Risk
3/8/2013
01:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Royal Bank Of Scotland Glitch Tests Customer Loyalty

Managers at The Royal Bank of Scotland have red faces after second IT crash in less than a year annoys millions of customers.

IT problems have flared up again at one of the U.K.'s biggest retail banking chains, less than nine months after a three-day total system blackout.

For at least three hours on Wednesday night, customers of NatWest, Ulster Bank and Royal Bank of Scotland found themselves unable to access their accounts either by phone or online. (All three are brands of The Royal Bank of Scotland, a commercial operation that is majority-owned by the British state following its near collapse during the 2008 banking crisis.)

According to The Guardian, the problem continued well into Thursday morning for some customers. Indeed, this week's problem seems to be in many ways a throwback to the snafu earlier this year, in which British checking account customers were unable to pay their mortgages, settle debts, or even withdraw cash for food, and which left some customers arguing over missed transactions even weeks later. This time, however, the bank denies that the problem is software-related.

[ What are U.K. companies' most pressing security concerns? Read U.K. Public Sector's Top Security Worries. ]

Further stoking customers' anger is the fact that so far the bank seems unwilling to accommodate those who, through no fault of their own, may now face problems on their credit scores and other issues resulting from the glitch.

According to The Guardian, a member of campaign group Move Your Money -- which describes itself as "a national campaign to spread the message that we can help to build a better banking system" – described the downtime as "like [the movie] 'Groundhog Day.'"

In its formal response, the bank said, "We are disappointed that our customers have faced disruption to banking services for a period on Wednesday evening, and apologize for that. All services are now running as normal again." It did not offer any more details about the disruption or how it had been resolved.

However, NatWest reportedly told an IT news site that a "hardware fault" on one of its IBM zSeries mainframes was responsible for blocking customers' access to ATMs and online banking services. (Since branches were closed at that time of night, customers were also unable to interact with tellers.)

The same IT site claims that last year's three-day emergency was due to human error -- allegedly, an employee "hit the wrong button" during what should have been a routine overnight batch job using banking software from CA Technologies to update a system handling inbound payments.

The problems that occurred last June raised an almighty stink in the U.K., and two brownouts may end up being one too many for the Royal Bank of Scotland. The Twittersphere is full of customers swearing to move their business to rivals: "Disgraceful service. Am moving my banking to Santander! You cannot be trusted with our money!!!"

All in all, it's quite amazing in 2013 to see Tier One banks having so many technical problems -- and responding to them with such poor PR.

Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/22/2013 | 8:44:29 PM
re: Royal Bank Of Scotland Glitch Tests Customer Loyalty
I can tell you that if I had all my money stored in a banking facility that was unavailable to me for a number of hours I would no longer be one of their customers. Money is something that you cannot give a second chance of risk for, it may not be available for lack of funds. If you were still customer of the banks after the first episode 3 years ago and were a victim the second time, that is your fault for trusting unreliable sources. Lets see how many customers will let it happen three times.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.