The victim reads the code.

If you add your HSBC card to Apple Pay or Google Pay, you never enter a Secure Code for a coffee. Why? Because the moment you added the card, HSBC created a that lives inside your phone’s secure enclave.

It is a liability. Because customers have been trained to treat the code as "proof of bank," they willingly hand it over to scammers. The Future: What Comes Next? HSBC is already piloting the successor in Hong Kong and the UK: Biometric Secure Code .

Every time you tap your phone at Starbucks, your iPhone and HSBC perform a silent cryptographic dance. A unique code is generated, used, and discarded before the coffee even finishes pouring. You never see it. That is the holy grail—security with zero friction. So, is HSBC Secure Code good enough?

You’re about to buy a new laptop. You’ve clicked “checkout.” Your card details are in. Then, the screen freezes. A small gray box pops up from your browser, or a push notification buzzes your phone.

This is the world of . The Password is Dead (Long Live the Token) For years, banking security was a dirty secret. Your "secret word" or "memorable date" was floating around in databases that were getting hacked constantly. If you used "Password123" for your gym membership and your bank, you were a thief’s lottery ticket.