RBS Group issue new cards to victims of Ticketmaster hack

Ticketmaster admitted in June 2018 that their website had been compromised and that 40,000 UK accounts were impacted.

The new cards have been issued as a precaution to all RBS and NatWest customers who used their cards on the Ticketmaster website.

However, it sparked panic amongst some customers who wondered if the letters announcing the new cards were a scam themselves.

Credit: chrisdorney/Shutterstock.com

Precautionary measures from RBS

Ticketmaster admitted that its payment pages for UK customers had been infected by malware between February and June 2018.

Customers who bought or attempted to buy any tickets from Ticketmaster during that period potentially had their details exposed by the breach.

These included names, home and email addresses, phone numbers, payment details and log-in details.

Now RBS have sent letters to all customers who used their debit card on the Ticketmaster website to advise they will be sent replacement cards shortly.

However, the challenger bank Monzo were faster to act on this breach. They spotted signs of fraud on some cards and informed Ticketmaster before proactively replacing cards.

Lloyds Banking Group issued new cards for all customers who had used Ticketmaster in that period during November 2018.

At the same time, Lloyds reissued debit cards to customers who had been impacted by the British Airways breach that came to light in September and compromised the payment details of over 185,000 customers.

In that instance, RBS Group were quicker to act and replaced debit cards in line with other major banks.

Tesco Bank also cancelled cards following a suspected security breach in March 2018.

Data breaches part of global security problem

Large-scale data breaches such as the Ticketmaster and BA ones frequently hit the headlines, although generally months after they're discovered by the companies involved.

This is partly for commercial reasons, but also because revealing there has been a breach often opens up a company's customers to other attempted fraudsters.

For instance, criminals hearing of breaches can attempt to trick customers by sending phishing emails purporting to be from the company, thereby giving further opportunities for customers to be defrauded.

Unfortunately, aside from being vigilant about the charges made on their accounts, there is little customers can do to prevent the large-scale data security breaches that regularly make the news.

Security issues continue to diversify

In the first half of 2018, banking customers in the UK lost £500m in scams and frauds.

This included £358m in what is called "unauthorised fraud" where a third party carries out a transaction. This would be the category any customers defrauded due to the Ticketmaster breach would find themselves in.

Victims of unauthorised fraud are covered by the Payment Service Regulations and the Consumer Credit Act, although banks can refuse refunds if customers are deemed to have acted with gross negligence.

£145m of money stolen from bank customers in the first half of 2018 stemmed "authorised push payments".

These take place when customers mistakenly authorise a payment to a fraudster in the belief that they're dealing with a genuine company.

In 2018, the Financial Conduct Authority took steps to warn UK customers of a clone firm claiming they were Australia's Westpac Banking Corporation.

Governments across the world are scrambling to keep up with new technology and its implications for fraud, with the EU launching a directive to use secondary authorisation through mobile phones to limit fraud for online shoppers.