Bank-friendly regulators finally show some interest.
By Don Quijones, Spain, UK, & Mexico, editor at WOLF STREET.
Embattled UK lender TSB can’t get even the simplest of things right these days, including apologizing to the thousands of customers affected by the bank’s botched IT upgrade in late April, which has still not been remedied [timeline of nightmare: April 24: “Day 5”, April 30: “Contagion Fears,” May 6: “Internal Revolt,” May 22: “Customers Leave in Droves”].
And the problems are getting nastier: TSB CEO Paul Pester admitted today, when pushed by the treasury committee, that 1,300 customers have become victims of fraud attacks last month, 70 times the normal number. So it would seem apologies are in order. But not even that worked.
TSB recently sent out letters to customers acknowledging their grievances. The problem, as the BBC reports, is that some of the letters included correspondence intended for other customers:
Letters acknowledging complaints about the technological meltdown at the bank have been sent out to customers, but within a number of those mail-outs a further letter had been included.
Isabella Morrison-Shand, of Inverness, received one and told BBC 5 live’s Wake Up To Money program: “When I looked at the second page I discovered that it had a reference number, name and address of somebody that wasn’t me.
“If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things. I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure.”
The timing, coming just a week after the introduction of new EU-wide data-protection laws, could not have been worse. According to Treasury Committee member John Mann, action could be taken against the bank. “They have broken the law. Even a small or minor breach of the law when it comes to data protection, is very, very important,” he said.
TSB’s reckless misconduct has reached such proportions that it is even beginning to attract the attention of the UK’s bank-friendly financial regulator, the FCA, which has the power to fine TSB over the incident. The regulator announced on Tuesday — over six weeks after the chaos began — that it is investigating the crisis jointly with the Prudential Regulation Authority.
Even today, many customers continue to report major issues with their accounts, such as mortgages not being viewable online. Other customers claim to have seen their accounts incorrectly credited with funds that are not theirs, while others have reported seeing other customers’ bank details instead of their own, which would also count as a very serious breach of data protection laws.
Amidst the IT chaos, fraudsters have begun targeting the online accounts of TSB customers, some of whom have logged into their accounts to discover their savings have vanished in a series of payments they did not make. They are then left on hold for hours when they try to complain to the crisis-plagued bank.
Both TSB and UK police have warned customers about the risk of phishing scams — when cyber criminals attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising themselves as representatives of a trustworthy entity (which increasingly excludes TSB). But according to some scammed customers, they were not approached by anyone claiming to be from TSB before their accounts were emptied.
They include Ewan Monaghan, a teacher who had his life savings raided at the end of May. He believes his account data may have been leaked during the IT meltdown last month. “All of my TSB passwords were kept secure and not used elsewhere, so it seems likely,” he said. “The data breach could be as simple as someone seeing my account in April or something bigger – I’ve got no idea.”
TSB continues to deny there has been a data breach. “Our systems are safe, what we are seeing is increasingly sophisticated fraudsters looking to take advantage of the situation, and approaching customers,” a spokesperson for the bank said. But given the chaos that continues to reign at the bank, and the fact its employees can’t even apologize to the right people, customers can be forgiven for being skeptical.
Some customers are so peeved that they have begun to move their accounts elsewhere. But even that has not been as easy as it should be. As we reported recently, moving accounts between lenders is, in theory, a lot easier in the UK than it used to be thanks to the launch in 2013 of the Current Account Switch Service (Cass). This enables customers to switch from one current account to another, while keeping their direct debits, standing orders and any other regular payments – both outgoing and incoming – intact.
But when it comes to TSB, nothing, it seems, is easy. As the consumer help website MoneySavingExpert reports, some customers who left the bank after the IT meltdown discovered that their direct debits had been cancelled after TSB told companies they were dead. Robert, from Merseyside, switched from TSB to NatWest on Tuesday 15 May. Since then he’s had four organisations contact his household and tell him that his direct debit had been cancelled due to his passing.
It’s not just alive customers suddenly discovering they’re dead; there has also been at least one case of a dead customer being informed that he’s alive — and has had a new deposit account opened in his name to show for it! After the case went public the daughter of the deceased customer in question received an apology from the bank for “any stress or inconvenience caused” and was offered £100 in compensation.
It is one of countless more apologies still to come. But will they go to the right people? And how much will this all end up costing the bank? As the tragicomic farce continues at TSB, there’s no telling what could happen next. By Don Quijones.
The War on Cash suffers a setback. Read… Visa Goes Down in the UK, Chaos Ensues, Cash is Suddenly King
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.
“The timing, coming just a week after the introduction of new EU-wide data-protection laws, could not have been worse. According to Treasury Committee member John Mann, action could be taken against the bank. “They have broken the law. Even a small or minor breach of the law when it comes to data protection, is very, very important,” he said.
TSB’s reckless misconduct has reached such proportions that it is even beginning to attract the attention of the UK’s bank-friendly financial regulator, the FCA, which has the power to fine TSB over the incident. The regulator announced on Tuesday — over six weeks after the chaos began — that it is investigating the crisis jointly with the Prudential Regulation Authority.”
Change of government in Spain to one a lot less friendly to banks may have something to do with that removal of English regulators inertia. English regulators try not to give the enemy another rod with witch to beat the English government. Rajoy was Defiantly an Enemy.
All the accounts should all minimum be frozen for online use. But of course they won’t do that.
I’ve seen lots of SNAFU’s in my IT career, but this one seems to take the cake. I fear this is *never* going to be resolved.
The core data set of TSB is likely irrevocably corrupted. Every day this bank continues processing transactions on this dataset, the mess is only getting bigger, and chances of ever getting back to a sound foundation are getting smaller.
TSB is a dead bank walking and will probably end up being wound down.
DQ has a new career as a dead pan comedian.
So many years observing Spanish corruption has prepared him well.
‘No data breach’ says TSB?
One thinks of Rajoy: ‘Everything that has been said about me is untrue. Apart from those things which are true.’ :)
Speaking of which, DQ’s humility in victory is admirable. But I suspect he is dancing on the inside at Rahoy’s fall.
The Corrupt Arrogant pig is gone, now in the garbage tin of unwanted unpleasant history.
When he is written about or discussed it puts him back on the table, where he does not belong.
Sanches (SP) did not really want to be Prime minister, which is why made it public ,that he had the votes to unseat the sitting Primminister, and Publicly asked him to go.
Either the PP are hoping the left makes a mess and they can capitalise on it at the next election, or. rajoys Ego and arrogance knew no bounds. I am unsure which, but leaning toward Ego and arrogance..
What software is being used?
It doesn’t matter. What’s here are brain dead project managers, even worse client company management, no objective or competent project oversight, idiotic deadlines with no reserve for problems, bad design with no QC, and a complete indifference to customers. While management deserves 50% or more of the blame for letting the incompetent project managers and consultants run the show, the consultants will be left holding the bag.
Note to the consultant lawyers … blame the client company managers because the consultants did what they were told to do … it might work but your clients will go broke in legal fees along the way. Unless, of course, company management were total nimrods and believed everything the experts from somewhere else, the consultants, claimed.
I think it’s Accenture who built it..
Java, probably. There is some ancient evil inside of Java that causes vast abominations to be summoned into this universe! Once here they can’t be un-summoned.
The FCA should shut TSB down. Simply not fit for purpose.
Enjoy Spanish corrupt outsourcing of IT “experts”, your company will pay gold and will get monkeys, while the executives shares out the bribes.
I have to assume this is not as big a problem as it appears. If it was, I’d assume everyone would have moved their accounts to a different bank by now.
Not sure if you are being sarcastic, but you do know that moving your account requires a number of things:
1. Writing a check to transfer the money. But if the source bank’s IT system can’t process the transaction, what’s there to transfer.
2. Or you withdraw all your money. But if the source bank’s IT system can’t process the transaction, what’s there to withdraw. And yes, this is what’s happening, a lot of people can NOT access their money.
It’s not a big problem you say?
When Marc Andreesen penned his essay “Why Software Is Eating the World”, I am sure he didn’t have this in mind.
BUT BUT BUT, let me tell you this WILL never affect Crypto, or Self Driving Cars, or your pet tech project, because we’ve got the bestest people working on those.
I work in software and everyday I wonder how people can trust this crap.
The answer to Andreesen’s question is obvious … “Because .. muppets”.
At 7+ weeks into this fiasco, TSB continues to demonstrate full-scale technology & managerial incompetence, and the regulators have demonstrated their…well…all-encompassing incompetence.
Yet, nobody seems to really care. Any customers still at this, well, let’s pretend it’s a “bank”, pretty much deserve what they get.
Why does this bank have ANY customers left?
Why does this bank have ANY customers left?
Because they can’t left. The CASS system responsible of the data and money transference, reports the holder is DEAD in the TSB end.
Do you really think its’ better to stay at a “bank” that can’t adequately account for your money & sometimes reports you as “dead”?
Every bank in the country knows this clown bank does that; not exactly a secret.
I have a milder version of the problem: I have a 2.65% 15-yr fixed mortgage at Wells Fargo, with an additional 0.125 off for auto-paying from a Wells Fargo checking account. Major money is held elsewhere.
We’ll I’m not surprised. Writing code for UK firms is deff not at the top of my list when I see “offered” salaries.
They’re some truth to the saying “you get what you pay for” (or dont) in this case.
I guess the entire IT Upgrade was based on the stupid but popular ‘Agile Methodology’. It would be great to see someone looking at the methodology of development in the IT department. I won’t be surprised seeing Agile in action looking at the size of mess.
Very much agree with you, TME. Agile methodology always scares me, since what it really boils down to is not doing enough proper groundwork or enforcing enough discipline before starting development for real. It’s become so ubiquitous, though, that it’s considered tantamount to apostasy to not be on board with it. Nearly all development projects at least pay lip service to it.
I use my TSB account for occasional transactions but not as my main current account.
Apart from the first few days of access problems after the switch over, I have no difficulty in getting access either via web or their app. My account balances are correct and I can move money in an out online without any problem. From my own perspective and use of it the bank is fully functional. Added to which they give me interest on my balances more than most other UK banks will do so I’ll continue to use them.
More interesting is how the FCA is going to allocate blame and impose fines. I gather from what I read in the media that the botched migration was handled by Sabadell with TSB UK being told what the plan was. if so, fining TSB UK seems to miss the target.
I look forward to Sabadell executives being summoned from Spain to appear at a UK Parliamentary inquiry.
And because you haven’t had problems yet you leave your money there when you could be using this providence on your behalf to get out in front of the problem and remove your money from this disaster of a bank?
Well. I have to say fair enough, but no sympathy for you if and when your accounts are compromised and your money disappears!
Dead people alive, alive people dead? What?
The Zebras are loose already?
Must be a grave mistake.
Banks and IT seem so complex and difficult l wonder that they don’t all share expertise and information since the present approach brings them all into disrepute ?