The FCA have hit Tesco Bank with a £16.4 million fine for a breach in 2016 that affected thousands of customers with millions of pounds being stolen. At the time Tesco reported the breach to the NCSC to investigate after they were forced to suspend online and contactless transactions. The fine itself was publicised this week with the bank being punished for failing to demonstrate “due skill, care and diligence” said the FCA.
They also added that “In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started. This was too little, too late. Customers should not have been exposed to the risk at all.”
In the year previous Tesco had received a fraud alert from Visa about fraudulent transactions that are believed to be similar to the ones that ultimately occurred during the 2016 breach. The FCA said the attackers took advantage of flaws in the design and distribution of the debit cards. The majority of the fraudulent transactions originated in Brazil and relied on the countries rules on magnetic strips that allows individuals to spend as much as they want via that method.
More can be found at – https://www.fca.org.uk/news/press-releases/fca-fines-tesco-bank-failures-2016-cyber-attack