In response to reports that the UK's Tesco Bank stops online transactions after 20,000 hit by fraud and 40,000 were hit with fraud attempts:
Shane Stevens, Director of Omni-Channel Identity and Trust Solutions, VASCO Data Security, says: It goes to show the criticality of what each bank needs to do to protect their customers. Banks need to take a step back and assess all their endpoint access and all their layers of security. A thorough assessment must be done to validate their current code and gaps so that they can put together a security game plan that will drive advanced protection against fraudsters in the marketplace. Merely sharing security knowledge and communications from CEO to Teller and from Bank to Bank is no longer making the cut. It's time for executives to take action across all banks to drive a global convergence of intelligent security solutions, as customers and banks don’t know who to trust anymore and that's actually making it easier for cybercriminals to succeed.
Mark Wilson, Director of Product Management, STEALTHbits Technologies says: "The big question is: how did the perpetrator get access to 40,000 accounts? Internet Banking utilizes multi-factor authentication. Were 2-factor authentication tokens compromised? If so, that could cast a shadow across the whole online banking and finance sector. The average person on the street tends to be nervous about online banking and any form of digital transaction. This breach will only enforce that concern. What untold damage could this do to the online banking industry?
Has there been an insider breach over time, and customer details kept in some form of external repository? If so, what other data has been compromised? Were the credentials sold to the highest bidder?
Of course, having your bank account drained is a terrible thing to deal with, but what else could those account details be used for?
Tesco is not just a retail bank, it's also the largest grocery retailer in the UK with many other services such as mobile telecoms, internet, insurance and credit services, so unless Tesco segregates those platforms, it stands to reason that they may also at risk – or perhaps already compromised."