Banking security failures leads to call for payments regulator

Lloyds data centre in Copley
Lloyds data centre in Copley

Banks and building societies are being hit by more than one IT or security failure that potentially stops customers making payments every day, an investigation has found.

Consumer champion Which? Money found there were 302 incidents that potentially prevented customers from making payments in the last nine months of 2018.

It said the findings were made by looking at websites and speaking to banks directly in some cases. It argues the findings highlight the need for a single regulator to be given the statutory duty to protect access to cash and build a sustainable cash infrastructure for the UK.

Since April last year, the Financial Conduct Authority (FCA) has required banks to inform it of operational or security incidents which prevents customers from using payment services.

Which? found the average number of significant breaches across each of the 30 banks and building societies in its analysis was one a month.

It said Barclays reported most major incidents (41), followed by Lloyds Bank (37), Halifax/Bank of Scotland (31), NatWest (26), RBS (21) and Ulster Bank (18).

TSB, whose botched introduction of a new IT system last year caused customers to lose access to online banking services, reported 16 incidents. Barclays said even minor glitches that have a minimal impact on consumers are reported.

A Barclays spokesman said: “We take IT resilience extremely seriously and we welcome transparency for our customers which is why we report every incident to the regulator, even minor glitches that have minimal impact on customers.

“Our systems are designed to ensure continuity of service for customers in the event of an incident, with a range of channels available to customers including our branch network, telephone, online and mobile banking.” Which? said it is concerned that more than 25 million people who consider access to cash a necessity risk being left vulnerable without a non-digital payment alternative as bank branches and cashpoints close.

Previous Which? research has found that ATMs vanished at a rate of 488 per month in the second half of last year, while more than 3,300 bank branches have closed since 2015.

Jenny Ross, Which? Money editor, said: “Our research shows that these major banking glitches, which can cause huge stress and inconvenience to those affected, are even more common than we feared.

“This highlights why it is so important that a regulator is given responsibility to protect cash as a backup when technology fails and to ensure no-one is left behind as digital payments become more common.”

A UK Finance spokesman said: “When incidents do occur, firms work around the clock to minimise disruption and get services back up and running as quickly as possible. Operational resilience is crucial in a modern financial system and is a key priority for the industry.

The number of IT incidents over a nine-month period, according to Which? Money were:

Barclays, 41; Lloyds Bank, 37; Bank of Scotland/Halifax, 31; NatWest, 26; RBS, 21; Ulster Bank, 18; Santander, 16; TSB, 16; Cahoot, 15; HSBC UK/First Direct, 13; Tesco, 12; Co-op, 7; Chelsea, 6; Smile, 6; Yorkshire Building Society, 6; Coventry Building Society, 5; Metro Bank, 5; Nationwide Building Society, 5; First Trust Bank, 4; M&S Bank, 4; Danske Bank, 2; Bank of Ireland (UK), 2; B, 1; Clydesdale, 1; Monzo, 1; Yorkshire Bank, 1; Starling Bank, 0; Virgin, 0.