March 4, 2019

UK banks hit with IT failures every day according to Which?

By Ellen Daniel

UK banks are experiencing at least one IT shutdown every day, leaving customers unable to make payments.

This is according to an investigation by consumer watchdog Which? which has discovered that at least one UK bank experienced some form of IT failure every day.

Since April 2018, the Financial Conduct Authority has required UK banks to publicly disclose major operational or security problems and how they are responding to them, designed to ensure that customers are better informed.

Through analysing the latest reports from 30 banks and building societies, Which? identified 302 incidents affecting customer transactions in the last nine months of 2018, suggesting that problems with payment processing are very common.

According to The Guardian, six of the UK’s biggest banks had at least one failure every two weeks, with the Treasury select committee recently launching an inquiry into such banking failures.

Bank IT failures: the worst offenders

The research also revealed which banks have suffered the most IT issues over the last nine months. Barclays came out on top, experiencing 41 incidents. Just last week, hundreds of Barclays customers were unable to access their mobile banking app after it crashed on payday, with many venting their frustrations on Twitter.

TSB, where a new IT system introduced last year caused 1.9 million people to lose access to online banking services, reported 16 incidents.This appears to have affected the bank’s popularity, with TSB having the worst customer score according to the Which? Recommended Providers list.

Both Starling, a digital-only challenger bank, and Virgin reported no issues during the time period.

Tim Dunton, MD, Nimbus Hosting believes that the research shows that banks should be doing more to ensure that customers are not affected by IT issues:

“Once again the banking industry’s ageing IT infrastructure has been exposed, revealing a catalogue of errors and glitches that will have profound consequences for customers. Downtime remains a major issue, putting critical business transactions at risk and undermining confidence in the system.

“Moving forward, it’s vital that banks take a proactive approach to address these issues. This means recognising the growing competition from digital challenger banks, beefing up security systems and improving operations as a priority.”

Although fintech has revolutionised banking in many ways, this highlights the potential problems with a cashless society, as customers risk being left without a backup payment option when IT or security problems occur. According to research by Which? cashpoints disappeared at a rate of 488 per month in the second half of 2018 and over 3,300 bank branches closing in the last four years. Last year, Visa experienced an IT meltdown in which 5.2m transactions failed after a problem at a data centre. The chaos caused by such incidents highlights the ongoing need for alternative payment methods.

Jake Moore, cyber security specialist at ESET believes that it is vital that banks have a robust system in place for dealing with IT failures quickly and with minimal disruption:

“IT glitches are common place but it comes down to how the banks deal with these issues, ranging from slowing down payment times to network blackouts and mass failures. Most importantly, these banks will have a crisis management process planned out for all known attacks which will guide them through stage by stage to get back up and running, leaving a minimal impact on the business. Protecting critical infrastructure is of utmost importance and the larger the risk, the more resources need to be implemented.

“However, in an age where cyber criminals act on socially engineering their victims into acting fast on feelings such as fear or urgency, slowing down the payment process online might not in fact be a completely bad idea. The longer a transaction takes to transfer, the bigger the chance the bank can put a stop to that payment in mid flow should it be found out that the sender has been a victim of fraud.”