Researchers from Cardiff University claim they can crack online security details and access 3.1 million customers' accounts with a maximum of nine attempts.

The team had planned to publish its research in a security journal later this year but it was so shocked by the findings, it decided to go public now. It's unknown if anyone has fallen victim to the security loophole.

Prof Antonia Jones, who led the team, told This Is Money:

"You will most likely get in within five attempts and definitely within nine."

HSBC called the problem a "supposed flaw".

A spokesman said:

"We are always seeking to upgrade our online security and we will examine the issues raised here very closely."