re the comments on internet banking security. The issue here was phone banking. HSBC uses a keypad thingummy to get on to the internet site. I assume this is more secure than either a single password or asking questions and giving access regardless of whether you can answer them.
My experience of HSBC’s anti-fraud people is very good (eg card declined at US hotel reception and as I got out an alternative card to pay with they phoned to confirm it really was me in the states and reactivate the card). Nothing like the service OP is experiencing (not doubting the story, commenting on the inconsistency).