Bank-friendly regulators finally show some interest.
By Don Quijones, Spain, UK, & Mexico, editor at WOLF STREET.
Embattled UK lender TSB can’t get even the simplest of things right these days, including apologizing to the thousands of customers affected by the bank’s botched IT upgrade in late April, which has still not been remedied [timeline of nightmare: April 24: “Day 5”, April 30: “Contagion Fears,” May 6: “Internal Revolt,” May 22: “Customers Leave in Droves”].
And the problems are getting nastier: TSB CEO Paul Pester admitted today, when pushed by the treasury committee, that 1,300 customers have become victims of fraud attacks last month, 70 times the normal number. So it would seem apologies are in order. But not even that worked.
TSB recently sent out letters to customers acknowledging their grievances. The problem, as the BBC reports, is that some of the letters included correspondence intended for other customers:
Letters acknowledging complaints about the technological meltdown at the bank have been sent out to customers, but within a number of those mail-outs a further letter had been included.
Isabella Morrison-Shand, of Inverness, received one and told BBC 5 live’s Wake Up To Money program: “When I looked at the second page I discovered that it had a reference number, name and address of somebody that wasn’t me.
“If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things. I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure.”
The timing, coming just a week after the introduction of new EU-wide data-protection laws, could not have been worse. According to Treasury Committee member John Mann, action could be taken against the bank. “They have broken the law. Even a small or minor breach of the law when it comes to data protection, is very, very important,” he said.
TSB’s reckless misconduct has reached such proportions that it is even beginning to attract the attention of the UK’s bank-friendly financial regulator, the FCA, which has the power to fine TSB over the incident. The regulator announced on Tuesday — over six weeks after the chaos began — that it is investigating the crisis jointly with the Prudential Regulation Authority.
Even today, many customers continue to report major issues with their accounts, such as mortgages not being viewable online. Other customers claim to have seen their accounts incorrectly credited with funds that are not theirs, while others have reported seeing other customers’ bank details instead of their own, which would also count as a very serious breach of data protection laws.
Amidst the IT chaos, fraudsters have begun targeting the online accounts of TSB customers, some of whom have logged into their accounts to discover their savings have vanished in a series of payments they did not make. They are then left on hold for hours when they try to complain to the crisis-plagued bank.
Both TSB and UK police have warned customers about the risk of phishing scams — when cyber criminals attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising themselves as representatives of a trustworthy entity (which increasingly excludes TSB). But according to some scammed customers, they were not approached by anyone claiming to be from TSB before their accounts were emptied.
They include Ewan Monaghan, a teacher who had his life savings raided at the end of May. He believes his account data may have been leaked during the IT meltdown last month. “All of my TSB passwords were kept secure and not used elsewhere, so it seems likely,” he said. “The data breach could be as simple as someone seeing my account in April or something bigger – I’ve got no idea.”
TSB continues to deny there has been a data breach. “Our systems are safe, what we are seeing is increasingly sophisticated fraudsters looking to take advantage of the situation, and approaching customers,” a spokesperson for the bank said. But given the chaos that continues to reign at the bank, and the fact its employees can’t even apologize to the right people, customers can be forgiven for being skeptical.
Some customers are so peeved that they have begun to move their accounts elsewhere. But even that has not been as easy as it should be. As we reported recently, moving accounts between lenders is, in theory, a lot easier in the UK than it used to be thanks to the launch in 2013 of the Current Account Switch Service (Cass). This enables customers to switch from one current account to another, while keeping their direct debits, standing orders and any other regular payments – both outgoing and incoming – intact.
But when it comes to TSB, nothing, it seems, is easy. As the consumer help website MoneySavingExpert reports, some customers who left the bank after the IT meltdown discovered that their direct debits had been cancelled after TSB told companies they were dead. Robert, from Merseyside, switched from TSB to NatWest on Tuesday 15 May. Since then he’s had four organisations contact his household and tell him that his direct debit had been cancelled due to his passing.
It’s not just alive customers suddenly discovering they’re dead; there has also been at least one case of a dead customer being informed that he’s alive — and has had a new deposit account opened in his name to show for it! After the case went public the daughter of the deceased customer in question received an apology from the bank for “any stress or inconvenience caused” and was offered £100 in compensation.
It is one of countless more apologies still to come. But will they go to the right people? And how much will this all end up costing the bank? As the tragicomic farce continues at TSB, there’s no telling what could happen next. By Don Quijones.
The War on Cash suffers a setback. Read… Visa Goes Down in the UK, Chaos Ensues, Cash is Suddenly King
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.