01:25 PM

Royal Bank Of Scotland Glitch Tests Customer Loyalty

Managers at The Royal Bank of Scotland have red faces after second IT crash in less than a year annoys millions of customers.

IT problems have flared up again at one of the U.K.'s biggest retail banking chains, less than nine months after a three-day total system blackout.

For at least three hours on Wednesday night, customers of NatWest, Ulster Bank and Royal Bank of Scotland found themselves unable to access their accounts either by phone or online. (All three are brands of The Royal Bank of Scotland, a commercial operation that is majority-owned by the British state following its near collapse during the 2008 banking crisis.)

According to The Guardian, the problem continued well into Thursday morning for some customers. Indeed, this week's problem seems to be in many ways a throwback to the snafu earlier this year, in which British checking account customers were unable to pay their mortgages, settle debts, or even withdraw cash for food, and which left some customers arguing over missed transactions even weeks later. This time, however, the bank denies that the problem is software-related.

[ What are U.K. companies' most pressing security concerns? Read U.K. Public Sector's Top Security Worries. ]

Further stoking customers' anger is the fact that so far the bank seems unwilling to accommodate those who, through no fault of their own, may now face problems on their credit scores and other issues resulting from the glitch.

According to The Guardian, a member of campaign group Move Your Money -- which describes itself as "a national campaign to spread the message that we can help to build a better banking system" – described the downtime as "like [the movie] 'Groundhog Day.'"

In its formal response, the bank said, "We are disappointed that our customers have faced disruption to banking services for a period on Wednesday evening, and apologize for that. All services are now running as normal again." It did not offer any more details about the disruption or how it had been resolved.

However, NatWest reportedly told an IT news site that a "hardware fault" on one of its IBM zSeries mainframes was responsible for blocking customers' access to ATMs and online banking services. (Since branches were closed at that time of night, customers were also unable to interact with tellers.)

The same IT site claims that last year's three-day emergency was due to human error -- allegedly, an employee "hit the wrong button" during what should have been a routine overnight batch job using banking software from CA Technologies to update a system handling inbound payments.

The problems that occurred last June raised an almighty stink in the U.K., and two brownouts may end up being one too many for the Royal Bank of Scotland. The Twittersphere is full of customers swearing to move their business to rivals: "Disgraceful service. Am moving my banking to Santander! You cannot be trusted with our money!!!"

All in all, it's quite amazing in 2013 to see Tier One banks having so many technical problems -- and responding to them with such poor PR.

Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
3/22/2013 | 8:44:29 PM
re: Royal Bank Of Scotland Glitch Tests Customer Loyalty
I can tell you that if I had all my money stored in a banking facility that was unavailable to me for a number of hours I would no longer be one of their customers. Money is something that you cannot give a second chance of risk for, it may not be available for lack of funds. If you were still customer of the banks after the first episode 3 years ago and were a victim the second time, that is your fault for trusting unreliable sources. Lets see how many customers will let it happen three times.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.