Jay Floyd, Head of Fraud Strategy and Solutions EMEA, ACI Worldwide comments on the fraud attack at Tesco Bank over the weekend:
“The fact that Tesco’s fraud prevention systems identified suspicious activity but failed to decline many fraudulent transactions raises serious questions about the bank’s IT systems and fraud prevention capabilities.”
“Compromising 40,000 customer accounts and being able to steal money from half of those accounts suggests that there are serious flaws on the side of the bank and its fraud prevention processes.”
“There are several potential explanations for this attack. It could be a case of internal fraud, where someone with access to the relevant databases has leaked data, or internal team breach, whereby employees working for fraudsters or fraudsters themselves work within call centres and harvest the data over a specific time period. The breach could have also originated via internal offshore operations, in countries with lower fraud prevention processes and employee checks, or it could simply be due to external fraud conducted by hackers.
“An attack like this needs to kick-start a complete review of the bank’s internal fraud prevention strategy. Examining the timing of the fraud will also be key; the fact that the attack happened over the weekend when fraud departments can be thin on the ground, is an important factor which needs to be looked at.”