trending Market Intelligence /marketintelligence/en/news-insights/trending/C70l8yprx014rcJheKIVyg2 content esgSubNav
In This List

Report: Tesco's cybersecurity practices were lax


Bank failures: The importance of liquidity and funding data


Staying Strong in Volatile Markets: How Banks Can Overcome Challenges to Funding and Lending


Silicon Valley Bank Uncovering Regional Bank Stress with Equity Driven Credit Models

Case Study

A Scorecard Approach Helps a Bank Assess Credit Risks with Smaller Companies

Report: Tesco's cybersecurity practices were lax

Tesco Personal Finance Plc, also known as Tesco Bank, may have exposed its customers to cyber crimes by issuing sequential debit card numbers that are easier for hackers to attempt to breach without detection, the Financial Times reported Dec. 12, citing rival lenders.

Earlier, the bank was reported to have ignored repeated warnings from internet security experts about its software applications being targeted by hackers. It paid £2.5 million to about 9,000 current account customers affected by "online criminal activity" over the Nov. 5 weekend.

The Financial Conduct Authority contacted other lenders to inquire if they issued sequential card numbers, FT said, citing "two executives of the banks contacted by the watchdog."

Tesco had issued sequential primary account numbers to customers — Visa debit cards have a six-digit issuer identifier number, a unique nine-digit primary account number and a single check digit — instead of random numbers generated by a software used at most banks, FT added citing "executives at two rival banks and a person briefed on Tesco's security operations."

The FCA and Tesco declined comment.

Hackers can easily guess security codes and expiry dates when cards are issued in a numerical sequence, cyber security experts told the newspaper.

Tesco's accounts hack is also being investigated by the U.K.'s National Crime Agency and National Cyber Security Centre, apart from the FCA.