“Secure” Login at HSBC Credit Card Website

If you have an HSBC Credit Card, here is a security warning for you:

The website http://www.hsbccreditcard.com/ is not secure and their “Secure Login” is also not secure. You should always look for https:// in the URL to make sure that a site is secure. Just having the words “Secure” and  a padlock does not make the login secure.

If you are technically inclined here is the form source code from that page:

<form id=”login” method=”post” action=”” enctype=”application/x-www-form-urlencoded” target=”_self” onsubmit=”if (this.submitted) return false; this.submitted = true; return true”>

That means that the form is not even submitted to a secure page and it doesn’t even hash your password onsubmit. So if you do have an HSBC Credit card, use this link:


It is shameful that a large bank is so willy nilly about your security.

2 thoughts on ““Secure” Login at HSBC Credit Card Website

Leave a Reply

%d bloggers like this: