Tesco Bank

catwoman73

I've never used my bank card and got the 'your account was hacked' email but I didn't lose any money, maybe because there wasn't much in there last weekend.

I changed my security details anyway as I've now filled it up to the £3k.

brianh

As Tesco are now saying no personal data was "stolen" then it seems to me the fraud must have involved someone realising that Tesco had a flaw in their system and they used phantom electronic transactions to move funds out from randomly selected account numbers.

If the full story comes out, it should make fascinating reading.

brianh

I got text messages yesterday asking me to contact their Fraud department as soon as possible.

As part of their going through transactions, they want to confirm that 2 transactions that they blocked (earlier in week) were indeed fraudulent and one they allowed through was genuine. I was able to confirm that but it demonstrates vigilance is still required.

Mee

Just thought the following might be of some use:

[FONT=&quot]Tesco Bank hack: how to make your account safer [/FONT]
[FONT=&quot]Six steps to protect your bank account from fraudsters 09 November 2016
[/FONT][FONT=&quot]
[/FONT][FONT=&quot]Tesco Bank hack: how to make your account saferSix steps to protect your bank account from fraudsters 09 November 2016 Tesco Bank is seeking to reassure customers that normal service has resumed following Saturday's 'sophisticated, systemic attack' against its online banking operation.

[/FONT] [FONT=&quot]The hack, during which 9,000 customers had money stolen from their accounts, was an ‘unprecedented’ attack on the UK banking sector, according to the Financial Conduct Authority. [/FONT]
[FONT=&quot]Tesco Bank has now paid out a total of £2.5m to affected customers.

[/FONT] [FONT=&quot]How did the hack happen?[/FONT]
[FONT=&quot]The new National Cyber Security Center, based out of GCHQ, is now investigating who was behind the attack. But whether it was a criminal gang operating out of Brazil, state-sponsored hackers from North Korea, or a well-placed bank employee, the growing complexity of all our banks’ online security is now under scrutiny. The Tesco Bank hack could have ‘broader implications’ for the entire banking sector, the FCA’s chief executive Andrew Bailey reportedly told the Treasury Select Committee.

[/FONT] [FONT=&quot]How to protect your account[/FONT]
[FONT=&quot]With the prospect that other UK banks could be next, what could we all be doing to better protect our accounts? Against the sort of coordinated attack perpetrated against Tesco, the answer - unfortunately - is 'next to nothing.'

[/FONT] [FONT=&quot]But there are plenty of other steps we can all take to protect ourselves against smaller scale attacks and opportunistic scammers.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]1. Check your inbox[/FONT]
[FONT=&quot]Watch out for emails purporting to be from Tesco Bank and delete them immediately. Never click on links in emails unless you’re sure they’re genuine. Scammers will now be looking to exploit the publicity and fear generated by the hack.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]2. Don't sacrifice security for convenience[/FONT]
[FONT=&quot]Until someone invents an unhackable system, there will always be a trade off between security and inconvenience. As long as customers complain about inconvenience, banks will sacrifice security to reduce the hassle factor.
[/FONT]
[FONT=&quot]If you want to improve the security of your own accounts you have to accept a higher degree of inconvenience. [/FONT]
[FONT=&quot]If your bank offers two-factor authentication for login, for example, activate it immediately.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]We recently tested the customer-facing online security of 11 leading banks. You can see the results here.[/FONT]

[FONT=&quot]3. Scrutinise your statements[/FONT]
[FONT=&quot]As with the Tesco hack, fraudsters will often take small amounts from a large number of people to minimise, or slow down, detection. Scrutinise your statements closely and frequently and immediately query any suspect transactions.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]4. Be extra vigilant on Fridays[/FONT]
[FONT=&quot]It’s common for hackers and scammers to attack on Friday afternoons or over the weekend. In the case of Tesco there was little customers could do but endure the excruciating long wait times to reach customer service.
[/FONT]
[FONT=&quot]Be exceptionally vigilant on Friday afternoons, particularly if you get an email claiming to be your builder with new account details, or a call purporting to be from your bank’s fraud department.[/FONT]

[FONT=&quot]5. Strengthen your passwords[/FONT]
[FONT=&quot]Hackers know people often use the same password for different accounts so will try to use details obtained from the hack of one site to access accounts on a different site. Use a different password for every online account. The more sensitive the account - such as online banking or email – the more complex the password should be.
[/FONT]
[FONT=&quot]Beware using information for your passwords and passcodes that hackers could find online, such as birthdays and anniversaries. Invent answers to memorable questions, such as place of birth, to further confound would-be hackers. Consider using a password manager to help you keep track.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]6. Know your rights[/FONT]
[FONT=&quot]You have greater protection against some type of fraud than others. Where the fault is with the bank, as with the Tesco hack, you will get your money back.
[/FONT]
[FONT=&quot]Regardless of whether it's been caused by a hack, your bank must reimburse you for unauthorised payments, unless it has evidence that you acted with gross negligence or fraudulently.[/FONT]
[FONT=&quot]
[/FONT][FONT=&quot]Banks are under no such obligation if you make a voluntary bank transfer. You should never transfer money directly unless you’re convinced the recipient is who they claim to be.[/FONT]
[FONT=&quot]
Read more: http://www.which.co.uk/news/2016/11/tesco-bank-hack-how-to-make-your-account-safer-456236/# - Which?[/FONT]

Katiehound

m00head wrote: »

http://www.tescobank.com/help/current-account-fraud-update/
Are they implying that it was a security compromise in the Visa debit card or contactless system?

IMHO not the contactless because as countless folk say their card never went out of the house! They use that account as savings, as do I.

The only time my card has ever been out was to change the PIN- it's residing in the house. Strangely the accounts where debit cards were not activated seem to have been safe- so it would point to activated debit cards- (somehow.)

redux

brianh wrote: »

If the full story comes out, it should make fascinating reading.

It won't be too specific. One way to improve security is not publish too much detail of how a successful hack worked, or the new measures in place to ward it off in future.

Meanwhile, this may or may not be interesting

http://www.theregister.co.uk/2016/11/10/tesco_bank_breach_analysis/

Vortigern

m00head wrote: »

Are they implying that it was a security compromise in the Visa debit card or contactless system?

They are not implying anything, but some on here are jumping to conclusions.

Katiehound wrote: »

IMHO not the contactless because as countless folk say their card never went out of the house!

My card has never gone out of the house, but what if the fraudsters had created a duplicate of my card, including the contactless function and/or the magnetic stripe data?

colsten

redux wrote: »

Meanwhile, this may or may not be interesting

http://www.theregister.co.uk/2016/11/10/tesco_bank_breach_analysis/

The Register had the truth about the RBS/Natwest/Ulster issue quite early on because a bank employee or contractor let it slip in the comments.

But this time, the Register clearly have not even got the basics right on what happened. Both, the article and all the comments bar one go on about hacked online access. All those who were affected know that this wasn't the case.

We'd all dearly love to know how it happened but speculating is unlikely to provide us with an answer.

TheBanker

I'm on hold to the Fraud department again... had a text late last night asking me to call.

I did spend £3.50 in the local Tesco last night so maybe that's what triggered it - but it's not an unusual transaction for me. I also got some photos printed in the store.

Having spoken to someone - it is the £6.00 transaction to Max Spielmann in the Tesco store that triggered this.

The woman said they are conducting extra security checks on accounts at the moment due to the incident. I might stop using this card as it's becoming more trouble than it's worth.

TheBanker

Am I the only person who is still having trouble?

After speaking to them to confirm the transactions mentioned in the previous post were genuine, I went shopping. I spent £10 in Tesco using contactless, which worked. I then tried to pay for my car parking and the card was declined.

Phoned Tesco, waited 10 minutes for someone to answer who was from the Credit Card team so could not help me. He said I needed to speak to the security team but nobody was available. I am now, again, waiting for a callback. But I am still waiting for the call back from last weekend so am not hopeful.

I tried to move my money to a different account as I am sick of Tesco. It appears to have been debited but hasn't credited the other account. I hope it's on its way and isn't also caught in a block.