[devnull791101]

i believe tesco is a customer services front end to hsbc, so i doubt that its a bank end/ accounting problem. since its only online payments that have been stopped it suggests a card details leak, including the security code. i imagine this would only affect cards that dont have the 2 factor (mastercard/visa) step set up. perhaps a successful phishing or malware attack which has targeted tesco users

[sofaofthedamned]

Not on RBS platform anymore, they moved their current accounts off that to fiserv:

http://www.computerweekly.com/news/2240222351/Tesco-Bank-lau...

[sonthonax]

No, Tesco Bank is wholly owned by Tesco; you're thinking of M&S Bank, which is a front end to HSBC.

[devnull791101]

i can say for sure the few times ive had issues transferring money overseas tesco customer services claim to be checking the status on an hsbc system

[AlphaSite]

Maybe their forex is via Hsbc?

[tankenmate]

I think you might mean SWIFT (wordlwide) or SEPA (euro area + other EU).

Forex typically means buying or selling currencies, not transferring money between parties.

[thisone]

It's a moot point, but forex's are also used to move money internationally. It is ultimately buying and selling currencies, but you get much better rates than through the bank because the forex isn't actually moving your money. It's receiving money into accounts which are in the senders country, and then, using its accounts in the receivers country, it pays the receiver.

Also means the receiver doesn't get hit with fees to receive an international payment.

[makomk]

Some of the smaller banks and building societies seem to use larger banks like HSBC to process transfers.

[oarsinsync]

I interpreted "online payments" to mean payments to accounts via online banking, rather than credit/debit card payments online.

If it was a card details leak, I'd have expected cards to be cancelled, and not allowing them to continue to be used.

[devnull791101]

definitely making card payments online is currently blocked. a text message ive received says SO and debit orders will continue as normal

[zigzigzag]

There are stories of people losing 2000 pounds leaving them with only 20 pounds left in the account. Hard to believe such people could get credit cards with a 2k limit. Also if the fraudulent payments were card payments why not just reverse them in the normal way. It sounds more like bank wires.

[oarsinsync]

> Hard to believe such people could get credit cards with a 2k limit

Unfortunately that's totally plausible, and infact, are the profitable customers for credit card companies. Why give a credit card to someone who can pay off their bills in full every month, when you can give someone more credit than they earn, let them spend it all, and then pay you monthly with interest?

As a point of reference, my Amex limit is 5x my monthly post-tax earnings. Back when I was only eligible for entry cards, at £250 limit increased to >£5k within a year.

[pjc50]

It does sound like bank transfers - either SWIFT or Faster Payments. If it's a backend attack they could well have bypassed all the usual checks, including checking for positive balance & overdraft limits.

[joosters]

That still seems odd... phishing & malware attacks are going on all the time, so a targetted strike on Tesco bank users all at the same time would be a very 'restrained' attack. Phishing would take place over several days, so the attackers would be gathering account details piece by piece. Also, the first thing that banks tend to do when a large scale phishing attack has been successful is to re-issue new passwords and card numbers, yet Tesco haven't done this. So whatever avenue of attack the hackers had, Tesco must be confident that they have closed it off without needing to junk any compromised account details?