HSBC's Pipe Work Sends Texts Down the Drain

It's not always crime that brings negative attention to a bank's networks; sometimes it's an honest mistake.

But either way, First Direct's erroneously sending customers text messages with other people's transaction details earlier this fall is fraught with peril. "Someone's information has been compromised, and that kind of compromise is inexcusable," says Jacob Jegher, a senior analyst in Celent's banking group. "Consumers want to see banks as a source of trust."

The U.K.-based online banking subsidiary of HSBC, First Direct's text banking customers receive daily messages detailing balances and transactions from the previous day. The mistaken texts to consumers contained transaction details related to other accounts. The bank said that the texts contained details on transaction amounts, and in some cases where the transaction was made. The bank contends there was no security risk because no personal details or private identification information was involved. But analysts say any mistakes involving mobile banking are bad for the bank. "Customers may worry that getting information via text messages might be risky," Jegher says.

The problem was likely caused by off-hours work to increase the capacity of the "pipe" used by the institution to deliver text messages. "That's a big programming mishap. It's a new channel," says Avivah Litan, a vp for Gartner, who says there are quality assurance programs that can mitigate mistakes that can crop up on projects in which a lot of code is being managed.

George Tubin, a senior research director for TowerGroup, says banks can mitigate these mistakes by masking the data in the messages in such a way that it can't be used to commit fraud.

In a written response to BTN, a First Direct spokesperson said the bank has determined that less than 0.01 percent of its text message banking customers were affected by the issues and the problem has been fixed. The spokesperson also said that if the bank moves to new pipes in the future to expand capacity "we will be looking to make small batch deliveries of messages as the move takes place."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER