TSB: A Lesson In Why Updates Can Go Wrong
In its plight to become the key player in the digital baking age, TSB recently launched a new banking tech platform, the Proteo4UK, migrating away from its legacy platform that was provided by Lloyds Banking Group. Its purpose was to challenge bigger banks by offering Fintech services, like some of the UK’s challenger banks already do. Instead of a smooth upgrade, it resulted in chaos. With users being locked out of their bank accounts, money disappearing and access issues (whereby users were able to see other users accounts, sort codes and account numbers).
This is an obvious major data breach. It’s not clear yet whether any money has been stolen from any accounts, but the government and the FCA have had to get involved. They’ve even drafted in the help of tech giant, IBM. The damage done will have a catastrophic effect on TSB’s reputation. It’s likely they have to pay out more than the £160 million savings they made making this change, as compensation to their customers.
“The conversion of the systems – the data and the interface accessing the data, which links up to the banking system – clearly has not been well-tested before it went online,” says Shujun Li, a professor of cybersecurity at the University of Kent’s School of Computing. “The scale of the problem we saw is incredible. It’s impossible if they had done systematic testing of the system. For me, it’s clearly a case of management, rather than purely a technical problem.”
That said, Li believes there are parallels that can be drawn with another major business supply failure of recent times: KFC’s chicken crisis. “It’s nothing more than about switching to a new supplier without understanding what the new supplier can and can’t do,” he says. “That’s what caused the problem.”
What could have caused TSB’s breakdown?
Without knowing how the Proteo4UK system was developed it’s hard to say what caused the meltdown. However, from a technical point of view, it’s more complicated than simply underestimating their new supplier. This was a whole new banking architecture, much bigger than the user-facing website and app that was frustrating thousands of UK customers, but it boils down to the same basic rules any software and web developer has to deal with which we can draw parallels with during our team’s areas of expertise.
Website updates, support and maintenance: Our area expertise
Usually made by third parties who you trust to do a good job. But, sometimes these developers can abandon them or make mistakes in a release. If you are too quick to press ‘Update plugin’ without the due diligence to test it on a non-live version of your site, you open up your WordPress website to the possibility of going offline. Or discover that your plugin is incompatible and it doesn’t work as expected.
Broken or invalid code:
There may be issues with the web code being broken. Sometimes this is an issue caused directly by someone working on the website and it not going through the relevant QA process.
Hosting or server errors:
As well as broken code, you may find server or hosting provider causes errors. These are frustrating as they’re neither your fault nor can you fix them yourselves. If a third party is hosting your website, they may be experiencing server troubles. They could be running scheduled maintenance or they might even be experiencing severe weather that’s affecting their hosting abilities.
Your website might need more hosting; depending on the size of your website and/or how much traffic you get. If you’re on a small, shared host plan and your website starts to grow, don’t be surprised if it suddenly locks up.
And although massive amounts of traffic coming to your website is a good thing, if it’s a sudden influx, it could also crash your website. If you have a post that has suddenly gone viral or a product that’s suddenly become incredibly lucrative, there’s a good chance your website might crash. Especially if it’s not prepared by scaling up resources to handle the increase.
A brute force attack can also be the reason behind your website going offline. This is where the traffic you’re receiving is spam bots and virus software; they’re trying to break into the backend of your website. Across the internet, there is an endless number of bots crawling through different websites. Desperately trying to find vulnerable ones they can break into.
They can do a great deal of damage to your site, even if they don’t manage to break into it.
What can Jerram do to help?
Websites can be complex and intricate things, and keeping them in check takes more than just a click of a button. As we’ve seen in the last couple of weeks everything that’s happened with TSB, things can go drastically wrong. TSB have an entire IT department spread across countries all around Europe and problems still arise such as this one.
As a business owner or person in charge of your digital presence, are you able to constantly monitor your website to ensure that all the necessary updates are updated and compatible? Is the support and maintenance of your website something you have time to do?
Along with software updates, there are many other parts of your website that we’ve discussed that need active monitoring. And most of these updates need to be checked for manually. We at Jerram, offer a support and maintenance package that comes with developers with relevant knowledge and experience that can ensure that your website stays up and running. Find out what website services we offer and how we can keep your website in tip-top shape. You can also download an infographic to find out what we did for our clients in 2017.