CYBER THREAT

Banks putting customers at risk of cyber attacks due to old IT systems

A new report from the financial watchdog suggests that outdated IT systems and a lack of training at financial companies could be putting customers at risk of cyber attacks

Sara Benwell

Published: 11:58, 27 Nov 2018
Updated: 14:47, 27 Nov 2018

BANKS and other financial firms could be putting their own customers at risk of cyber attack due to outdated computer systems.

A new report released by the financial watchdog says that outdated IT systems, a lack of staff training and company culture could all lead to an increased risk of a cyber breach.

The FCA says financial institution may be putting customers at risk of cyber fraudCredit: Getty - Contributor

In the year to October 2018, firms reported a 138 per cent increase in technology outages to the Financial Conduct Authority (FCA), alongside an 18 per cent increase in cyber incidents.

Megan Butler, executive director of supervision - investment, wholesale and specialists at the FCA said: "All the trends that we’re seeing at the moment suggest an increasing threat to UK customers, and financial markets, from technology outages and cyber attacks.

"A third of firms do not perform regular cyber assessments. Most know where their data is. But describe it as a challenge to maintain that picture.

"Nearly half of firms do not upgrade or retire old IT systems in time. Only 56 per cent say they can measure the effectiveness of their information asset controls."

Bank outages: what are your rights?

IF your bank suffers an outage or technology failure then here are your rights.

Will your expenses be covered? If you suffer knock-on costs then your bank should reimburse you. Make a note of dates, keep receipts and a log of how much you've been left out of pocket.
What are the alternatives? Visit a branch or try telephone banking if you urgently need to access cash.
Be careful with balances? Don't spend money in your account that isn't yours as you will be liable to pay it back.
How to complain? Firstly, make a complaint to your bank. If the problem is not resolved to your satisfaction after eight weeks then you can complain to the Financial Ombudsman Service.

The report also found that only the largest firms have automated detection systems to spot potential cyber attacks.

Smaller firms are generally relying on old school, manual processes – or no processes at all.

And while 90 per cent of the companies surveyed said that they operate a cyber awareness programme, the FCA found that businesses are struggling to identify and manage high risk staff, including those who deal with critical and sensitive data.

Speaking at a Bloomberg conference on cyber and technology risk, Ms Butler explained that the FCA is concerned about whether financial companies are doing enough to protect their customers.

She said: "The FCA is deeply concerned that the number of technology incidents reported to us has increased, with many outages linked to re-platforming and outsourcing failures.

"The most prominent of these is perhaps TSB’s IT migration earlier this year. But we’ve also seen a lot of recent outages caused by relatively small changes, usually made on a weekday evening.

MORE ON MONEY STORIES

HOUSE THAT

Beloved family run bakery abruptly ceases trading after nearly 60 years

"A lot of the time, it isn’t technology at fault when things go wrong. It’s classic systems and control failures.

"Take Tesco Bank’s cyber attack as an example: it had a specific warning of the threat and failed to put in place an effective defence, which left its customers in a vulnerable position for a significant period of time.

"It should never have exposed its customers to a known cyber risk."

For customers, these increasing risks of outages or cyber threats should be a serious cause for concern.

How to protect yourself from hacking

Here's how to protect yourself from cyber crime:

1. Check if you've been hacked: You can use the website to check if any of your email addresses have been breached. If your account details were included in one of those breaches, the site will tell you with the message "oh no – pwned" flashing up on screen.

Make sure you monitor your bank accounts regularly and keep an eye out for any unusual transactions. This can help you spot and report fraud early on.

2. Reset your passwords: If you think you've been hacked, make sure you change your password immediately.
You need to pick a strong password. Ideally this should be between eight amd 10 random characters, with lower and uppercase letters, numbers and symbols if allowed.

Don't use the same password for lots of accounts. If you do and one of your accounts is hacked - the others could be too.

You can use a password management tool if, like most people, you struggle to keep track of passwords for multiple accounts.

There are dozens to choose from: some are free, while others you have to pay for.

3. Contact your bank: Do this as soon as you think your credit card or bank details may have been compromised. Most banks have a dedicated phone line for reporting fraud.

4. Chase reimbursement: Your bank must automatically reimburse you any funds that have been taken as a result of fraud, unless it can prove you were acting negligently.

It must also reimburse any fees incurred as a result of the fraudulent payments.

5. Ask for a deadlock letter: If your bank doesn't reimburse you, ask for a final letter of deadlock and make a complaint to the Financial Ombudsman Service, which will make an impartial decision on refunding your cash.

You can submit a claim online free on its . If successful, your bank will reimburse you. If not, you can take your claim to court.

6. Contact insurers: If your home insurance policy covers cyber attacks, contact your insurers to make a claim, if needed.

7. Check your credit rating: If fraudsters have tried to apply for loans or credit cards it might have affected your credit rating. Check them carefully and contact the credit reference agencies if you spot any mistakes.

In May this year, hundreds of TSB customers were left facing late payment fees as the bank's outage left them unable to pay their bills.

In October, it was revealed that fraudsters managed to steal £2.26million after the cyber attack on Tesco Bank.

Tesco Bank was fined and TSB paid compensation to affected customers, but outages and fraud can cause serious stress for affected customers.

Carl Martinsson chief executive of Skimsafe - a fraud prevention firm - said: "Most consumers are in the hands of their bank and financial institutions to protect them.

"The banks' countermeasures are reactive and they often have difficulties discovering that a fraud has been performed.

"[This] makes it up to the consumers themselves to monitor their bank account and alert the bank if they identify suspicious activity."

Facebook admitted last month that 50million accounts were accessed by hackers in a monumental security breach – leaving them able to see all of your personal info, photos, and even private messages.

A free tool that tells you if you've been hacked has been launched by Firefox browser firm Mozilla.

Google has deleted 13 apps from its app store for Android phones after it turned out they were scams, here are the ones you need to delete.

We pay for your stories! Do you have a story for The Sun Online Money team? Email us at [email protected] or call 0207 78 24516. Don't forget to join the for the latest bargains and money-saving advice.

Chief Executive Officer of TSB Bank Paul Pester doesn't know when the bank's online and mobile app will be working again

Topics

Cyber crime and hacking

MORE SECTIONS

MORE FROM THE SUN

Bank outages: what are your rights?

MORE ON MONEY STORIES

Top 10 property hot spots where house prices increased by up to £2,041 a month

BBC star closes down Michelin-hailed restaurant after 2 years

What market turmoil means for your money - pensions, mortgages and savings

Beloved family run bakery abruptly ceases trading after nearly 60 years

How to protect yourself from hacking