01:25 PM

Royal Bank Of Scotland Glitch Tests Customer Loyalty

Managers at The Royal Bank of Scotland have red faces after second IT crash in less than a year annoys millions of customers.

IT problems have flared up again at one of the U.K.'s biggest retail banking chains, less than nine months after a three-day total system blackout.

For at least three hours on Wednesday night, customers of NatWest, Ulster Bank and Royal Bank of Scotland found themselves unable to access their accounts either by phone or online. (All three are brands of The Royal Bank of Scotland, a commercial operation that is majority-owned by the British state following its near collapse during the 2008 banking crisis.)

According to The Guardian, the problem continued well into Thursday morning for some customers. Indeed, this week's problem seems to be in many ways a throwback to the snafu earlier this year, in which British checking account customers were unable to pay their mortgages, settle debts, or even withdraw cash for food, and which left some customers arguing over missed transactions even weeks later. This time, however, the bank denies that the problem is software-related.

[ What are U.K. companies' most pressing security concerns? Read U.K. Public Sector's Top Security Worries. ]

Further stoking customers' anger is the fact that so far the bank seems unwilling to accommodate those who, through no fault of their own, may now face problems on their credit scores and other issues resulting from the glitch.

According to The Guardian, a member of campaign group Move Your Money -- which describes itself as "a national campaign to spread the message that we can help to build a better banking system" – described the downtime as "like [the movie] 'Groundhog Day.'"

In its formal response, the bank said, "We are disappointed that our customers have faced disruption to banking services for a period on Wednesday evening, and apologize for that. All services are now running as normal again." It did not offer any more details about the disruption or how it had been resolved.

However, NatWest reportedly told an IT news site that a "hardware fault" on one of its IBM zSeries mainframes was responsible for blocking customers' access to ATMs and online banking services. (Since branches were closed at that time of night, customers were also unable to interact with tellers.)

The same IT site claims that last year's three-day emergency was due to human error -- allegedly, an employee "hit the wrong button" during what should have been a routine overnight batch job using banking software from CA Technologies to update a system handling inbound payments.

The problems that occurred last June raised an almighty stink in the U.K., and two brownouts may end up being one too many for the Royal Bank of Scotland. The Twittersphere is full of customers swearing to move their business to rivals: "Disgraceful service. Am moving my banking to Santander! You cannot be trusted with our money!!!"

All in all, it's quite amazing in 2013 to see Tier One banks having so many technical problems -- and responding to them with such poor PR.

Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
3/22/2013 | 8:44:29 PM
re: Royal Bank Of Scotland Glitch Tests Customer Loyalty
I can tell you that if I had all my money stored in a banking facility that was unavailable to me for a number of hours I would no longer be one of their customers. Money is something that you cannot give a second chance of risk for, it may not be available for lack of funds. If you were still customer of the banks after the first episode 3 years ago and were a victim the second time, that is your fault for trusting unreliable sources. Lets see how many customers will let it happen three times.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-02
Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet.

Published: 2015-10-02
Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

Published: 2015-10-02
Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

Published: 2015-10-01
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Published: 2015-10-01
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.