Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

Tesco Bank Breach – Why Fintech Security Is Imperative

Fintech Security 

Thousands of Tesco Bank accounts were attacked by fraudsters just days ago, and as a result, the online payments of customers’ current accounts were frozen; though regular services are being restored, online and contactless transactions have been suspended. Dubious transactions were apparently seen on around 40,000 accounts, and initial reports suggested theft from 20,000 Tesco Bank clients. However, the latest information available suggests that only 9,000 accounts were involved; although quickly reimbursed by the bank, a total of £2.5 million was pilfered from these luckless clients in the attack. A disturbing episode occurring just as many consumers are beginning to trust some of fintech’s more reputable products.

What Went Wrong?

Details are still scarce, but it’s speculated that this security breach is due to human error (deliberate or accidental) kevin-obrienand/or poor data sharing controls. Currently, the National Cyber Security Centre is working with the National Crime Agency as investigations into Britain’s largest banking cyber-attack proceed. Sadly, we should by no means consider this attack a fluke. CloudTweaks received exclusive comment from, CEO and founder of cyber security platform GreatHorn, who says, “Breaches like this are possible in the U.S. in part because bank security routines for debit transactions are woefully inadequate. Even chip-and-pin technology won’t stop this type of threat; perimeter security that protects against access to card data is a good start, but absent behavioral analytics around account usage, fraudulent transactions will generally not be detected or prevented.

The Threat to Average Consumers

In a case such as this, consumers are left with very little recourse; though stolen funds are being returned to Tesco Bank clients, it’s understood that there was absolutely no client error involved and nothing any of them could have done to better secure their accounts. Says O’Brien, “One of the primary threats to consumers is around illicit use of their debit accounts; seeing this kind of attack compromise a major retailer suggests that we will see an increase in the amount of fraud that is directed at regular users, and likely both immediately and over the long term. One common approach is for thieves to place very small debits against stolen cards, confirming that the cards themselves work, and then follow it with larger drawdown charges months or even years later.”

Tesco Bank chief executive Benny Higgins has assured customers that no personal data has been compromised, a relief for the victims of this latest fraud, but reminding us that the threat of data theft is very real in attacks of this nature. We’re reminded that, unfortunately, the technology we trust needs a fair amount of supervision by ourselves and just because our fintech products are backed by a respected and reputable player doesn’t mean they’re failsafe.

What’s Next?

A warning for the fintech sector, the Tesco Bank cyber-attack will hopefully encourage new and established organizations in the sector to implement more stringent controls. O’Brien remarks, “Overall, this type of threat is a significant one, and should be a warning to the industry that better (and more automated) analysis of security-related activity is a requisite for a modern security posture.” Regrettably, such a fiasco is likely to result in a decline of the general consumer’s opinion of fintech products, the developing trust hard-won to begin with, and with cybercrime increasing financial costs associated with fintech firms it’s possible that this attack and others like it will push customers back to traditional financial systems. But then again, some of our brightest tech talent animates the fintech industry so perhaps with the right regulations and judicious development we can expect products both innovative and unfailingly secure.

By Jennifer Klostermann

About Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.


(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…

Thales Joins the Microsoft Enterprise Cloud Alliance

By CloudBuzz | September 21, 2017

SAN JOSE, Calif., Sept. 21, 2017 /PRNewswire/ — Thales, a leader in critical information systems, cybersecurity and data security, is now a member of the Microsoft Enterprise Cloud Alliance (ECA). Designed to foster innovation and promote awareness of partner solutions, the ECA membership…

Addressing the UK NCSC’s Cloud Security Principles

By CloudBuzz | September 20, 2017

As your organization adopts more cloud services, it’s essential to get a clear picture of how sensitive data will be protected. Many authorities, from government regulators, to industry standards bodies and consortia, have provided guidance on how to evaluate cloud…