Consumers are increasingly utilising online financial services, allowing them to handle money conveniently and via smartphones. Consequently, digital financial services firms are fast-becoming targets for cyber-thieves. Tesco Bank was recently subjected to a hack, which saw money stolen from thousands of its customers, sparking a major reputational crisis for the Tesco Plc-owned firm.
Cyber-criminals have launched what its Chief Executive, Benny Higgins, called “a systematic, sophisticated attack” on Tesco Bank, the BBC reports. It was initially believed that hackers stole money from 20,000 online accounts. Reports have now confirmed that Tesco Bank refunded £2.5m to 9,000 customers whose accounts were hacked, less than half the original 20,000 thought to be affected.
Tesco Bank responded by suspending online debit card transactions, to prevent further criminal activity, for several days. Commenting, Higgins said that some accounts “have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently.” Going on, he said that “we are working hard to resume normal service on current accounts as soon as possible.”
Speaking further, he apologised for any “worry and inconvenience,” this posed to customers. On 8th November, Higgins revealed that “we’ve now… lifted the suspension of online debit transactions so that customers can use their accounts as normal,” again apologising for any inconvenience caused. However by this point, the damage to Tesco Bank’s online reputation had already been done.
In response to this, Tesco Bank customers complained via the firm’s website and social media channels. Many complaints centred on the long delays customers were forced to endure while waiting to find out whether their account had been impacted. For example, Tesco Bank customer Mark Noakes complained to the BBC that when he “finally got through to customer services,” he was told that the problem would “take 48 hours to sort,” adding that “for such a big company they are not being professional.”
In his response, Noakes hit the nail on the head. When their customers’ accounts are hacked, financial institutions needs to act quickly and professionally, in order to salvage consumer trust. It took Tesco Bank days to fix the breaches, refund affected consumers and lift its emergency security measures. The institution even refrained from describing this incident as a “hack,” further angering consumers.
Tesco Bank’s response illustrated a lack of empathy and consumer understanding. It lost sight of the fact that the incident meant customers couldn’t access their hard-earned funds to complete the most basic everyday tasks – such as buying food. By hacking into their accounts, cybercriminals essentially limited these consumers’ ability to function normally. The bank clearly did not understand just how much worry this would cause among consumers as it continued to issue responses which only heightened uncertainty, further fuelling a backlash.
In this fast-paced digital world, customers expect fast service. Research suggests that 42% of consumers who complain to a company via social media, expect a response in the hour, with over half maintaining this expectation outside of standard business hours. Consequently by dragging their heels, Tesco Bank opened themselves up to more online scrutiny, further damaging their image online.
The problem was compounded by the scale of the attack. Commenting on the issue, Europol Security Consultant Professor Alan Woodward noted that “I’ve not heard of an attack of this nature and scale on a UK bank where it appears that the bank’s central system is the target.” The unusual nature of the attack ensured that it generated a heavy volume of press headlines, further damaging Tesco Bank’s image.
Crucially, social media platforms and news websites are seen as trusted sources of information by Google. Therefore, content posted on these portals ranks highly in Google searches for the relevant terms. The first page of a Google search attracts 92% of traffic, so negative content posted on these websites can seriously damage a business’ reputation, as it is highly likely to be seen by consumers.
To provide goods and services, financial firms need to develop consumer trust. Public confidence in UK’s banking sector dropped significantly after the 2007-2008 financial crisis and the sector has only now started winning back trust. In 2014, a consumer confidence survey found that UK trust in the banking industry was beginning to recover, but it still lagged behind the rest of the world.
As Tesco Bank recently learned, financial services provider cannot afford to wait, when cyber-criminals hack into their customers’ private details. Frustrated customers will vent their frustrations on social media, threatening their ability to foster consumer trust online. It is key that financial firms develop crisis management plans, so they can deal with breaches quickly, limiting the reputational fallout.
Effective crisis management plans are centred on collaboration. They ideally consist of PR, HR, legal and marketing team members, who can come together quickly and maintain consistency, when responding to a crisis. It is also important for financial firms to invest in preventative measures like anti-virus software and password protection programmes. By implementing these initiatives, companies can make it harder for criminals to breach their systems and steal consumer data.