MSE News: TSB cancels direct debits of customers who've switched away - and claims they've DIED

HornetSaver

EachPenny wrote: »

Was there a need to make personal comments?

I wouldn't go quite as far as to accept that it was a personal comment, though do understand why you'd see it that way.

I found it incredibly difficult to believe that anyone being entirely serious could suggest that reporting that a switcher had died was not a serious problem, regardless of scale. I still do, though accept the possibility that I could be wrong and will therefore seek to refrain from the same in future.

The point I'm making is that in terms of business impact this particular issue is of only minor relevance to customers staying with TSB.

It's of minor relevance to customers who are happy to stay with TSB. For those who have decided that they've had enough it's the most worrying thing at all. And the worry that getting out might cause issues is hardly likely to make people more likely to join them.

For those who are fortunate enough that barring a little money moving they can treat it as a de-facto 5% fixed savings account on £1,500, the issues are literally irrelevant.

I used to be in that group, but now it's the equivalent of easy-access savings - it's not my main account but I do need to dip into and out of it regularly. I use some of the money for DIY or home furnishings as needed and then seek to top it up with my next earnings to maximise the interest. In my situation I wasn't concerned about the problems at first, but once realising that this is far more deep-rooted than not being able to get onto the site whenever I want, I've started to come to the view that 2% extra on money I really want to be able to get to whenever I want does not justify the risk of being without it for a few weeks, especially with interest rate rises expected in the near future.

For those whose TSB account is their main bank account, it's another kettle of fish entirely. The range of issues faced are numerous and varied, and media of all persuasions and in all forms has to be fair done a good job in shedding light on this from numerous angles.

As far as I'm concerned I'm not going to pass up the opportunity to earn 5% interest on £3k just because a (small?) number of ex-customers have been affected by a most unfortunate mistake.

Do you think you are a typical customer? You're using it in a smart way, as outlined above I have used it in the same way and continue to try to. But the people we are primarily talking about here are people who actually use it for its primarily intended purpose - as a current account.

The predictions of TSB collapsing as a result of this specific 'outrage' are rather overblown.

True.

It also appears the ex-customers who have been affected by this error will be receiving very generous amounts of 'wonga' for the inconvenience they have suffered.

I now think that all TSB account holders as of the start of the "upgrade" should receive compensation, a position I did not hold even a week ago. Even if we entirely ignore the problems that people have faced with day-to-day banking (for whom claiming compensation is the right route), there are some universal issues. This incident has made phishing much more plausible and believable than would ordinarily be the case. The possibility that data has been compromised, cannot be ruled out. And there is good reason to fear leaving, which will contribute to a higher level of customer retention than would have otherwise been the case, something it would be unacceptable for the bank to not take a financial hit for.

EachPenny

HornetSaver wrote: »

I found it incredibly difficult to believe that anyone being entirely serious could suggest that reporting that a switcher had died was not a serious problem, regardless of scale. I still do, though accept the possibility that I could be wrong and will therefore seek to refrain from the same in future.

To repeat, I'm not saying it isn't a serious issue as far as the affected individuals are concerned. But it isn't a serious issue for the future health of TSB as a company - they are not going to go bankrupt or be closed down by the regulator just on this issue alone.

It is also important to get some perspective on the issue. TSB have not killed anybody. Nobody has actually died as a result of a letter sent by TSB. TSB provided some incorrect data to third parties, and those third parties then sent letters to customers. We have to assume that all the customers receiving a letter saying "sorry to hear you are dead" have sufficient intelligence to work out that they are not actually dead and that the letters were sent in error.

So aside from the slighty morbid dimension, the fundamental issue is TSB have fouled up on some switches, which if carried out using CASS will be subject to the usual guarantee. Those customers who are affected can simply set up direct debits on their new account, assuming TSB and the third-party companies involved aren't able to work together to correctly reinstate the DD's on the new account.

In the normal scheme of things, most people receiving a letter saying "sorry to hear you are dead" would probably have a bit of a chuckle and get on the phone to the relevant company to advise them they are still very much alive.

So it isn't quite clear why - just because this has happened during TSB's ongoing problems - that people have turned it in to a disaster on the scale of earthquake, plague, or nuclear war.

Just to reiterate - TSB have not actually killed anybody (yet).

realaledrinker

Yes but problem heaped on problem is causing immense reputational damage. Would anyone open an account with them as things stand? Cannot see how they can continue in the medium term. I can see a 'Resolution' situation whereby Sabadell bail out and the FCA organises a transfer of accounts to one of the other payers.

ValiantSon

realaledrinker wrote: »

Yes but problem heaped on problem is causing immense reputational damage. Would anyone open an account with them as things stand? Cannot see how they can continue in the medium term. I can see a 'Resolution' situation whereby Sabadell bail out and the FCA organises a transfer of accounts to one of the other payers.

Why? Sabadell have no real reason to divest themselves of TSB and moving TSB to another (existing bank) owner would almost certainly require another platform migration. I'm not convinced many people would be keen on that happening!

I see no real reason why TSB can't continue. Certainly they are having a rough time at present, but the business remains perfectly viable. Mountains are being made out of molehills. Outside of this forum, I have heard absolutely nobody complaining about TSB. The media have created a narrative which some people have bought into online, but like many such narratives it exists in something of a bubble. Of course, some people have been inconvenienced, but many more have not (in any truly significant way).

Mchambers

ValiantSon wrote: »

Outside of this forum, I have heard absolutely nobody complaining about TSB. The media have created a narrative which some people have bought into online, but like many such narratives it exists in something of a bubble. Of course, some people have been inconvenienced, but many more have not (in any truly significant way).

Really Mr TSB? Your are having a laugh ! Look at twitter, the news, BBC, etc. There are loads of people complaining and it will continue until TSB sort out this debacle; although that could take many weeks.

We all wait for TSB to compensate us for their incompetence.

masonic

Mchambers wrote: »

Really. What about today's story ?

http://www.bbc.co.uk/news/business-44243768

Things like this happen all the time, but are not usually newsworthy. The fact is SMS-based 2 factor authentication is badly broken and should not be used where security is very important, such as online banking. In the USA, the NIST has put SMS-based 2FA on its restricted list, meaning that organisations and users would be taking a risk by using it. Most of the security-conscious tech industry has moved to more secure time-based authenticator apps.

If you have a current account at Halifax and Lloyds (and possibly others) you are equally at risk. The only difference is right now you stand a better chance of getting through quickly on their fraud line.

It would be interesting to know whether the individual in the article noticed that their phone lost service before or after they saw the loan money credited to their account. An early sign of this type of fraud is that your mobile's SIM is no longer able to register on your mobile network - and seeing that happen could mean that every service that uses text messages or automated phonecalls to that mobile number is at risk of compromise.

ValiantSon

Mchambers wrote: »

Really Mr TSB? Your are having a laugh ! Look at twitter, the news, BBC, etc. There are loads of people complaining and it will continue until TSB sort out this debacle; although that could take many weeks.

We all wait for TSB to compensate us for their incompetence.

Yes, really. I'm talking about real people in the real world, and not the media circus and its attendant social media echo chamber. I did actually make this clear, but your terrible eyesight seems to have prevented you from being able to read my post properly.

EachPenny

masonic wrote: »

It would be interesting to know whether the individual in the article noticed that their phone lost service before or after they saw the loan money credited to their account. An early sign of this type of fraud is that your mobile's SIM is no longer able to register on your mobile network - and seeing that happen could mean that every service that uses text messages or automated phonecalls to that mobile number is at risk of compromise.

This is the real issue, it seems incredible that someone can 'steal' your phone number so easily. If action is required by the Government and/or regulators then it should be about changing the processes of the mobile phone companies to make sure they are dealing with only the account holder when requesting a change of SIM.

Unfortunately the current obsession with slagging off TSB and making out that everything is their fault is distracting attention away from what should be shouted very loudly at customers - that even if you are in physical posession of your mobile fraudsters can effectively steal what many people consider to be a secure means of communication and use it empty your bank accounts.

If I had the option I would now be opting out of having verification codes sent by SMS and use my landline only.

masonic

EachPenny wrote: »

This is the real issue, it seems incredible that someone can 'steal' your phone number so easily. If action is required by the Government and/or regulators then it should be about changing the processes of the mobile phone companies to make sure they are dealing with only the account holder when requesting a change of SIM.

While I agree that the mobile providers could tighten up their security somewhat, including implementing optional 2FA (not SMS-based) for those who want to take it up, SIM swaps are not the only thing to be concerned about. The whole infrastructure was built on the assumption that all devices connecting to the network would be trustworthy. Neither of the S's in SMS stand for Secure.

The situation is very comparable to that of email. It wasn't many years ago that if you forgot a password to a website you might click a link and have it sent, in plain text, to you by email. Which is fine, unless anyone is eavesdropping on your connection (think public wifi), or someone finds out your email account password.

Most decent email providers now send and receive email over an encrypted connection and give you the option to use robust (i.e. not SMS) 2FA. Almost no websites will email a password to you any more, but they often do send a reset link, which could be considered equivalent to a security code. This is much less of a problem a) because the communication channel is encrypted and b) because it's much harder to break into an email account that's locked down with 2FA.

Getting to that level of security with SMS would be... challenging.

Unfortunately the current obsession with slagging off TSB and making out that everything is their fault is distracting attention away from what should be shouted very loudly at customers - that even if you are in physical posession of your mobile fraudsters can effectively steal what many people consider to be a secure means of communication and use it empty your bank accounts.

Yes, the public perhaps have more confidence in the system than is really warranted. It is more convenient than the commonly used alternatives - card readers (issued by the likes of Nationwide and Natwest) and secure keys (issued by HSBC group) - but unfortunately less secure. My preferred solution of an authenticator app isn't used by any bank, but has recently started to be offered by HMRC.

Ultimately, it is the bank's loss and an inconvenience for the customer. I'm not aware of any instance where a bank tried to hold a customer negligent when their security code was intercepted by another device, although I think there have been instances where customers have had to fight their case.

If I had the option I would now be opting out of having verification codes sent by SMS and use my landline only.

The SMS system is very convenient, which is why it is popular. It would be nice if those willing to give up a little convenience for more security were catered for as well.

Mchambers

Is she still poorly ?

I see that MSE posted yesterday that TSB have no idea when their IT problems will be fixed

https://www.moneysavingexpert.com/news/banking/2018/05/tsb-still-hasnt-said-when-its-it-problems-will-be-fixed---a-month-after-they-started.

Oh dear poor TSB.:D

Care to comment Mr TSB ?