Tesco Bank says attack affected 9,000 customers

tescorobThe attack which saw money taken from Tesco Bank accounts was smaller than at first thought, the bank has said.

Tesco said 9,000 current account customers had money taken in the fraud, less than half the 20,000 initially reported to have had money removed.

Personal data “was not compromised” in the attack, and all accounts affected had been refunded, the bank said.

It said this refund had cost it £2.5m, and that it was continuing to help with the investigation into the incident.

“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” said chief executive Benny Higgins.

Current account customers had been blocked from making online payments using their debit card since Sunday, an action the bank said it had taken “to prevent criminal activity”.

“We’d again like to apologise for the worry and inconvenience this issue has caused,” said Mr Higgins.

No details

Tesco Bank said it was hit by a “a systematic, sophisticated attack” at the weekend.

Mr Higgins said the bank knew “exactly” what the attack was, but could not say more because it was part of a criminal investigation.

The National Crime Agency (NCA) is leading the investigation into the case.

Despite a series of questions from BBC News, no more details have been given.

Andrew Bailey, chief executive of the Financial Conduct Authority (FCA) earlier told MPs he was worried about weaknesses in banks’ complex IT systems.

The more complex banks’ IT systems were, the more potential “points of entry” were available for criminals, he suggested.

“The heart of concern is what is the root cause of this [Tesco attack] and what it tells us about the broader threats,” Mr Bailey said.

Banks must refund unauthorised payments immediately in the case of fraud, unless they have evidence that the customer was at fault or the payment was more than 13 months ago.

Banks are also required to refund any charges or interest added to a customer’s account as a result of the fraudulent payments.

Tesco Bank has been owned by Tesco plc since 2008, after starting as a joint venture with Royal Bank of Scotland.

Original Article here