Tesco Bank halts transactions after money disappears from customer accounts

The banking arm of UK supermarket chain Tesco has frozen transactions after revealing that money has been looted from 20,000 accounts.

  43 7 comments

Tesco Bank halts transactions after money disappears from customer accounts

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The bank discovered the breach over the weekend, observing "criminal activity" in some 40,000 accounts, with funds disappearing from 20,000 customers.

The issue came to light after customers complained about money being withdrawn without permission, cards being blocked and long delays to get through to the bank on the phone. The bank has not revealed how much money was lost to the fraudsters, although customers reported that hundreds of pounds had been siphoned from their accounts, with one victim losing £2,400.

In a statement, the bank's chief executive Benny Higgins says: "As a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal."

The bank, which has more than seven million customers and 136,000 current accounts on its books, has yet to reveal the nature of the fraud, but says that it is working with the police and regulators to track down the missing funds.

Says Higgins: "We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible."

Andrew Tyrie, chair of the Parliamentary Treasury Committee lamented the latest in a long list of failures and breaches of banking IT systems, saying "We can't carry on like this".

"Millions of customers remain unnecessarily exposed to the risks of IT failures, including delays in paying bills and an inability to access their own money," he says. "I will be writing to Tesco Bank's Chief Executive to find out what went wrong, and what actions are being taken to reduce the likelihood of it happening again. Making sure that banks improve their IT systems, and their resilience to cybercrime, is also a responsibility of regulators. We will raise this issue with them again shortly."

UpdateStill no word from Tesco on the exact nature of the fraud, although the bank's chief Higgins describes it as "a systematic, sophisticated attack". Hauled before the Treasury Committee to provide an update on the investigation, FCA chief executive Andrew Bailey provided no further details, except to say that the attack "looks unprecedented in the UK".

Sponsored New Event Report – Natural Capital Finance

Related Company

Comments: (7)

A Finextra member 

Scary stuff!  I can only begin to imagine the damage it will do to Tesco banks' reputation. Given the platform was previously with RBS, I wonder whether they might be exposed too?

A Finextra member 

Possibly the entity needs a complete IT audit of its Core Banking Solution and its interfaces especially with payment cards. Comprehensive IT audit needs a forensic approach at all the levels (OS, DB, Network and Application levels) apart from mobile apps, if any.

A Finextra member 

It looks as if hackers and/or internal actors represent an invincible security threat at the moment.

Bo Harald

Bo Harald Chairman/Founding member, board member at Trust Infra for Real Time Economy Prgrm & MyData,

Adequate security is a long march. Have supervisors done their part? Or has the enthusiasm to get new players in gotten the upper hand? More competition is good - but it should be level play field and the good ones should not suffer..

A Finextra member 

Has the security vision been amitious enough? We see the prospect of self-driving cars virtually eliminating road accidents caused by human error. Buildings and bridges tend, on the whole, not to collapse -- are similar standards in cyber-protection beyond the wit of (engineering) man?

A Finextra member 

Maybe it was less dramatic - an insider compromises a customer contact Database and then a well orchestrated spearphishing campaign with a MITB attack.

Michael Fuller

Michael Fuller Former Retail Banker at None

So do Tesco use two factor authentication or was customer convenience more important? 

[Webinar] Operational Resilience in the age of DORAFinextra Promoted[Webinar] Operational Resilience in the age of DORA