Tesco Bank Halts Transactions After Online Fraud

Tesco Bank has halted online transactions after reports emerged this weekend of fraud on customer accounts. Up to 40,000 personal accounts of Tesco bank holders are said to have been affected.

Tesco Bank is understood to have more than seven million customer accounts and 4,000 staff, and has been challenging traditional High Street banking chains for a number of years now.

Unfortunately for it, customers began complaining this weekend of money missing from their bank accounts, as much as £600.

Criminal Activity

Benny Higgins, chief executive of the supermarket chain’s banking arm, told The Guardian newspaper that the decision to stop online transactions was an attempt to protect customers. He said 40,000 accounts had been affected, half of which had had money withdrawn in what he described as “online criminal activity”.

TechWeekEurope has not been able to reach Tesco, despite repeated attempts, at the time of writing.

“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers,” Higgins was quoted as saying.

“While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.”

“We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, Twitter and direct communication.”

Security Worries

There is no word yet whether the missing money is the result of a compromise of Tesco systems, but it should noted that the supermarket’s systems, albeit not banking, have been compromised before.

In 2013 it called the police after it discovered that ClubCard vouchers had gone missing from customer accounts. Reports at that time indicated vouchers worth hundreds of pounds had been stolen from those shoppers who had stored up their rewards.

In 2012 TechweekEurope revealed that the Tesco website contained an XSS flaw, which could have helped hackers hijack customer accounts by having session cookies sent to attacker-controlled servers.

In 2014 Tesco confirmed that over 2,000 customers had had their usernames and passwords stolen in a security breach. Even worse this account data was posted on popular text-sharing site Pastebin. The supermarket was then forced to deactivate the compromised online accounts.

Expert view

“This significant hack at Tesco Bank follows a recent string of huge cyber-attacks on well-established companies and organisations,” said Andrew Tschonev, technical specialist at Darktrace. “In this latest situation, it is clear that financial information is not being sufficiently protected by the traditional security measures which fail in the face of an ever-evolving threat.

“With attackers targeting everyone and anyone, today’s businesses cannot safely assume that ‘it won’t happen to them’. By developing an ‘immune system’ for their networks, companies can identify suspicious behaviours as they emerge, and respond to them before serious damage is done.

“Tesco Bank has a long road ahead. Establishing exactly what has happened, who has been affected and how they can recover is going to be a complex task. However, the consequent shake-up in their security team should help strengthen their defences for the future. Other businesses will have to echo such reform in their own security practices, if they want to avoid being next.”

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago