Fix - Hsbc Dongle

[Insert Current Date] Prepared For: Internal Audit / IT Security Committee / End-User Documentation Subject: Analysis of the HSBC Physical Authenticator ("Dongle") for Corporate and Personal Banking 1. Executive Summary The HSBC Security Device (dongle) is a hardware-based authentication token designed to provide two-factor authentication (2FA) for online banking transactions. Its primary purpose is to mitigate the risk of unauthorized access, phishing, and man-in-the-middle attacks. This report confirms that while the device remains a robust security measure for legacy systems (notably HSBCnet for corporate clients), HSBC is progressively migrating toward software-based and biometric authentication methods. The device requires strict physical and operational controls to remain effective. 2. Purpose and Functionality The dongle generates a time-based or event-based one-time password (OTP) to verify user identity during high-risk actions.

Low to Moderate Recommended Future Direction: Hybrid support – hardware token for high-risk corporate roles; mobile soft token for all others. Appendix A: Quick Reference – Troubleshooting Common Dongle Issues | Issue | Probable Cause | Action | |-------|----------------|--------| | No display after pressing button | Dead battery | Request replacement via HSBC branch | | “Invalid code” error | Time drift or wrong device | Wait for new code, re-enter; if persists, call HSBC support | | Device lost | Physical loss | Immediately call HSBC to suspend online access | | Code accepted for login but not for transaction | Session mismatch or duplicate use | Refresh page, generate brand new code | Report Prepared By: [Your Name / Department] Reviewer: Information Security Office Distribution: Finance, IT Risk, Customer Support Training hsbc dongle

Evaluation and Operational Overview of the HSBC Security Device (Hardware Token) [Insert Current Date] Prepared For: Internal Audit /