21 October 2017
Register now

Tesco Bank halts transactions after money disappears from customer accounts

07 November 2016  |  14248 views  |  7 Tesco Bank

The banking arm of UK supermarket chain Tesco has frozen transactions after revealing that money has been looted from 20,000 accounts.

The bank discovered the breach over the weekend, observing "criminal activity" in some 40,000 accounts, with funds disappearing from 20,000 customers.

The issue came to light after customers complained about money being withdrawn without permission, cards being blocked and long delays to get through to the bank on the phone. The bank has not revealed how much money was lost to the fraudsters, although customers reported that hundreds of pounds had been siphoned from their accounts, with one victim losing £2,400.

In a statement, the bank's chief executive Benny Higgins says: "As a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal."

The bank, which has more than seven million customers and 136,000 current accounts on its books, has yet to reveal the nature of the fraud, but says that it is working with the police and regulators to track down the missing funds.

Says Higgins: "We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible."

Andrew Tyrie, chair of the Parliamentary Treasury Committee lamented the latest in a long list of failures and breaches of banking IT systems, saying "We can't carry on like this".

"Millions of customers remain unnecessarily exposed to the risks of IT failures, including delays in paying bills and an inability to access their own money," he says. "I will be writing to Tesco Bank's Chief Executive to find out what went wrong, and what actions are being taken to reduce the likelihood of it happening again. Making sure that banks improve their IT systems, and their resilience to cybercrime, is also a responsibility of regulators. We will raise this issue with them again shortly."

UpdateStill no word from Tesco on the exact nature of the fraud, although the bank's chief Higgins describes it as "a systematic, sophisticated attack". Hauled before the Treasury Committee to provide an update on the investigation, FCA chief executive Andrew Bailey provided no further details, except to say that the attack "looks unprecedented in the UK".

Comments: (7)

A Finextra member
A Finextra member | 07 November, 2016, 10:38

Scary stuff!  I can only begin to imagine the damage it will do to Tesco banks' reputation. Given the platform was previously with RBS, I wonder whether they might be exposed too?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 07 November, 2016, 10:49

Possibly the entity needs a complete IT audit of its Core Banking Solution and its interfaces especially with payment cards. Comprehensive IT audit needs a forensic approach at all the levels (OS, DB, Network and Application levels) apart from mobile apps, if any.

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Paul Nash
Paul Nash - CityLearning Ltd - Dublin | 07 November, 2016, 12:23

It looks as if hackers and/or internal actors represent an invincible security threat at the moment.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Bo Harald
Bo Harald - ZEF, Transmeri, Real Time Economy Program - Helsinki Region | 07 November, 2016, 12:36

Adequate security is a long march. Have supervisors done their part? Or has the enthusiasm to get new players in gotten the upper hand? More competition is good - but it should be level play field and the good ones should not suffer..

1 thumb up! 1 thumb up! (Log in to thumb up)
Paul Nash
Paul Nash - CityLearning Ltd - Dublin | 07 November, 2016, 12:41

Has the security vision been amitious enough? We see the prospect of self-driving cars virtually eliminating road accidents caused by human error. Buildings and bridges tend, on the whole, not to collapse -- are similar standards in cyber-protection beyond the wit of (engineering) man?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 07 November, 2016, 15:01 Maybe it was less dramatic - an insider compromises a customer contact Database and then a well orchestrated spearphishing campaign with a MITB attack.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Michael Fuller
Michael Fuller - None - London | 07 November, 2016, 16:09

So do Tesco use two factor authentication or was customer convenience more important? 

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

MasterCard pays out $61 million to settle Tesco interchange suit

MasterCard pays out $61 million to settle Tesco interchange suit

31 July 2015  |  9642 views  |  0 comments | 12 tweets | 7 linkedin
Tesco Bank fixes glitch that caused two-day outage

Tesco Bank fixes glitch that caused two-day outage

05 February 2015  |  7515 views  |  1 comments | 4 tweets | 6 linkedin
Translation cock-up sees ATM users offered 'free erections'

Translation cock-up sees ATM users offered 'free erections'

29 October 2014  |  6072 views  |  0 comments | 11 tweets | 5 linkedin
Tesco introduces current account

Tesco introduces current account

10 June 2014  |  7373 views  |  0 comments | 10 tweets | 11 linkedin
Tesco Bank opens seven millionth customer account; current accounts to come in H1

Tesco Bank opens seven millionth customer account; current accounts to come in H1

18 February 2014  |  6783 views  |  0 comments | 9 tweets | 6 linkedin
Tesco glitch locks RBS and NatWest cards

Tesco glitch locks RBS and NatWest cards

03 January 2014  |  8653 views  |  3 comments | 6 tweets | 6 linkedin
Tesco Bank embarks on hiring spree ahead of current account launch

Tesco Bank embarks on hiring spree ahead of current account launch

11 December 2013  |  4544 views  |  0 comments | 2 tweets | 6 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.innotribe.comvisit www.atos.netvisit www.fivedegrees.nl

Top topics

Most viewed Most shared
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
8841 views comments | 22 tweets | 26 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8633 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7712 views comments | 9 tweets | 17 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
7186 views comments | 10 tweets | 22 linkedin
Eight banks form joint venture to launch blockchain trade platformEight banks form joint venture to launch b...
6791 views comments | 14 tweets | 23 linkedin

Featured job

Competitive base + commission + benefits
New York City, NY - USA

Find your next job