Cast your mind back to Saturday, 5 November.
It is 8.30 am in Edinburgh and Tesco Bank boss Benny Higgins is sitting down to breakfast. The taxi he orders every weekend has picked up the papers from the local newsagent so he can flick through them over salmon and scrambled egg.
Higgins likes his taxis. He spent £18,000 swanning around London in them between March and October 2015. He also likes his reading. He’s a voracious absorber of anything from Robert Graves and F. Scott Fitzgerald to Raymond Carver. Hence the pile of papers.
Children flick in and out of the breakfast room – he has six of them. Life could not be better.
It is a lovely start to the weekend for the former Standard Life actuary who was paid £2.2 million in the year to March to run the challenger bank.
It is even better when he picks up The Guardian (not a natural choice for Higgins) and turns to the money section. Although tipped off by his public relations advisers that it was going to be positive, he never thought it would be this good: a front page with the headline screaming ‘Want to earn a guaranteed 3 per cent on your savings? Every little helps at Tesco’.
Accompanying the article is a near half page picture of a trolley full of Tesco branded products: straight cut oven chips, golden vegetable savoury rice and chicken butter basted joint (a coronary awaits).
The first paragraph of the editorial could not be more emphatic. ‘Looking for a better return on your savings? Here’s a tip: get yourself down to Tesco. The decision by high street banks such as Santander to slash interest rates on their current accounts means that for those people who have a few thousand pounds in savings and want easy access to their cash with no nasty shocks, signing up for a Tesco Bank current account is increasingly looking like a no-brainer.’
A bit of a mouthful that last sentence but Higgins could not have asked for a stronger endorsement of his bank if he had asked an employee to write it.
A hundred times better than an advert or an advertorial (advertising dressed up to read like editorial). What a Bonfire Night celebration his family were going to have. Rockets, roman candles, single ignition rockets and of course sparklers that spelt out the magic words ‘Tesco Bank’. The works.
Sadly, the ‘nasty shocks’ were just about to happen. Over the weekend, cyber criminals managed to raid 9,000 Tesco Bank accounts and steal £2.5 million of customers’ hard earned money in a heist described by regulators as ‘unprecedented’. It was the first time thieves had managed to conduct such a mass cyber raid on people’s bank accounts.
‘Signing up for a Tesco Bank current account is increasingly looking like a no-brainer.’ Not on my life. Not on your life. Not on Higgins’ life.
Although Tesco Bank refunded the money promptly, it was roundly criticised for allowing cyber criminals to run amok. Andrew Tyrie MP, the hugely respected chairman of the influential Treasury Select Committee, described the attack as ‘deeply troubling’ and said banks had a ‘long way to go to improve the resilience and security of their IT systems’.
Cyber security experts came out of the woodwork to tell the Financial Times that Tesco Bank had been deliberately targeted by hackers and had weaknesses in its mobile banking apps before the large scale attack took place.
CyberInt, an Israeli company which analyses online data, said it had discovered that Tesco bank customers’ current accounts, savings accounts and credit card details were being traded on the ‘dark web’ – the unsearchable part of the internet used by hackers. According to the FT, one hacker described Tesco bank as a ‘money machine’ and implored comrades to help ‘crack Tesco accounts’ and make ‘serious money’.
This black episode in Tesco Bank’s young history is deeply troubling. Online bank customers are constantly being urged to take various measures to make life difficult for fraudsters. These include using hard-to-guess passwords, registering with Action Fraud Alert (run by City of London) for free to receive regular information about scams and frauds, and picking up useful advice from official websites such as getsafeonline.org and cyberaware.gov.uk.
But none of this will protect them from a cyber-attack similar to the one conducted on Tesco Bank.
It is time for Tesco Bank and rivals to up their game. Rather than relentlessly pursuing new business (a common failing of all banks), they must invest in ever more robust IT – and ever more competent IT personnel. IT expertise needs to be represented at board level so that the fight against cyber-crime is taken seriously.
The regulator, the Financial Conduct Authority, also needs to get tough. If Tesco Bank has been lax in protecting customers’ accounts from cyber criminals, it should be held to account.
If I were the regulator, I would ban Tesco Bank from taking on any more customers until it could reassure me that its IT systems were up to scratch. I would then fine it and its boss Benny Higgins.
As The Guardian would say, it’s a ‘no-brainer’.
Jeff Prestridge is Personal Finance Editor of The Mail on Sunday
PS: You know, you don’t have to use an online bank account. You can still bank at your local branch provided you are prepared to gamble on the fact it will remain open (odds I would say of 50:50).
Comments