The Financial Conduct Authority (FCA) has fined Tesco Bank £16.4m for its failure to adequately protect customers from a 2016 cyber attack, which saw fraudsters claim over £2.2m worth of transactions over a 48-hour period.
Tesco Bank failed to exercise due skill, care and diligence in protecting its personal current account holders in a "largely avoidable" attack that saw cyber criminals exploit deficiencies in the design of its debit card, its financial crime controls and the competence of its Financial Crime Operations Team. According to the regulator's 1 October enforcement notice, the attackers are understood to have used an algorithm that generated authentic Tesco Bank debit card numbers and, using those "virtual cards", they engaged in thousands of unauthorised debit card transactions. Tesco Bank ...
To continue reading this article...
Join Professional Adviser for free
- Unlimited access to real-time news, industry insights and market intelligence
- Stay ahead of the curve with spotlights on emerging trends and technologies
- Receive breaking news stories straight to your inbox in the daily newsletters
- Make smart business decisions with the latest developments in regulation, investing retirement and protection
- Members-only access to the editor’s weekly Friday commentary
- Be the first to hear about our events and awards programmes