How did cybercriminals manage to steal money from 20,000 accounts?
Tesco has refused to reveal any details of what happened but it is safe to say this was a huge and well-organised operation. Security experts doubt that the fraudsters hacked into the bank’s systems, which are relatively well protected. They think it is more likely the hackers got their hands on customers’ account details from a corrupt insider or a security lapse. The fraudsters may then have hacked into customers’ phones or computers to transfer money out or created fake bank cards to make purchases.
Surely the authorities will be able to trace the money?
Money fraudulently wired is quickly moved through a warren of accounts, mostly set up in false names, in different jurisdictions, often ending up in a country where there is little co-operation with law enforcement. Yesterday victims reported their cash being wired to Brazil.
How did Tesco Bank allow this to happen?
Security experts have criticised the bank’s systems for only stopping half the attempted frauds. Many think the fraudsters chose to act over the weekend when the company would not have many staff working, potentially slowing its reaction.
How common is bank fraud?
One in ten adults has replaced a credit or debit card because of fraud in the past year, losing an average of £485.
Which banks have the best security features?
A recent survey by Which? said First Direct has the best anti-fraud protections, followed by HSBC and Barclays. The worst were TSB and Santander. Which? did not review security at Tesco Bank. The consumer group said the best banks have two-step authentication at login, typically asking for something you know, such as a password, with something you have, such as a mobile phone, on which you get a single-use pass code.
I am a customer of Tesco Bank, what should I do?
The bank says all victims should be refunded by the end of today, even if they have not reported losing money. Get Safe Online advised all customers to check their account and change their passwords.