We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Tesco Bank customers money disappeared & fraud messages
Comments
-
It`s reported that it`s cost TB £2.5 million for their lack of online security to refund affected accounts.
Unless they spend more on security from profits, it will happen again and again at a cost to the customers.
Any betting when the 3% rate will be cut to find the £2.5 million cost?0 -
I love it when people who know very little about corporate IT security and nothing has been said as to how this hack was done claim "this will teach them for their lax security". How do you know that the Tesco systems are weak.... how do you know that the same flaw that hit Tesco Bank does not exist at any other bank. Just because Tesco have been hit, does not mean the others are safe from the same, or other vulnerabilities.
Security of IT systems is very difficult, especially when you expose your services to services which could be accessed by an outsider. The only secure system, is not to have a system at all.
You place security around the system you want to protect, usually in multiple layers, to try and stop people getting in, however they are merely 'road hump' designed to slow an attacker down, this slowness usually allows security personal to spot the attack and shut it down before it gets too far into the system. Sometimes, the perfect storm is generated and with enough effort and luck you can gain access.
Most attacks have an element of 'being done from the inside', usually involving some sort of back door Trojan rather than an individual. This is the easiest way into a system in most case. For example, how many people would pick up a USB stick dropped on the floor and plug it in to see if you could find the owners?0 -
I'd suggest it may stay longer in order to retain and attract customers.Any betting when the 3% rate will be cut to find the £2.5 million cost?
Update here: http://www.bbc.co.uk/news/business-37915755
Yes that's very true. Interesting comment that I heard at a security conference yesterday about the TalkTalk hack - the vulnerability was older than the person that exploited it. If true then it does show the room for improvement but no indication how the Tesco bank attack took placeJust because Tesco have been hit, does not mean the others are safe from the same, or other vulnerabilities.Remember the saying: if it looks too good to be true it almost certainly is.0 -
Most attacks have an element of 'being done from the inside', usually involving some sort of back door Trojan rather than an individual. This is the easiest way into a system in most case. For example, how many people would pick up a USB stick dropped on the floor and plug it in to see if you could find the owners?
Get a Chinese manufacturer to make Kardashian/Paris Hilton/etc. themed USB sticks, embedded with a Trojan. Sell them in 99p auctions on eBay.
Use a fake address in Hong Kong to post out.0 -
I'd suggest it may stay longer in order to retain and attract customers.
Update here: http://www.bbc.co.uk/news/business-37915755
Yes that's very true. Interesting comment that I heard at a security conference yesterday about the TalkTalk hack - the vulnerability was older than the person that exploited it. If true then it does show the room for improvement but no indication how the Tesco bank attack took place
These things can be easily over looked, or missed completely on way or another, especialy if its a system that has been put in place, just works and 'forgotten about' as dev teams move onto the next project...
Yes, there should be audits of systems and possibly 3rd party checks but no test is ever going to outsmart a determined individual with the right skill sets, or a group of people working together to gain access to somewhere.
You can test and test all you want, however unless you have an encyclopaedic mind and know every possible way of getting into a system, sometimes these things do slip by. Perfect example of this is Hatton Garden safe deposit box bank robbery. Perfect security systems overall, so you cant simply walk through the front door, or even a side door/window, but a thick 'impenetrable - nobody would ever consider trying to get through this' wall? Just bring a bigger drill and a long weekend!0 -
Have just tried mine to transfer funds to a broker. One works (the one that they didn't text me about but I then found had an unauthorised payment pending) but the other (the one that looked ok and they did text me about) doesn't. My wife tried hers too and found one works but not the other.Muttleythefrog wrote: »I see people reporting having the same text (as have I) but finding no card function still. Yet another Tesco Bank lie?
We've also both had letters to say they don't have our correct email addresses for any account. I've just checked the accounts and they do in all instances. So they still seem to be struggling.
So maybe worth testing if you intend to use your card soon. In the meantime I'm going to get myself in the right frame of mind to spend another age on the phone.
Just as with any software there can be bugs that won't be known until someone finds them, so the quality of security can't be known until it's penetrated. It can't be denied though that Tesco's handling and subsequent communications haven't been overly impressive.0 -
Am a Tesco Bank Customer , was advised yesterday that all customers would receive new Debit Cards within 7-10 working days .
Am sure a message today contradicted above .
Does anyone happen to know ? Thank you0 -
"Advised" by who?
There seems to be nothing in the press to support this. It would have been logical if the account data for these accounts had been compromised. It seems that account and debit card details where not compromised which still leaves the question of what they actually did?0 -
Me too. I was told when I rang that my card would be replaced, but a later text indicated that cards would not be replaced and would continue to work.anneliese123 wrote: »Am a Tesco Bank Customer , was advised yesterday that all customers would receive new Debit Cards within 7-10 working days .
Am sure a message today contradicted above .
Does anyone happen to know ? Thank you
I haven't yet tried to use the card.0 -
Most attacks have an element of 'being done from the inside', usually involving some sort of back door Trojan rather than an individual. This is the easiest way into a system in most case. For example, how many people would pick up a USB stick dropped on the floor and plug it in to see if you could find the owners?
The majority. It's actually a well practiced way of attacking a specific company also, leave the sticks in their car park.
https://www.schneier.com/blog/archives/2011/06/yet_another_peo.html0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards