HSBC and RBS face trial by Twitter as online banking technology fails them

Millions of customers have been affected by IT glitches this year, throwing the spotlight on processes that weren’t built for the demands of the digital age. Hazel Sheffield asks if the high street giants can put things right before the ‘challengers’ cash in 

Hazel Sheffield
Wednesday 07 October 2015 00:41 BST
Comments
A sign in the window of a NatWest branch apologises to customers for technical issues – which have increasingly affected big banks’ PR
A sign in the window of a NatWest branch apologises to customers for technical issues – which have increasingly affected big banks’ PR (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

At lunchtime on 28 August, people started to share the news on Twitter that they were missing their monthly pay. It was the Friday before a bank holiday and there were parties and pub dates to attend.

But it was also the end of the month, and many of the bank’s customers had rent payments to meet and direct debits that would be withdrawn. HSBC’s Twitter feed started to fill up with angry customers. “I need to pay my deposit for my university accommodation and the deadline is today – please can you get this sorted?” one begged. “Have you been hacked?” asked another.

"The processes and systems in place are unable to cope with the demands placed on them by modern banking."

&#13; <p> Pollyanna Russell-Stower, an associate in the dispute-resolution team at the law firm Ashfords</p>&#13;

HSBC hadn’t been hacked – far from it. The problem was so small that at first the bank had failed to notice it. HSBC had sent payments to Bacs, the system that is used to make electronic payments in the UK. But one was too large and bounced back.

A junior staff member received the bounceback but didn’t understand the implications. The notice was put in a queue to be dealt with. Meanwhile, no one got paid.

“The cause of the delay was human error, not an IT systems failure,” an HSBC spokesperson said.

“A tranche of payments submitted to the bank’s clearing system was too large. When this file was rejected, teams did not escalate the matter with due speed.”

Human error is a very different problem to the kind of systemic failings at Royal Bank of Scotland and NatWest, both part of the RBS group, in 2012 that led to significant problems for more than 6.5 million customers over a period of several weeks. A software upgrade left them unable to get into their online accounts, or to call up accurate balances, make mortgage payments or gain access to their money while overseas. RBS was fined £56m in the aftermath.

“Modern banking depends on effective, reliable and resilient IT systems,” said Tracey McDermott, director of enforcement and financial crime at the Financial Conduct Authority, when the penalties were announced.

£750m

RBS has invested in tech since 2012

The IT systems of the largest banks have evolved into a complex web of processes that makes them vulnerable to all sorts of different failings. After a summer of recurring IT glitches, the question now is whether the big four banks can put a stop to these incidents or whether consumers will need to find alternative solutions to make sure their money is safe.

RBS has invested £750m in technology since 2012, but that hasn’t prevented a series of IT problems this year. On 17 June, customers of the bank suffered payment issues because one of the security certificates in the software that verifies the link between RBS and the Bacs system had expired. Such a transaction requires around 30,000 certificates, but because one had expired, payments that were meant to go through on the Wednesday or Thursday were delayed until the Friday.

The delays could have been worse, affecting many more customers, had RBS not made the earlier investment.

A month later, on 31 July, the bank suffered a “DDoS” attack, where hackers flooded the bank’s servers with requests, crashing the system. These kinds of attacks are common across the banking industry and can be used to cause embarrassment or for blackmail attempts on websites.

If issues with the biggest banks persist customers will vote with their feet and transfer accounts to new "challenger" banks - such as Tesco and Virgin
If issues with the biggest banks persist customers will vote with their feet and transfer accounts to new "challenger" banks - such as Tesco and Virgin (VisMedia; PA)

Nine times out of 10, the systems withstand the threat. This time, the online banking service went down for six minutes and it took another 45 minutes for the IT team to get the system running as normal.

On 31 August, online banking went down again, this time because of continuing problems with mobile payments. Then, on 8 September, RBS customers found themselves unable to use ATMs.

Each time RBS experienced problems, a different part of its IT matrix was at fault.

So now the plan is to simplify things, cutting the range of payment platforms from 144 to 20 by 2020. The bank has already reduced the number of processes by 35,000 since 2012.

David Webber, managing director at the software company Intelligent Environments, said that streamlining systems is essential for banks looking to minimise IT outages. Often a complete overhaul of the IT architecture is too costly, so the solution is to develop back-up systems in case anything fails.

“Banks should streamline and automate core processes to achieve better control,” he said. “For example, by automating manual checks, banks can eliminate human error and rely instead on up-to-date and accurate data, acting faster to fix problems.”

Regulators have started to put the onus on banks to move away from seeking continuity – where they recover quickly from an incident – to resilience, where banking activities can withstand the effect of disruptive events.

The increasing number of IT problems is also a result of the way in which the industry is changing. Research by the British Bankers’ Association shows that the use of mobile banking apps has now overtaken that of internet banking and branch services. Many of the existing IT systems in banks were built with only branch services in mind.

“The processes and systems in place are unable to cope with the demands placed on them by modern banking,” said Pollyanna Russell-Stower, an associate in the dispute-resolution team at the law firm Ashfords.

It is also a question of visibility. One bank spokesman said that, before Twitter, customers were less aware of issues affecting the whole bank. Payment systems used to go down more often and for longer, but people didn’t notice to the same extent. The spokesman said that sometimes it can seem as if things are getting worse, even if they’re getting better.

One thing banks can do to combat the instant negative publicity is to develop a strong social media strategy. While HSBC was working to resolve its Bacs problem in August, it was also responding to each complaint on Twitter – from ruined children’s parties to cancelled holidays – reassuring people that the service would resume soon.

If issues with the biggest banks persist customers will vote with their feet and transfer accounts to new "challenger" banks - such as Tesco and Virgin - whose modern IT systems offer a more reliable service.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in