trending Market Intelligence /marketintelligence/en/news-insights/trending/C70l8yprx014rcJheKIVyg2 content
Log in to other products

Login to Market Intelligence Platform


Looking for more?

Contact Us
In This List

Report: Tesco's cybersecurity practices were lax

Banking Essentials Newsletter - November Edition

Online Brokerage Space Should Remain Rich Source Of M&A

University Essentials | COVID-19 Economic Outlook in Banking: Rates and Long-Term Expectations: Q&A with the Experts

Estimating Credit Losses Under COVID-19 and the Post-Crisis Recovery

Report: Tesco's cybersecurity practices were lax

Tesco Personal Finance Plc, also known as Tesco Bank, may have exposed its customers to cyber crimes by issuing sequential debit card numbers that are easier for hackers to attempt to breach without detection, the Financial Times reported Dec. 12, citing rival lenders.

Earlier, the bank was reported to have ignored repeated warnings from internet security experts about its software applications being targeted by hackers. It paid £2.5 million to about 9,000 current account customers affected by "online criminal activity" over the Nov. 5 weekend.

The Financial Conduct Authority contacted other lenders to inquire if they issued sequential card numbers, FT said, citing "two executives of the banks contacted by the watchdog."

Tesco had issued sequential primary account numbers to customers — Visa debit cards have a six-digit issuer identifier number, a unique nine-digit primary account number and a single check digit — instead of random numbers generated by a software used at most banks, FT added citing "executives at two rival banks and a person briefed on Tesco's security operations."

The FCA and Tesco declined comment.

Hackers can easily guess security codes and expiry dates when cards are issued in a numerical sequence, cyber security experts told the newspaper.

Tesco's accounts hack is also being investigated by the U.K.'s National Crime Agency and National Cyber Security Centre, apart from the FCA.