insider-threats

Tesco Bank Breach – Why Fintech Security Is Imperative

Fintech Security 

Thousands of Tesco Bank accounts were attacked by fraudsters just days ago, and as a result, the online payments of customers’ current accounts were frozen; though regular services are being restored, online and contactless transactions have been suspended. Dubious transactions were apparently seen on around 40,000 accounts, and initial reports suggested theft from 20,000 Tesco Bank clients. However, the latest information available suggests that only 9,000 accounts were involved; although quickly reimbursed by the bank, a total of £2.5 million was pilfered from these luckless clients in the attack. A disturbing episode occurring just as many consumers are beginning to trust some of fintech’s more reputable products.

What Went Wrong?

Details are still scarce, but it’s speculated that this security breach is due to human error (deliberate or accidental) kevin-obrienand/or poor data sharing controls. Currently, the National Cyber Security Centre is working with the National Crime Agency as investigations into Britain’s largest banking cyber-attack proceed. Sadly, we should by no means consider this attack a fluke. CloudTweaks received exclusive comment from, CEO and founder of cyber security platform GreatHorn, who says, “Breaches like this are possible in the U.S. in part because bank security routines for debit transactions are woefully inadequate. Even chip-and-pin technology won't stop this type of threat; perimeter security that protects against access to card data is a good start, but absent behavioral analytics around account usage, fraudulent transactions will generally not be detected or prevented.

The Threat to Average Consumers

In a case such as this, consumers are left with very little recourse; though stolen funds are being returned to Tesco Bank clients, it’s understood that there was absolutely no client error involved and nothing any of them could have done to better secure their accounts. Says O’Brien, “One of the primary threats to consumers is around illicit use of their debit accounts; seeing this kind of attack compromise a major retailer suggests that we will see an increase in the amount of fraud that is directed at regular users, and likely both immediately and over the long term. One common approach is for thieves to place very small debits against stolen cards, confirming that the cards themselves work, and then follow it with larger drawdown charges months or even years later.”

Tesco Bank chief executive Benny Higgins has assured customers that no personal data has been compromised, a relief for the victims of this latest fraud, but reminding us that the threat of data theft is very real in attacks of this nature. We’re reminded that, unfortunately, the technology we trust needs a fair amount of supervision by ourselves and just because our fintech products are backed by a respected and reputable player doesn’t mean they’re failsafe.

What’s Next?

A warning for the fintech sector, the Tesco Bank cyber-attack will hopefully encourage new and established organizations in the sector to implement more stringent controls. O’Brien remarks, “Overall, this type of threat is a significant one, and should be a warning to the industry that better (and more automated) analysis of security-related activity is a requisite for a modern security posture.” Regrettably, such a fiasco is likely to result in a decline of the general consumer’s opinion of fintech products, the developing trust hard-won to begin with, and with cybercrime increasing financial costs associated with fintech firms it’s possible that this attack and others like it will push customers back to traditional financial systems. But then again, some of our brightest tech talent animates the fintech industry so perhaps with the right regulations and judicious development we can expect products both innovative and unfailingly secure.

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

CONTRIBUTORS

Chris Gerva

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...

NEWS

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...