LONDON (Reuters) – Britain’s five biggest banks had a total of 64 security or operational incidents that cut customers off from telephone, mobile or online banking in the second quarter of 2018, according to disclosures on the banks’ websites.
New rules from the Financial Conduct Authority (FCA), which came into effect on Wednesday, require banks to disclose payment service outages caused by cyber attacks or other disruptions.
The FCA’s action shows how banks’ digital operations are increasingly in focus as consumers do more phone or online banking, making them potentially vulnerable to a serious IT outage or hack.
Lloyds Banking Group had 19 of these incidents, with most hitting internet banking, while Barclays reported 18, Royal Bank of Scotland 16 and HSBC seven. Santander UK reported four.
The disclosures do not say what caused the outages, but some banks noted that in some cases the incidents only affected internal systems or limited numbers of customers.
“The vast majority of cases were very small incidents which were resolved quickly without customers experiencing any detriment to their service,” a Lloyds spokesman said.
A Barclays spokesman also said the incidents had a minimal impact on customers and were addressed immediately.
RBS’s systems were resilient and the bank had made significant investments in them, but it was nevertheless working to minimise disruption, a spokesman for the bank said.
HSBC and Santander did not immediately comment on the disclosures.
Earlier this year, a botched system upgrade at mid-sized bank TSB left many customers without access to their money for days and more vulnerable to fraud.
TSB, which is owned by Spain’s Banco de Sabadell, reported a total of seven incidents in the last three months, highlighting the limits of the disclosure system which does not reflect the severity of service disruptions, only their frequency.
Smaller banks Virgin Money, CYBG and Metro Bank reported no incidents, while the Co-operative Bank and Nationwide Building Society both disclosed two.
The FCA and the Bank of England have given financial services firms until October to explain how they plan to avoid damaging IT breakdowns and respond to the growing threat of cyber attacks.
(Reporting by Emma Rumney. Editing by Jane Merriman)