insider-threats

Tesco Bank Breach – Why Fintech Security Is Imperative

Fintech Security 

Thousands of Tesco Bank accounts were attacked by fraudsters just days ago, and as a result, the online payments of customers’ current accounts were frozen; though regular services are being restored, online and contactless transactions have been suspended. Dubious transactions were apparently seen on around 40,000 accounts, and initial reports suggested theft from 20,000 Tesco Bank clients. However, the latest information available suggests that only 9,000 accounts were involved; although quickly reimbursed by the bank, a total of £2.5 million was pilfered from these luckless clients in the attack. A disturbing episode occurring just as many consumers are beginning to trust some of fintech’s more reputable products.

What Went Wrong?

Details are still scarce, but it’s speculated that this security breach is due to human error (deliberate or accidental) kevin-obrienand/or poor data sharing controls. Currently, the National Cyber Security Centre is working with the National Crime Agency as investigations into Britain’s largest banking cyber-attack proceed. Sadly, we should by no means consider this attack a fluke. CloudTweaks received exclusive comment from, CEO and founder of cyber security platform GreatHorn, who says, “Breaches like this are possible in the U.S. in part because bank security routines for debit transactions are woefully inadequate. Even chip-and-pin technology won't stop this type of threat; perimeter security that protects against access to card data is a good start, but absent behavioral analytics around account usage, fraudulent transactions will generally not be detected or prevented.

The Threat to Average Consumers

In a case such as this, consumers are left with very little recourse; though stolen funds are being returned to Tesco Bank clients, it’s understood that there was absolutely no client error involved and nothing any of them could have done to better secure their accounts. Says O’Brien, “One of the primary threats to consumers is around illicit use of their debit accounts; seeing this kind of attack compromise a major retailer suggests that we will see an increase in the amount of fraud that is directed at regular users, and likely both immediately and over the long term. One common approach is for thieves to place very small debits against stolen cards, confirming that the cards themselves work, and then follow it with larger drawdown charges months or even years later.”

Tesco Bank chief executive Benny Higgins has assured customers that no personal data has been compromised, a relief for the victims of this latest fraud, but reminding us that the threat of data theft is very real in attacks of this nature. We’re reminded that, unfortunately, the technology we trust needs a fair amount of supervision by ourselves and just because our fintech products are backed by a respected and reputable player doesn’t mean they’re failsafe.

What’s Next?

A warning for the fintech sector, the Tesco Bank cyber-attack will hopefully encourage new and established organizations in the sector to implement more stringent controls. O’Brien remarks, “Overall, this type of threat is a significant one, and should be a warning to the industry that better (and more automated) analysis of security-related activity is a requisite for a modern security posture.” Regrettably, such a fiasco is likely to result in a decline of the general consumer’s opinion of fintech products, the developing trust hard-won to begin with, and with cybercrime increasing financial costs associated with fintech firms it’s possible that this attack and others like it will push customers back to traditional financial systems. But then again, some of our brightest tech talent animates the fintech industry so perhaps with the right regulations and judicious development we can expect products both innovative and unfailingly secure.

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

cloud 2020

IoTT, The Internet of Things, Tomorrow

What Should Your Home Be Telling You? Home. The place where you lay your head to sleep, where a roof ...
Chris

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks “WanaCrypt0r 2.0” or “WannaCry,” an unprecedented global ransomware cyber-attack recently hit over 200,000 banking institutions, hospitals, government agencies, ...
Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society's most important functions, teaching can still seem antiquated at times. Many ...
73% of Executives Are Researching & Launching IoT Projects

73% of Executives Are Researching & Launching IoT Projects

New IoT Projects Manufacturing-based IoT connections grew 84% between 2016 and 2017, followed by energy & utilities (41%). 73% of ...
Transparency in the Cloud and the Lack Thereof

Transparency in the Cloud and the Lack Thereof

Cloud Transparency The enterprise cloud is changing the way we do things from our day jobs, to social media, entertainment, and ...
After Cloud? Fog and Edges

After Cloud? Fog and Edges

Are we already looking beyond the cloud? The Internet of Things (IoT) is driving new approaches. Own a smartphone? Odds ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
The Non-Holiday-Specific Mall For Cloud Solutions

The Non-Holiday-Specific Mall For Cloud Solutions

Cloud Solutions Mall If a mall were dedicated to cloud and cloud solutions and that mall had an Easter Bunny ...
Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down ...