Tesco Bank suspends transactions after serious hack
Written by staff reporter
Tesco Bank today took the extreme measure of freezing all customer transactions after it was hacked and money taken from some 20,000 customers, with another 20,000 affected, though not currently found to be out of pocket.
The activity is thought to have occurred over the weekend. Temporarily stopping online transactions from current accounts, Tesco Bank's chief executive, Benny Higgins said current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal.
"We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, twitter and direct communication," the bank said in a statement. "We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible."
Security advocate at AlienVault, and former information security team member at Tesco Bank, Javvad Malik, said the vast scale of this attack makes it likely that a main banking system was compromised "I wouldn’t be surprised if it turns out to be linked to either a compromised third party or an insider," he said. "Online banking is generally safe enough and fit for purpose. There are improvements being made, with many banks deploying card-reader or one-time-password tokens to customers which are needed to logon or to pay a new account. I say safe enough, because there is compensation, insurance, and other coverage in place. So as long as customers are refunded their money, and the losses remain within the banking fraud appetite, it remains a viable business model."
Malik said one of the biggest challenges banks in the UK remains the issue of legacy software and systems. "Many core banking applications run on old architecture build around mainframes. While these are robust systems and do well in crunching the numbers, the added functionality of online banking, faster payments...all [have] to be bolted on,” he explained.