If you have an HSBC Credit Card, here is a security warning for you:
The website http://www.hsbccreditcard.com/ is not secure and their “Secure Login” is also not secure. You should always look for https:// in the URL to make sure that a site is secure. Just having the words “Secure” and a padlock does not make the login secure.
If you are technically inclined here is the form source code from that page:
<form id=”login” method=”post” action=”” enctype=”application/x-www-form-urlencoded” target=”_self” onsubmit=”if (this.submitted) return false; this.submitted = true; return true”>
That means that the form is not even submitted to a secure page and it doesn’t even hash your password onsubmit. So if you do have an HSBC Credit card, use this link:
https://www.hsbccreditcard.com/
It is shameful that a large bank is so willy nilly about your security.
This seems to be fixed now, at least for users with JS enabled.
http://www.hsbccreditcard.com/ still works and still has the non-secure login box on the site called “Secure Login”