Tesco Bank Breach – Why Fintech Security Is Imperative

Tesco Bank Breach – Why Fintech Security Is Imperative

Fintech Security 

Thousands of Tesco Bank accounts were attacked by fraudsters just days ago, and as a result, the online payments of customers’ current accounts were frozen; though regular services are being restored, online and contactless transactions have been suspended. Dubious transactions were apparently seen on around 40,000 accounts, and initial reports suggested theft from 20,000 Tesco Bank clients. However, the latest information available suggests that only 9,000 accounts were involved; although quickly reimbursed by the bank, a total of £2.5 million was pilfered from these luckless clients in the attack. A disturbing episode occurring just as many consumers are beginning to trust some of fintech’s more reputable products.

What Went Wrong?

Details are still scarce, but it’s speculated that this security breach is due to human error (deliberate or accidental) kevin-obrienand/or poor data sharing controls. Currently, the National Cyber Security Centre is working with the National Crime Agency as investigations into Britain’s largest banking cyber-attack proceed. Sadly, we should by no means consider this attack a fluke. CloudTweaks received exclusive comment from, CEO and founder of cyber security platform GreatHorn, who says, “Breaches like this are possible in the U.S. in part because bank security routines for debit transactions are woefully inadequate. Even chip-and-pin technology won’t stop this type of threat; perimeter security that protects against access to card data is a good start, but absent behavioral analytics around account usage, fraudulent transactions will generally not be detected or prevented.

The Threat to Average Consumers

In a case such as this, consumers are left with very little recourse; though stolen funds are being returned to Tesco Bank clients, it’s understood that there was absolutely no client error involved and nothing any of them could have done to better secure their accounts. Says O’Brien, “One of the primary threats to consumers is around illicit use of their debit accounts; seeing this kind of attack compromise a major retailer suggests that we will see an increase in the amount of fraud that is directed at regular users, and likely both immediately and over the long term. One common approach is for thieves to place very small debits against stolen cards, confirming that the cards themselves work, and then follow it with larger drawdown charges months or even years later.”

Tesco Bank chief executive Benny Higgins has assured customers that no personal data has been compromised, a relief for the victims of this latest fraud, but reminding us that the threat of data theft is very real in attacks of this nature. We’re reminded that, unfortunately, the technology we trust needs a fair amount of supervision by ourselves and just because our fintech products are backed by a respected and reputable player doesn’t mean they’re failsafe.

What’s Next?

A warning for the fintech sector, the Tesco Bank cyber-attack will hopefully encourage new and established organizations in the sector to implement more stringent controls. O’Brien remarks, “Overall, this type of threat is a significant one, and should be a warning to the industry that better (and more automated) analysis of security-related activity is a requisite for a modern security posture.” Regrettably, such a fiasco is likely to result in a decline of the general consumer’s opinion of fintech products, the developing trust hard-won to begin with, and with cybercrime increasing financial costs associated with fintech firms it’s possible that this attack and others like it will push customers back to traditional financial systems. But then again, some of our brightest tech talent animates the fintech industry so perhaps with the right regulations and judicious development we can expect products both innovative and unfailingly secure.

By Jennifer Klostermann

About Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

View All Articles

Sorry, comments are closed for this post.

Comics
Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…