Tesco Bank is reported to be working with the National Crime Agency (NCA) to investigate an incident where suspicious transactions resulted in money being taken from thousands of customers current accounts.
The Money Is Gone.
In what was described by Tesco Bank as a ‘sophisticated’ attack, last weekend saw suspicious transactions spotted by Tesco’s automated monitoring systems in an estimated 40, 000 customer bank accounts. In what many security commentators are saying appears to be a bank hack on an unprecedented scale, Tesco reacted straight away and suspended all transactions while the event was taking place.
Unfortunately there have been reports that despite Tesco’s attempts thwart the attack, money was actually taken from 9,000 current accounts.
Refund Pledge Made Good.
Tesco is reported to have already made good on a pledge to refund any money! Meaning that the 9,000 account holders affected have now been given a total of £2.5 million in refunds altogether!
Core System Is Thought To Be Safe.
Security commentators have suggested that because customers were still able to access ATMs, indications are that the core computer system looks unlikely to have been affected. Tesco did suspend online debit transactions and blocked customers from making online payments using their debit card since Sunday to prevent further criminal activity which worked effectively cutting down from 40,000 potentially affected accounts to 9,000 affected.
Not Many Current Accounts.
Although Tesco Bank has 7.8 million customers, it only has 137,000 current accounts, with the rest of the business being based around loans and credit cards. This is a much smaller number of current account customers than the big 4 banks of the UK; Lloyds Banking Group, HSBC, Royal Bank of Scotland and Barclays.
The majority of Tesco Bank’s business is carried out via an online app, and therefore cyber security is a key concern especially with software such as VoCo being announced! This latest attack has therefore come as a major shock, and looking on the plus side, Tesco Bank was able to spot the incident early, take preventative action, and start alerting customers by text, and quickly issued refunds.
Via The Website.
The speculation by some security commentators at the time was that criminals may have been able to exploit an issue in a third party connection to Tesco’s website in order to break in.
Tesco, however, have since stated that they know the exact nature of the attack but are not able to say as it is part of an on-going criminal investigation.
Tesco Bank Chief executive Benny Higgins has apologised to customers.
What Does This Mean For Your Business?
The financial sector has been warned about the likelihood of cyber-attack attempts and, as customers, it is frustrating to hear that major banks can be affected in this way.
As bank customers, the kinds of precautions we can take are to make sure that we have a very strong password (keep it completely unique to your bank account), and to make sure that the security software on the PC, phone or tablet is kept up to date. Keep your computer clean of viruses!
It is also important to watch out for phishing/malicious looking emails. It may also be the case that you need to be extra vigilant in the wake of an attack as some cyber-criminals have been known to send out spam/phishing emails (posing as updates from the affected company) in order to trick customers into parting with their password details. Never give your password to anyone!
It is seen that if the speed of response from Tesco was not as quick, the impact could have been a lot worse. This reinforces the fact that all companies need to have in place and consistently maintain a disaster recovery plan and policies to adhere to in the event of a major issue.