The recent security breach at Tesco Bank, which saw up to 40,000 current accounts compromised, is unprecedented in scale. Not only will it severely damage the bank’s reputation, it will aggravate consumer doubts about challenger banks in general.
Over the weekend of October 5–6, 2016, Tesco Bank was subjected to a massive hacking attack which affected 40,000 of its 136,000 current accounts. Of these, around 9,000 had funds stolen from them, with losses totaling about £2.5m. The bank responded to the attack by barring online debit card payments from its accounts, although customers were still free to use their cards and to withdraw cash from ATMs.
Although Tesco Bank has not divulged details about the nature of the attack, the fact that so many accounts were hit in such a short period suggests that vulnerabilities at the bank itself were targeted, rather than individual customers via, for example, phishing emails. The suspension of online debit card payments has led to speculation that the hackers were able to obtain customers’ card details.
Aside from the cost of reimbursing affected customers, Tesco Bank may also be subject to regulatory fines. Should investigations find the attack succeeded due to deficiencies with the bank’s systems, the Financial Conduct Authority or the Prudential Regulatory Authority may impose substantial financial penalties.
However, the impact upon reputation and consumer perceptions will be a bigger concern for Tesco Bank. Our 2016 Retail Banking Insight (RBI) Survey found that reputation is the single biggest factor that consumers look at when choosing a current account provider, cited by 66% of those questioned. Security is a hygiene factor, and its absence can only be hugely damaging to a bank’s standing. Consequently, the security breach at Tesco Bank could lead to the exodus of a significant number of customers.
However, this episode could also spell bad news for challenger banks in general. According to our RBI Survey, only 11% of consumers are very willing to consider using a digital-only bank, with a majority expressing a preference for traditional banks with established reputations. Nevertheless, more consumers than not believe that such banks offer better rates – and better online security. Losing this latter advantage will have serious consequences for their credibility and appeal.
Despite easier account switching procedures, the UK current account market remains characterized by high levels of customer inertia. Challengers face an uphill battle to acquire customers, and have to offer market-leading rates to win new business. Following the Tesco Bank hack, the battle to win over consumers just became that much harder.
By Daoud Fakhri, Principal Retail Banking Analyst