Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday November 08 2016, @03:41AM   Printer-friendly
from the we-have-detected-a-potentially-fradulent-transaction dept.

The UK Tesco Bank was hacked over the weekend. This is a small independent bank that operates partly through its grocery stores. The scale and speed of this attack is such that some experts think that it was via access at admin level, although it seems that only current accounts were affected.

From the BBC website :

Tesco Bank has halted online payments for current account customers after money was taken from 20,000 accounts. The bank's chief executive Benny Higgins told the BBC he was "very hopeful" customers would be refunded within 24 hours. About 40,000 accounts saw suspicious transactions over the weekend, of which half had money taken, he said.

I have an account myself, but I checked this morning and have lost nothing.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kazzie on Tuesday November 08 2016, @11:08AM

    by kazzie (5309) Subscriber Badge on Tuesday November 08 2016, @11:08AM (#424013)

    I'll admit that I'm not entirely clued up on this, as I'm not a Tesco customer myself.

    Re: "Chip and PIN", I assumed that was an uneducated means of describing the 'calculator-like' authorisation device you use. Does Tesco use one of these? My bank uses a smaller device that has no slot to insert the bank card. Regardless, the person interviewed was definitely non-technical. I just quoted them as best as I recalled the conversation.

    Secondly, it's not clear to me that the issue was with 'online purchases with my card', as opposed to 'online payments through online banking'. To quote a later article [bbc.co.uk]:

    ... this seems to be the first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity".

    That sounds more like the latter to me. With my bank, such payments need additional use of the authorisation device.

    Finally, I'd considered "Verified by Visa" and equivalent schemes to be an example of two factor authentication: give the use of card details and also quoting (part of) a separate password.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2