Credit-Cardholders & Bank Customers Burned Again as New IT Chaos Breaks Out in the UK

The payments industry deplores it, but cash is starting to look pretty good, and central banks agree: “We do not foresee a totally cashless society”: ECB

By Don Quijones, Spain, UK, & Mexico, editor at WOLF STREET.

This has not been a good year for IT systems in the UK. First there was TSB Bank’s botched IT migration in April, which resulted in millions of customers being blocked from their online accounts. The problems at the bank continue to fester even to this day, 22 weeks later. Then there was the Visa outage in June, which caused chaos across much of Western Europe, but particularly in the UK where consumers are far more reliant on contactless Visa cards. And now there’s British Airways and Lloyds Banking Group.

On Thursday, British Airways announced that up to 380,000 card payments on both its website and app had been compromised during a 15-day data breach. BA says the breach affected bookings made between 10.58 pm on August 21 and 9.45 pm on September 5. The compromised data included the personal and financial details of the passengers that booked during that period.

BA says it was not a breach of the airline’s encryption. “There were other methods, very sophisticated efforts, by criminals in obtaining our data,” BA’s chief executive, Álex Cruz, said.

Some customers have complained of having to cancel cards as a result of the breach while others are considering changing their online passwords. BA launched a massive charm offensive assuring customers who lose out financially that they will be compensated. That didn’t stop the shares of BA’s Anglo-Spanish multinational holding company, International Consolidated Airlines Group, S.A., from falling 5% between Thursday and Friday.

And on Wednesday, Lloyds Banking Group reported that about 5% of transactions on card machines run by Cardnet, a joint venture between Lloyds Bank and First Data, were duplicated on 29 August. Most of the cards affected were Visa Debit cards, and thousands of British card holders had been charged twice.

This resulted in chaos for both cardholders and merchants. “My initial reaction was horror and then when I found out there was nothing Mercedes could do until the Monday – I felt lost,” said Francesca Brady, who was charged twice for an £18,000 second-hand Mercedes. She and her mother were left thousands of pounds overdrawn over the weekend until Mercedes reimbursed them.

Cardnet claims that all affected customers were refunded by Tuesday, September 4. But even if each duplicate charge is indeed refunded, there will still be a loss incurred by the merchants that have to waive each transaction fee due to the bug. Then there are the victims who fail to realize they’ve been overcharged because their blind reliance on convenient payment technologies has left them psychologically unaccustomed to keeping track of their spending.

This episode was the second major glitch affecting Visa cards this summer, but it’s unlikely to dim Visa’s determination to “put cash out of business” for its own profits. For companies like Visa and MasterCard, which provide the technical infrastructure for digital money transfers all over the world, cash is arguably their biggest competitor. It is also a huge barrier preventing credit card companies and IT-firms from collecting valuable personal and financial information on consumers and to monetize this data.

This is precisely why Visa, MasterCard and their allies are running huge global marketing campaigns to remind consumers how absurd and antiquated it is to pay with cash and how much more modern and convenient it is to make all your payments digitally. They even offer to bribe restaurants and retailers into refusing to accept cash, all in the name of “educat[ing] merchants and consumers alike on the effectiveness of going cashless.”

But each time a major glitch occurs, consumers and retailers are reminded of the risks of depending purely on digital payments, as well as one of the great benefits of physical cash: it is accepted just about everywhere and does not suddenly fail on you. Even the ECB recently warned that a wholly cashless economy would heightens the risk of IT failures, systemic hacking and rampant financial exclusion, as more vulnerable members of society would be unable to make payments.

“Increasingly, central banks insist that cash will also play a role. We do not foresee a totally cashless society,” said Ewald Nowotny, member of the ECB’s Governing Council, at a recent conference in Brussels. “If there is for instance an energy blackout, cash is the only surviving way of payment.”

Even in the UK’s “less cash” economy, people are beginning to sit up and pay attention, according to a survey by GoCompare Home Insurance: In the wake of the Visa outage in the summer, as well as the unending chaos at TSB, a quarter of the survey’s respondents said they now keep more cash in their house in case similar payment system failures happen again.

And the IT chaos continues at TSB Bank. Last Friday the lender scheduled a four-hour shutdown of the online platform so that it could carry out maintenance work, warning customers in advance. But then the system crashed in time-honored fashion, leaving many customers unable to access mobile, online or telephone services for the whole weekend. By Don Quijones.

As the problems drag, you’d think customers are leaving the bank in droves. But that’s not happening. Read… Why Are So Few Customers Leaving TSB Bank Despite 21 Weeks of Mayhem?

Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.

  37 comments for “Credit-Cardholders & Bank Customers Burned Again as New IT Chaos Breaks Out in the UK

  1. Petunia says:

    The next trend in mortgage lending is already underway in Australia. The lenders are analyzing recurrent spending of all types when qualifying borrowers for a mortgage. If you use a credit or debit card, they will know how and where you spend your money when qualifying you for a loan. It is not just outstanding credit balances that will be evaluated. All your take out food and Uber rides may disqualify you for a mortgage. Another reason to use cash.

    • Lenard says:

      Petunia: “If you use a credit or debit card, they will know…”

      “Soon it will be possible to assert almost continual surveillance over every citizen and maintain up-to-date, complete files containing even the most personal information about the citizen. These files will be subject to instantaneous retrieval by the authorities.” ~ Zbigniew Brzezinski, co-founder of the Council on Foreign Relations (CFR)

      • Petunia says:

        Some big retailers track the wifi on your phone and can connect you to cash purchases you make in their stores.

        Google has a deal with Mastercard to track viewed ads on your devices to purchases made connected to the ads in physical stores. Leave the phone in the car and pay cash, at least they will both make less money.

        • Crysangle says:

          I really dislike tracking and “pre-tailored” results, whether adds or search, it feels like how I imagine being blinkered is to a horse. They have to keep doing nonsense like mixing in old searches you are no longer interested in, popping in adds like private reminders. Just annoying and for someone like me has the opposite effect to that intended, as I purposeful trash the concept being advertised, and choose other search engines.

        • Frank says:

          Just a few small changes can prevent most Internet tracking. Get off of Facebook, or if you won’t never use your Facebook login for a third-party website. If you have a Google account never do a Google search while logged into Google. Or better yet use a non-tracking search service like DuckDuckGo. Not quite as good as Google but adequate for most searches. Set your browser to never except third-party cookies. Set your browser to erase all cookies when you close the browser. Use an ad blocker.

        • Pavel says:

          My new practice is to leave my (dumb)phone at home when I go out most of the time. It gives me a curiously liberating and subversive feeling. I lived 50 years of my life without the “essential” ability to call and be called 24/7/365.

          God knows what it is doing to parenting and children’s lives when they are always contactable. One bright spot is the French public school system where they just banned mobile phones during the school day. Initial reports are that the kids are in fact able to survive, and some even enjoying the novel experience of actually talking to their classmates.

          The reverse trend is exemplified at Tesla — I believe the Model 3 requires an iOS or Android smartphone to open the doors! What between the phone tracking, the car’s OS tracking, and the police license plate scanning your movements, there is a complete loss of physical privacy. And note that when there is a Tesla accident, the company can provide police with data from your drive. Useful for accident investigations, but a bit creepy IMHO.
          /curmudgeonly rant

        • Crysangle says:

          Frank – yes, I have those settings as standard, except I use opera mobile browser and unless you want to choose from a list each search, google is fixed standard ( people complained, opera did not change) which is what I am used to using anyway. I still get tracked, I think it must be by IP or finderprinting. Opera gives enough details for fingerprinting (model and software version etc.) . The duck duck go browser is clean of that info but am used to opera. So if I really want privacy I use VPN and duck duck go. Even installed tor/onion and that seems to work ok, but just a backup for me… more likely to get attention using it I expect, and I know that security on the web is never 100%.

        • Crysangle says:

          Add that on Android google services have a lot of access to metadata etc., just about impossible not to have them track you somehow or other, even with all settings at maximum privacy.

        • Kerry says:

          Get rid of your phone…

        • Crysangle says:

          “Get rid of your phone”…. then I could not be typing this. As this paragraph is not really going to go down as the literary achievement of the decade, maybe I would be better not on the phone… but I have to keep checking if the russians aren’t invading and other heavy stuff like that… what to do….

          Seriously though, a lot of people nowadays do rely on mobile internet access, for me it is the only web access I have…no phone, no web, not that that is necessarily a bad thing, but I do a lot of reading and learning from the web and that is important to me.

        • Frederick says:

          Panel Totally agree and don’t even own a phone I believe I’m better off for it

        • Crysangle says:

          There is an irony somewhere though in my setup. I use an old phone as modem to give wifi, but that is also android. The phablet I use for browsing is android, but my main phone stays switched off at all times, when rarely on it is in airplane mode, is connected to network only if I need to phone, need to access a specific service… hardly ever.

          Now I also have a windows tablet that I could use for online instead of the phablet. However that is necessarily going to route through an android phone. Even worse is how windows now works its updates, it connects and tries to update by itself, there are workarounds but basically, after having to reset it after it messed up, it stays offline for good now. Even if it were used online, I would have two potential leaks, one being the modem, the other windows or any application it was running, so opening up tracking and data to two companies.

          As I will not trust any particular company, and knowing that there is no way to stop access by any company or associates if they so choose, it really does not leave many options under any circumstance, even if using hard connections. As I say, I mostly use internet for browsing, some mail, and very occasionally a purchase, so I do not keep a lot of info online, purposefully – no more than I would be willing to make public (except bank codes).

          It still bothers me to know that big data is monitoring though, to know it is trying to interact with me if it can…I find it creepy.

        • ML says:

          “God knows what it is doing to parenting and children’s lives when they are always contactable. “

          On Wednesday, their son flew from London UK to Australia on a one-way ticket to meet up with son’s girlfriend and go on an adventure together. Not known whether son will return or when. The following Saturday, uk family were all partaking in a group chat. The phone thrust in my direction son asked if I had any new jokes to tell him. I told the old one about cutting the ties that bind.

          Actually my parting gift had been to say “ I used to be a foster child but niw I’m special brew”.

    • ewmayer says:

      ” Another reason to use cash.”

      Ah, but let’s not forget that the debt merchants have powerful ways to punish you for not being a debt slave. I recently moved, and the lease process for the apartment building I ended up in was made significantly more difficult precisely because I have striven to be debt-free for my entire adult life (student loan, paid off early, was the last debt I carried). As a result, my credit histories with all the major credit-rating cartels were blank. Use a debit card and pay all your bills on time using non-debt-based payment media? None of that shows up on your credit report.

      So when DonQ writes “Even the ECB recently warned that a wholly cashless economy would heightens the risk of IT failures, systemic hacking and rampant financial exclusion, as more vulnerable members of society would be unable to make payments”, that financial exclusion is already well under way courtesy of the debt merchants. It’s the Western-world version of China’s social credit score. It’s just not as bad as it would become in a cashless full-Orwell state.

      • Paul J says:

        True. My wife and I are also debt free after paying out the mortgage and using debit cards. Like you ewmayer wherever you go they aren’t happy if you use the debit card. We went to Honk Kong two years ago and the hotel wouldn’t accept the our debit card for incidentals as they call them. Only credit card or cash. Thankfully we had sufficient cash to cover the cost. I believe banks dislike us debt-free customers.

  2. Wisdom Seeker says:

    Guess grandma’s cookie-jar cash-stash was a good idea after all!

    BTW, at least in terms of total US$ in currency (paper cash) per person, VISA is losing the battle against cash:

    • Wolf Richter says:

      A lot of US dollar currency is actually overseas, for various reasons, especially in countries whose own currencies are in shambles.

      • Wisdom Seeker says:

        Yes. 22 years ago the Fed estimated that about half of US currency was outside the US, and in 2007 they said 60%, although more recent estimates by others are around 33%. But do we know if the share overseas is increasing?

        A Fed economist’s paper in 2012 has a graph which shows the “outside-the-US” fraction of US$ currency remaining roughly constant since 1990 (see Figures 11B, 13A,14) or perhaps trending slowly upwards (Figure 6A):

        But I doubt that can be tracked with any accuracy, since USD shipped overseas can fly home without being tracked, and vice versa. However, there’s always someone in trouble, so perhaps dollar use outside the U.S. is proportional to global population. Using global population to redo the chart, the answer is still the same: there are more and more paper dollars per person each year. For people in the US as well as around the world!

      • Bookdoc says:

        Unfortunately, a lot of it is counterfeit.

        • Crysangle says:

          All fiat is counterfeit.

        • Wolf Richter says:


          I’ll be happy to take all your fiat off your hands ;-]

        • Crysangle says:

          Would be more effort than it was worth for a couple hundred dollars, and anyways, I don’t encourage its use :-) . If you insist though, you could check out a place called ECB, that is the place for you, they actually pay people to take their money, I kid you not… well actually they just take money off anyone who keeps it with them, and I figure not wanting it back is the same thing… I know someone somewhere did end up with negative rates on their mortgage too…so there is a clue to start with at least…. ==> Thata Way!

      • Frederick says:

        Yup very true

    • Petunia says:

      A neighbor kept a wooden box where he threw spare change for many years. He cashed it in when the box got full to the top, $12K. Not a bad banking/savings idea.

      • Quack says:

        yeah, but greedy banksters want 10% of your spare change even if you bring it to the teller. Greed is a virtue now.

      • Juanfo says:

        I did the same thing with a change box. When I went to deposit the change the bank charged an 11% commission. I said f it and started paying everything with change, mostly quarters. Got some weird looks at the grocery store.

      • R Davis says:

        I myself have several plastic CoQ10 jars full of $1 & 2 coins.

  3. L Lavery says:

    If only we had some form of digital cash that worked much like physical cash, so that A could pay B without A knowing who B is and B not knowing who A is. That’s the basics on which to build a form of money fit for the internet (the internet being the future, whether we like it or not).

    We’d then be able to transact on line, or phone to phone, without having to divulge our identity. In cases where vendors need to store our personal details then that’s all they’d need to store, and all they could store as they’d be paid with digital cash.

    • Frederick says:

      We do Its called Bitcoin etc

    • d says:

      wouldn’t work very well, as the state/s would know, who a and b were, overtly or covertly.

      There is NO such thing as privacy or anonymity in the digital world.

      Most places that issue 1 time ID’S, for public terminal usage, also have security cameras taking facials at the counters that issue the ID’S.

      Anonymity can be measured, as the cost of breaking it.

    • Buckaroo Banzai says:

      Uh…have you heard of cryptocurrencies?

    • Graham says:

      I believe phone to phone payments already occur in Africa, (Nigeria?), where kids us bitpay and don’t know what cash is.

  4. unit472 says:

    Looking at the track for Hurricane Florence from the National Hurricane Center this morning it looks advisable for people on the US Southeast coast to have cash on hand before the end of next week as a credit card won’t do you much good if you are in the path of 145mph winds.

    • Pavel says:

      Ask those people in Puerto Rico how well that “cashless society” worked from them when the power was out for months.

      “Can I pay with my iPhone?”

      “Er… no.”

      • L Lavery says:

        Yes, along with digital cash we need a peer to peer phone network (also known as a mesh). Decentralised systems are more robust than centralised, it’s what the internet itself was supposed to be, and may well turn back to being in the future.

  5. stephen parker says:

    Wolf, I rarely comment, but I read your work carefully and appreciate your calm objectivity. Thank you. As for cash. The underground economy is huge. Just guessing here….. probably 20-30% of US gdp? Most of the illegals and the day labor bottom rung blue collar workers work for cash. Unofficial minimum wage 15-20 dollars an hour. If this foundation were flushed out, crisis and depression would ensue. Ditching cash would be a disaster.

    • R Davis says:

      we the people – the average worker are the backbone of a nation’s economy – the 2008 GFC – it was told that the nations that had the strongest Black Economy are the nations that were not hit as hard.
      Hooray for the working class man – but for us !!

Comments are closed.