fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NatWest Bank Scheduled Payments Bug May Have Cost You Money

NatWest Bank Scheduled Payments Bug May Have Cost You Money

Today, the UK-based National Westminster (NatWest) Bank is emailing multiple customers, asking them to check their debit transactions over the last year.

The email alerts state that due to a system error, many more payments may have been debited from customer accounts than the originally agreed-upon frequency.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders (similar to Bill Pay instruction) set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop.

This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

More money could’ve left your bank account

Today, NatWest has emailed multiple customers and urged them to check their bank account for payments debited since 23rd March 2020.

This issue primarily impacts NatWest banking customers who had set up standing orders via Online Banking for making automated payments.

Similar to Bill Pay (in the US), standing orders are used by UK banking customers to set up automated recurring payments for bills, rent, and other debit transactions.

Whereas a Direct Debit can be requested for a customer bank account by any organization (with customer approval), standing orders can only be initiated by the customer themselves.

A standing order typically contains the amount of payment to be debited, the frequency of payments (i.e. weekly, monthly, quarterly, etc.), and when should the payments end.

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

In emails sent by NatWest today, as seen by BleepingComputer, the bank states that due to a system error that lasted over 11 months, the total number of payments that should be debited or the date when these payments should end was not correctly recorded for standing orders. 

“We’d like to apologise for a mistake we’ve made with standing orders. We can reassure you that it’s now been put right and we’d also like to explain what to do if you’ve been affected.”

“This error affects any standing orders you set up between 23rd March 2020 and 24th February 2021 using Online Banking,” reads the email alert seen by BleepingComputer.

For standing orders initiated between these two dates, the bank failed to properly capture the end date for the order or the total number of (outgoing) payments the customer had requested.

“This means any payments will have continued to be debited from your account unless you cancelled it,” continues the email alert, shown below:

Emails being sent to NatWest banking customers impacted by the flaw
Source: BleepingComputer

Customers urged to check their bank accounts

Although the bank has now fixed the issue, customers who had set up standing orders between the aforementioned dates are urged to check their transactions to see if they have paid someone in excess.

Any standing orders set up after 24th February 2021 should be fine, according to the bank.

“However, it’s worth checking any standing orders you’ve set up before then in case they’ve been paying out for longer than you wanted them to,” advises NatWest.

NatWest Online Banking customers can log in to their account on a computer, and click on the “Cora” chat assistant icon located in the bottom right area of the screen.

The customers can then type the reference code “SO21” in the chat box to connect to a bank representative who can specifically advise on this matter:

natwest cora chat
Customers can log in to their account and quote reference code ‘SO21’ in chat
Source: BleepingComputer

It is unclear how many customers have been impacted by this flaw.

A NatWest support representative confirmed to BleepingComputer that “multiple customers” were affected.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

BleepingComputer has reached out to NatWest with some questions and we are awaiting their response.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us