Risk
3/8/2013
01:25 PM
50%
50%

Royal Bank Of Scotland Glitch Tests Customer Loyalty

Managers at The Royal Bank of Scotland have red faces after second IT crash in less than a year annoys millions of customers.

IT problems have flared up again at one of the U.K.'s biggest retail banking chains, less than nine months after a three-day total system blackout.

For at least three hours on Wednesday night, customers of NatWest, Ulster Bank and Royal Bank of Scotland found themselves unable to access their accounts either by phone or online. (All three are brands of The Royal Bank of Scotland, a commercial operation that is majority-owned by the British state following its near collapse during the 2008 banking crisis.)

According to The Guardian, the problem continued well into Thursday morning for some customers. Indeed, this week's problem seems to be in many ways a throwback to the snafu earlier this year, in which British checking account customers were unable to pay their mortgages, settle debts, or even withdraw cash for food, and which left some customers arguing over missed transactions even weeks later. This time, however, the bank denies that the problem is software-related.

[ What are U.K. companies' most pressing security concerns? Read U.K. Public Sector's Top Security Worries. ]

Further stoking customers' anger is the fact that so far the bank seems unwilling to accommodate those who, through no fault of their own, may now face problems on their credit scores and other issues resulting from the glitch.

According to The Guardian, a member of campaign group Move Your Money -- which describes itself as "a national campaign to spread the message that we can help to build a better banking system" – described the downtime as "like [the movie] 'Groundhog Day.'"

In its formal response, the bank said, "We are disappointed that our customers have faced disruption to banking services for a period on Wednesday evening, and apologize for that. All services are now running as normal again." It did not offer any more details about the disruption or how it had been resolved.

However, NatWest reportedly told an IT news site that a "hardware fault" on one of its IBM zSeries mainframes was responsible for blocking customers' access to ATMs and online banking services. (Since branches were closed at that time of night, customers were also unable to interact with tellers.)

The same IT site claims that last year's three-day emergency was due to human error -- allegedly, an employee "hit the wrong button" during what should have been a routine overnight batch job using banking software from CA Technologies to update a system handling inbound payments.

The problems that occurred last June raised an almighty stink in the U.K., and two brownouts may end up being one too many for the Royal Bank of Scotland. The Twittersphere is full of customers swearing to move their business to rivals: "Disgraceful service. Am moving my banking to Santander! You cannot be trusted with our money!!!"

All in all, it's quite amazing in 2013 to see Tier One banks having so many technical problems -- and responding to them with such poor PR.

Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
3/22/2013 | 8:44:29 PM
re: Royal Bank Of Scotland Glitch Tests Customer Loyalty
I can tell you that if I had all my money stored in a banking facility that was unavailable to me for a number of hours I would no longer be one of their customers. Money is something that you cannot give a second chance of risk for, it may not be available for lack of funds. If you were still customer of the banks after the first episode 3 years ago and were a victim the second time, that is your fault for trusting unreliable sources. Lets see how many customers will let it happen three times.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.