|
Cyber fraudsters take
money out of 20,000 Tesco Bank accounts
Send a link to a friend
 [November 07, 2016]
By Estelle Shirbon
LONDON
(Reuters) - The banking arm of Britain's biggest retailer Tesco was
scrambling on Monday to deal with an online attack over the weekend on
40,000 customers' accounts, 20,000 of which had money removed.
The hack is the first on a British bank known to have resulted in
customers losing money, adding to growing concerns about the British
financial sector's vulnerabilities to cyber attacks, which have jumped
in frequency over the past two years.
Tesco Bank, which manages 136,000 current accounts, stopped all online
transactions while it worked to resume normal service, although
customers could still use their bank cards in shops and to withdraw
money from cash machines.
"Any financial loss that results from this fraudulent activity will be
borne by the bank," Tesco Bank Chief Executive Benny Higgins told BBC
radio. "Customers are not at financial risk."
"We think it would be relatively small amounts that have come out but
we're still working on that," he said, adding that he expected the cost
of refunding customers would be "a big number but not a huge number".
Shares in supermarket chain Tesco, which wholly owns Tesco Bank, were
down 1.2 percent at 200.20 pence by 1030 GMT.
The bank is a minnow in Britain's retail banking market, with about 2
percent of current accounts, and represents only a small part of Tesco's
overall business.
It contributed 503 million pounds ($623.4 million) to the group’s
revenue of 24.4 billion pounds in the first half of its 2016-17
financial year.
But while the financial hit to the group may be limited, Tesco Bank
risks serious reputational damage from an attack that affected 29
percent of its customer current accounts.
Other British banks have been targeted by cyber attacks in recent years,
but the Financial Conduct Authority (FCA) which regulates the sector
said it was not aware of any previous incident in which customers had
lost money.
Reported attacks on financial institutions in Britain have risen from
just five in 2014 to over 75 so far this year, according to FCA data,
but bank executives and providers of security systems say there are many
more unreported attacks.
[to top of second column] |
A Tesco supermarket is seen, in west London on September 30, 2008. .
REUTERS/Toby Melville/Files
HSBC issued a series of apologies to customers earlier this year after
its UK personal banking websites were shut down by a “denial of service”
attack, but no customer funds were at threat during that breach.
Cliff Moyce, global head of financial services at DataArt, a network of
technology consulting and software services firms, said reduced staffing
levels over the weekend were likely to have been one of the reasons for
the impact of the hack.
"The clever part was doing it over the weekend when banks are typically
understaffed, and will respond more slowly," he said in a comment
emailed to media.
"Automated fraud detection systems appear to have worked well, but a
lack of people at desks will not have helped."
Other well-known British brands hit by significant cyber attacks over
the past year include telecoms firms TalkTalk [TALK.L] and Vodafone [VOD.L],
business software provider Sage [SGE.L] and electronic goods retailer
Dixons Carphone [DC.L].
(Additional reporting by Michael Holden, James Davey and Huw Jones;
Editing by Greg Mahlich)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
