FCA hits Tesco Bank with £16.4 million fine for cyber failings

The UK's banking watchdog has slapped the banking arm of UK supermarket chain Tesco with a £16.4 million fine for its failure to prevent a cyber attack that affected thousands of customers in 2016.

  9 Be the first to comment

FCA hits Tesco Bank with £16.4 million fine for cyber failings

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The Financial Conduct Authority has slammed Tesco Bank for failing to exercise due skill, care and diligence in protecting its personal current account holders against the attack, which netted the perpetrators £2.6 million and was described at the time as an "unprecedented" assault against a UK regulated bank.

The FCA says the criminals exploited deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team to carry out the attack.

it is believed that Tesco Bank may have left itself open to fraud by issuing debit cards with sequential numbers.

Mark Steward, executive director of enforcement and market oversight at the FCA, says: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks. In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all."

In levelling the fine, the FCA says Tesco Bank avoided a much higher penalty amounting to £33,562,400, by acting swiftly to correct the deficiencies identified and agreeing to an early settlement of the matter.

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Comments: (0)

[New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses ServicesFinextra Promoted[New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses Services Industry