Tesco Bank suspends online transactions due to cyberattack
UK-based Tesco Bank has revealed that 20,000 of its customers had up to £2,000 stolen from their accounts in a cyberattack. As a result, all online transactions have been frozen for 24 hours until the situation is bank “under full control”, according to Benny Higgins, Tesco Bank’s CEO.
The attack took place of the weekend – 40,000 accounts were hacked. The bank issued an apology to its customers.
The incident is now being investigated by the National Crime Agency.
The bank fears that the cybercriminals may have found a way to create cards for Tesco Bank accounts to use them to withdraw and spend money.
The bank says that customers can still use their cards (those that haven’t been blocked). Those who need to get cash from their accounts but don’t have a card should go to a Tesco supermarket to get emergency funds.
According to the reports in the national press, the bank failed to address customer concerns effectively. Customers had to wait for hours to speak to the bank – only to be offered £25 in compensation and wishing them “a good weekend”. Later the bank said it would provide full refunds within 24 business hours to all affected customers and the new cards would be issued within seven to ten days.
Tesco Bank: what’s the tech
Tesco Bank uses Fiserv’s Signature core banking system.
Its mortgage origination and servicing software is provided by Capita Mortgage Software Solutions (formerly Vertex Financial Services).
For credit card processing, the bank uses the TS2 processing platform provided by TSYS. TSYS provides Tesco Bank’s credit card business with full customer account management services. According to the reports in the national press, the provider may have also been targeted by cybercriminals.
UPDATE 8 November 2016: Tesco Bank believes a cyber criminal gang from Brazil and Spain is responsible for the attack. It has also emerged that fraudsters from Brazil have been targeting the bank’s customers for months with phishing scams in the run-up to the major hack.
The UK’s regulator, Financial Conduct Authority (FCA) is now investigating the incident. Tesco Bank has reportedly faced a number of warnings over the potential vulnerabilities of its security systems.
Meanwhile, Tesco Bank has enlisted the help of the Government Communications Headquarters (GCHQ), the UK’s intelligence and security organisation, to investigate the attack.