HSBC says no breach but confirms ‘unusual transactions’ in some accounts


Posted at Jan 20 2021 07:05 PM

HSBC says no breach but confirms ‘unusual transactions’ in some accounts 1

MANILA - HSBC on Wednesday denied that its online systems had been breached following complaints from customers saying they received text messages for online transactions that they did not make. 

However, HSBC also confirmed detecting “unusual transactions” in some credit card accounts.

"HSBC has detected unusual transactions and customers received sms (text) alerts. We assure customers that our fraud and security monitoring systems remain intact and uncompromised,” the bank said in a statement. 

The bank apologized to customers experiencing issues with SMS security alerts related to HSBC-issued credit cards, and clients who are unable to contact its customer care services.

Numerous complaints were posted on HSBC’s official Facebook page by cardholders who received one-time PIN alerts text messages for online transactions they did not make. 

Some said they could not access the HSBC hotlines to report the “unauthorized transactions”, while others said they were concerned that their personal data may have already been compromised. 

In a Facebook post on Tuesday, HSBC apologized for the inconvenience.

“We are currently experiencing high call volumes in our hotlines. Please accept our sincere apologies for any inconvenience caused.

“We take your concerns seriously,” the statement read. 

HSBC said cardholders can also relay their concerns via Facebook private messaging, or secure internet banking message.


Privacy and information security professional Lito Averia told ABS-CBN News there are several ways for unauthorized or unscrupulous persons to obtain credit card data: dumpster diving, phishing, and through one’s online purchases. 

Averia said dumpster diving involves rummaging through trash thrown away by credit cardholders who don’t destroy their billing statements which contain their addresses and other personal details. 

“Phishing — sometimes some victims receive email from what appears to be a legitimate email, from let’s say the credit card company, and the credit card holder is asked to update his account,” Averia added.

"Phishing emails may be sent by one source to many target recipients," he explained.

“Other ways is what we call naman the ‘man in the middle attack’ where for example you are transacting with a business, you’re buying something from the online markets, and they are able to catch your credit card numbers and other details,” Averia added.

Averia advises credit cardholders to write off, blot, or cut out important data on their bills before throwing them away. 

Credit cardholders should also avoid clicking links or opening emails from unknown or suspicious sources, refrain from sharing credit card information, and exercise parental control and gadget supervision over children.

- Report from Ina Reformina, ABS-CBN News

Watch more on iWantTFC