Higgins orders suspension
Tesco Bank halts online transactions after attack
The Edinburgh-based bank blocked some customers’ bank cards after its systems identified suspicious activity.
The bank is continuing to investigate the attack and said about 20,000 of nearly eight million customer accounts had been affected.
The hack is the first on a British bank which is known to have resulted in customers losing money,
The attack came to light over the weekend when customers complained about money being withdrawn without permission. They found long delays trying to access accounts.
In a statement issued this morning chief executive Benny Higgins said: “Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently.
“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts.
“That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers.
“While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal.
“We are working hard to resume normal service on current accounts as soon as possible.
“We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, twitter and direct communication.
“We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible.”
Tesco Bank accounts for 2% of UK current accounts, and represents only a small part of Tesco’s overall business.
It contributed £503 million to the group’s revenue of £24.4billion in the first half of its 2016-17 financial year.
Reported attacks on financial institutions in Britain have risen from just five in 2014 to over 75 so far this year, according to the Financial Conduct Authority.
Insiders and security experts say there are many more unreported attacks.
Dr David Day, a computer systems lecturer at Sheffield Hallam University, told a television news programme: “You feel violated. It’s very similar to having your house broken into.”
He said the breach at Tesco Bank could have come from malicious software or skimming devices – which steal data from cards – but what’s most revealing is that the fraudsters targeted a very large number of accounts in one attack.
“It’s my view that it was intentional to do this in one go,” he said. “If the bad guys found a route in, they’ll want to do maximum damage in one attack.”