Banking Systems in Chaos?

Yet another grey day. Whatever happened to global warning? I need some sun. Two semi-related stories in the news today.

Up to 400,000 people will not be paid as expected on Friday as a result of a problem with the banking system.

The Bacs system has been running slowly (when my PC's performance starts to decline I automatically suspect either SpyWare or a fragmented disc - hope they have checked these posibilities?) and so not all payments have been sent out in time.

The Association of Payment Clearing Services (Apacs) - an association of banks which handles credit transfers - said the delay had been caused by a software problem which had been discovered on Wednesday. Sandra Quinn (remember this name) said "We would like to stress to customers that we are doing all we can to resolve it and how sorry we are to people affected by this problem." She stressed that by Thursday the payment system was operating normally again. "This was just a one-off problem. We are pretty sure it is resolved. We are confident that payments that should have been made today will at the latest be in customers' accounts by Monday morning." (Every problem is a 'one-off' (remember that) and either it is resolved or it isn't - sounds a bit vague to me). People who need cash for the weekend are being advised to withdraw it over the counter, as cash machines may refuse the withdrawal.

And the second story ......Hackers target TK Maxx customers
Stores in the US, UK, Canada, Ireland and Puerto Rico are affected

Hackers have stolen information from at least 45.7 million payment cards used by customers of US retailer TJX, which owns TJ Maxx, and UK outlet TKMaxx. In a statement to US watchdogs the firm said it did not know the full extent of the theft and its effect on customers.
TJX added that the security breach may also have involved TKMaxx customers in the UK and Ireland. But the company added that at least three-quarters of the affected cards had expired or data had been masked. The company advised that 100 files were moved from its UK computer system in 2003, and two files were later stolen.

Diary of events

18 December 2006 - TJX discovers the breach in security.
Within days it hires outside investigators and notifies US federal authorities.
19 January 2007 - Publicly admits the problem, but not the full extent
29 January 2007 - Reveals the full nature of the breach
Says data was first hacked in July 2005
Stolen bank card details date back to December 2002

A spokesperson admitted that the firm may never know what was in those files. "We don't know what was in those files - the technology the hacker used prevents TJX from knowing, and also the fact that TJX system routinely deletes files," (Yes - I use Microsoft software too - it always deletes files randomly - sorry routinely) the spokesperson added. The data was accessed on TJX's systems in Watford, Hertfordshire, and Massachusetts over a 16-month period from July 2005 and covers transactions made by credit and debit card dating as far back as December 2002.

Sandra Quinn (remember the name? Is this another on-off problem? Is she any less vague than in the other story?) from the Association of Payment Clearing Services (Apacs) said there had been a "massive" compromise of security - on a scale not seen before. However, she said that that for most people, the card details stolen would no longer be relevant (that's comforting then) "If they were doing transactions with TK Maxx between those dates they will generally now have a brand new credit or debit card in their wallet, so they can be sure that it will be the old details of their card that has been compromised, not their current card."

The company, which discovered the problem three months ago and reported it two months ago, said that a lot of questions remained about the attack. "There is a lot of information we don't know, and may never be able to know, which is why this investigation has been so laborious," spokeswoman Sherry Lang said. "the intruder had access to the decryption tool for the encryption software utilized by TJX". "Since discovering the crime, we have been working diligently to further protect our customers and strengthen the security of our computer systems." (Sloppy procedures??? (If they have any.) If they are now strengthening their systems then they must have been weak in the first place. (And the NHS thinks it can keep patient data better protected than the banks even when laptops are stolen and a password is used? - I don't think so. ))