting", smile, smile).
She probably didnt believe that I was serious until I filed for having transfers via Internet totally disabled. From other accounts with HSBC in other countries, I transferred the funds to accounts with other banks that were not Internet enabled.
When I wrote the first version of this article, HSBC Internet banking security was still lax. But end of September or on October 1, 2003, they had installed a new feature, issuing transaction codes for money transfers or password changes. These transaction codes are valid only once, and are sent to the customers hand phone as SMS message.
Thats OK. Any Internet banking system that uses transaction numbers that are valid only once and are sent to the customer by other means than the Internet (through postal services or cellular networks) is much, much safer than the kind of user name / password system HSBC used for many years.
I wonder how many times the previous HSBC system has been hacked
I assume that HSBC has been aware of the flaws for some time for the following reason: we maintain an Internet enabled HSBC account in the UK. After we had opened it, I could easily access it from abroad, even from Southeast Asia. However, after some time, this no longer worked. And I can only think of one explanation: they realized how easy it was to hack their Internet banking system. They also realized that computer smart but poor Asians were probably much more likely to exploit the security flaws in their Internet banking than people in the UK or Europe. Furthermore, cross border prosecution is messy, especially if the hacker sits in a country like India or Indonesia where the police are poorly equipped and may lack basic know-how on solving Internet crime. So, I guess that HSBC in the UK just blocked access to their Internet banking from the IP numbers of certain countries.
This was easy to do but doesnt solve the problem. It shut out Asian computer kids from hacking UK HSBC bank accounts. But it couldnt stop more organized hackers.
As explained above, I had taken measures to make sure that my own exposure would be rather limited. And it wasnt the flaws in their Internet banking but their arrogance in another matter that sparked the creation of this website about HSBC.
The day before I wrote the first version of this article, I spent more than an hour at my local HSBC branch, trying to convince their customer service staff to issue a simple statement that I have an account with them.
They (Mr. Robin and his immediate superior, Ms. Fenny) wouldnt do it.
Mind you, its just a US dollar savings account that I maintain with this branch. I opened the account in February 2002, and the average balance is about 12,000 US dollars. Of course, for them, I am small fry. What I asked for was a statement with the following content: "Hereby we confirm that Mr. maintains the following accounts with us:
1 US dollar savings account, with account number
Mr. has no loans from us.
Signed, date [signature and stamp of the bank]"
I need this statement to open a bank account in the US where I am not a permanent resident. The US bank where I intend to open the additional account already pre approved my new account, and I already submitted to them photocopies of my statements from the HSBC branch where I have my account. I assume that in todays world of wars on terror and drugs, they are required to obtain statements such as the one I requested from my local HSBC branch to clarify that I am an actual person, and not an alias for the purpose of laundering drug trafficking proceeds or the channeling of funds for the next suicide attack on US big business.
I wonder whether Mr. Robin and Ms. Fenny think that Im a drug dealer, or financier of Osama bin Ladens I am not. I am only a writer and an Internet nerd. I am not the standard businessman they prefer to deal with. The kind that wears suits and ties. I dont even own a suite and tie. I only wear casual clothes. While I am beyond 50, I have long hair. That may not make me appear trustworthy in the eyes of the clerks of my local HSBC branch (who all wear suits and ties).
Mr. Robin and Ms. Fenny made it clear to me that they would not issue a statement for me that I maintain an account with them.
I am perplexed.
They indicated that they would be willing to write to the bank with which I intend to open a new account.
Come on!! Im of age. My overall balance on HSBC accounts has been about 100,000 US dollars (before I moved most to Citibank because of the previous lax security of the HSBC Internet banking feature). I dont need to be treated like a grade student who wants to transfer to another school.
I?m grown up and can handle my own affairs. I may have my own style in financial matters (no debts whatsoever, as they would impede my independence).
And I believe that if I maintain an account with a bank, and I need a statement by the bank that this is the case, then it would be proper style and good costumer service to just issue that statement.
This website is set up to provide, for customers with complaints, a direct channel to the HSBC group management.
Somewhere up the ladder, somebody hopefully will take notice.
If somebody does, please contact me. My email address is
For the meantime, this site is open for anybody with complaints about HSBC. Lets join hands to oppose corporate arrogance.
Of course, I am aware that mega multinationals take their time to react.
A single customer complaint in itself is nothing. Only when the matter attracts considerable public attention will they feel any necessity to deal with it.
I know from experience. Its not the first time I write about financial institutions.
Please see my older domain www.AboutPayPal.org. This domain ranks among the top 10 returns on a search with Google for "PayPal", and I receive about a dozen complaint mails a day from people who have problems with that financial institution.
My matters with PayPal have since been settled.
As of HSBC, I am still waiting until some higher up will instruct Mr. Robin to confirm in writing that I have an account with the HSBC branch where he works.