back to article Brit bank TSB TITSUP* after long-planned transfer of customer records from Lloyds

UK bank TSB's efforts to upgrade its systems have left numerous customers without online banking services – and some report having unintentionally accessed different accounts' details. The organisation, which split from Lloyds Banking Group in 2013, chose this weekend to complete the move of its customers' data from Lloyds IT …

Anonymous Coward

Completely down for me (with no bonus access to others' accounts, unfortunately).

I was surprised to see they chose to illustrate their unavailability with a fat cat (maybe they're trying to reclaim the term?), lying on a tree branch, apparently sick through overindulgence. One of their marketing people must be a frustrated satirist.

23
0
gv

Contingency and rollback

Whoever put together their contingency and rollback plan in case the 'upgrade' failed should quite probably be tendering their resignation...

8
0
Anonymous Coward

Re: Contingency and rollback

My wife works for Lloyds and ran their DR until Friday. They were warned there would be problems but chose to ignore the warnings.

11
0

This post has been deleted by its author

TRT
Silver badge

Perhaps for these sorts of financial services outages...

the loss of service could be described as...

Banking On-Line, Loss Of conneXion. Expect Downtime.

18
0
Anonymous Coward

Self inflicted DOS

Self

Harming

Implementation

Trajectory

12
0
Silver badge

Bullshirt

"Although the transfer has been a long time coming, many TSB customers only found out about the planned service disruption via a tweet sent at 5.36pm on Thursday 19 April – less than 24 hours before the digital blakcout was due to start."

Bullshirt. I got an email about 2 weeks ago about the transfer, and a text message last Wednesday about the downtime.

Now unless I've got some special TSB account where I get all of this information before the great unwashed, I would rather think those moaning just need something to moan about to make their Monday a little bit more interesting.

29
7
Flame

Re: Bullshirt

The only notification I got (as I've just checked) was an email on the evening of Tuesday 17th (21:19) stating TSB would be down from 4pm on the Friday throughout the weekend. No text messages. So I got a full day's extra warning than those on twitter - lucky me!

Even 2 working days notice is pathetic from a bank for such a major shift. And the fact they're having issues today means it still didn't go correctly. I'm probably going to vote with my feet on this one and shut the account over it - that'll learn 'em!

11
0
Anonymous Coward

Re: Bullshirt

That depends, if you have enough products or money with them, then quiet possibly (not that you'd always know mind...) - I used to work for HBOS once upon a time and we did this kind of thing for more important customers.

Annon because It was a long time ago and I needed the money.

4
0
Anonymous Coward

Re: Bullshirt

I knew about it.

They promised 4h window of "maybe problems".. more than 48 hours later, still not working.

Anon, as I am looking to change jobs right now..

7
0

Re: Bullshirt

Same here, I've seen a decent amount of notification about the big upgrade in the weeks proceeding.

I've had email , text message, warning message every time I opened the mobile app for the past week or two, and it has also on the online banking site as well to reminding us that the upgrade was happening and to plan ahead if needed.

6
0
Silver badge

Re: Bullshirt

I got the email at 10:42 on Tues 17th and a text at 11:13 on Friday.

It was my first current account about 25 years ago, but I don't really use it any more.

3
0
Silver badge

Re: Bullshirt

"Bullshirt. I got an email about 2 weeks ago about the transfer, and a text message last Wednesday about the downtime."

Well I got my text 45 minutes after the down time started.

They dont send me emails because they constantly sent me crap, but they are meant to send important messages...

Regardless of when people were notified the notice clearly said that access would be restored at 6pm on sunday. Unless Im very much mistaken its now 1pm on Monday and I still dont have access to my personal or business accounts.

Im willing to bet they managed to take their mortgage payment though....

9
0
Silver badge

Re: Bullshirt

@polymor

" as well to reminding us that the upgrade was happening and to plan ahead if needed"

Well I planned ahead as far as Sunday evening which is when they said it would be up... What now?

1
0

Re: Bullshirt

I have SMS set up on my account (optional) and got a text message on Thursday about the upgrade.

Dont remember seeing an email.

0
0
Silver badge

Re: Bullshirt

@wolfetone

"Bullshirt. I got an email about 2 weeks ago about the transfer, and a text message last Wednesday about the downtime.

Now unless I've got some special TSB account where I get all of this information before the great unwashed, I would rather think those moaning just need something to moan about to make their Monday a little bit more interesting."

Well, its wednesday now... and it all still off. Hows that working out for you?

2
0

This post has been deleted by its author

Knew this was coming, having worked on the migration it was a bloody shambles from start to finish. Surprised it isn't worse actually.

23
0
Silver badge
Go

C'mon. Spill the beans.

7
0
Anonymous Coward

Anon - for obvious reasons

Yes here too. At one point i thought they were going to give up and just negotiate an long-term version of the TSA.

2
0
Anonymous Coward

The migration was originally due in October 2017, as to avoid a serious rise in the fees charged by Lloyds for managing their IT for them. The reason given for the delay was to avoid impacting the new system with an increase in queries around the upcoming rate rises. I'd also read that Brexit concerns were a reason too.

Does anyone seriously think this was ready to go last year? Course not, they HAD to delay it to get it working. Not saying the involvement of KPMG made it worse either......

8
0

We have a winner!

Time to unwrap the GDPR. After years of taking the piss out of everyone. I give you Lloyds and TSB.

#theonlytimeabankisearlyiswhenitcomestotechnologyfail

4
0
Anonymous Coward

Just as worrying...

And why I am now seriously considering changing bank - they wanted me to install their mobile app which demands permissions for everything. Why do you want to make phone calls, see my pictures? It looks to me as if nobody has done the most basic security audit. I'm thinking of complaining to the ICO. An app which if breached basically allows someone to pwn your phone? What is wrong with these people?

10
1
Anonymous Coward

Re: Just as worrying...

Exactly the same problem with business banking.

It's a land-grab before GDPR. Immoral and reprehensible. Boiler plate replies don't help either.

I'm moving. Read the comments. It's not just us.

https://play.google.com/store/apps/details?id=uk.co.tsb.businessmobilebank&hl=en

6
0
Silver badge

Re: Just as worrying...

@Anon

"Exactly the same problem with business banking."

I have installed the business banking app on a shitty old mobile that I leave on my desk (only recruiters get that number) so its got access to nothing more interesting than a bunch of texts offering me work that I dont want!

That said, the old card reader was fine, Im sure the app saves them money but putting the key gen on an internet connected device seems like a step backwards in terms of security to me.

4
0

Re: Just as worrying...

I think I'd be more worried about my bank account being pwned than my phone...

The call permissions is to enable a customer to make a phone call from within the app itself that is then treated as pre-authorised for security purposes, rather than re-running all the questions about your granny's sister-in-law's mother's maiden name, or the last three purchases made with your debit card - all of which are difficult when you've just had the bag lifted and are now standing in a dark street in a foreign country with neither cards nor cash. Or any other stressful circumstance at which you might actually *need* to talk to the call centre.

5
0
Silver badge

Re: Just as worrying...

"The call permissions is to enable a customer to make a phone call from within the app itself"

Yes, and what about access to my photos, music, location and contacts? Why would it need these?

Now I check again, I note it doesn't ask for permission to make phone calls. So your example seems to be somewhat invalidated.

6
0
Bronze badge

Re: Just as worrying...

I wouldn't bother. The ICO don't appear to give a fuck unless its a massive breach. 2 of us reported a local recruitment agency for their continued data breaches. Although appear minor, they are still breaches. All the ICO advised was to try and sort it out with the company yourself.

I have, several fucking times, they apologise then do the same thing again a few months later. The worse was sending my payslip to another engineer.

8
0
Silver badge

Re: Just as worrying...

Who cares about your phone being pwned through a banking app? I care more about my bank account being pwned through my phone! After all it's got all my money in it...

It'd be inconvenient for them to break into my e-mail and ebay, but liveable, and I'm thinking of dumping the ebay app anyway due to its lack of features and repeated promoting of bullshit IT from Currys

0
3
Silver badge

Re: Just as worrying...

Recent Android versions should allow you to deny those permissions, although badly written apps crash.

I wonder what this one does...

0
0
Silver badge

Re: Just as worrying...I wonder what this one does

Don't give permissions, doesn't work.

0
0
Silver badge

Re: Just as worrying...I wonder what this one does

All your base belongs to us:

This app has access to:

Identity

find accounts on the device

Contacts

find accounts on the device

read your contacts

Location

precise location (GPS and network-based)

SMS

read your text messages (SMS or MMS)

receive text messages (SMS)

Phone

read phone status and identity

Photos/Media/Files

read the contents of your USB storage

modify or delete the contents of your USB storage

Storage

read the contents of your USB storage

modify or delete the contents of your USB storage

Wi-Fi connection information

view Wi-Fi connections

Device ID & call information

read phone status and identity

Other

receive data from Internet

view network connections

full network access

run at startup

control vibration

read Google service configuration

1
0

We're not in Kansas anymore, Tony.

I actually think the average banks board thinks they're living in a bad dream and the internet and computers are going to go away. Rather than do the honorable thing, resign and go and run a private bank. They continue to avoid investment, long term planning and spend inordinate amounts of time waiting for the spreadsheet to load, to adjust the bonus and bribes columns. #youeachhaveacharacter #emeraldcity

9
0
Silver badge

Re: We're not in Kansas anymore, Tony.

A Stored Program Computer you say?

Like an automatic tabulator.

Pftt and tishle. I used pencil and paper at Eton and shall remain using pencil and paper ....

3
2
Bronze badge

Re: We're not in Kansas anymore, Tony.

The banks are, on the whole, paying the price for moving fastest into IT, like, 30-40 years ago, then upgrading continuously.

They invested heavily in mainframes early on, and built new on that (remarkably solid) base, then new on that, then new on that... and now they're stuck with seven layers of legacy hell because a full replacement is expensive and risks looking exactly like this news item. They've traded a system that mostly worked for one that doesn't. There's a chance they could have done it right, but few people are willing to take that risk, given how often IT change programs fail.

It's the same story all through finance as a whole - new shiny companies have great responsive public-facing IT but no understanding of what will go wrong at scale, and no built-in pile of fixes for problems most people have entirely forgotten about.

Old companies have rock-solid mainframes buried under layers of cruft and middleware before approaching the customer-facing applications, which inevitably run like cold treacle and fragment at the merest thought of a change request.

That's your choice, really: do you want your hard problems addressed with organically developed spaghetti-code in five languages, or with clean modern code that's not been battletested in the same depth?

28
0
Silver badge

Re: We're not in Kansas anymore, Tony.

Re your point on Banking IT, If you are in the UK then I would recommend the Horizon from 1977/78 on iPlayer.

https://www.bbc.co.uk/iplayer/episode/p01z4rrj/horizon-19771978-now-the-chips-are-down

I watched it the other night and it is fascinating looking at it 40 years later (having been around 10 when the program went out).

Steve

4
0
Silver badge

Re: We're not in Kansas anymore, Tony.

I've heard things too about the multi-cruft-layer-laden systems at banks, including a rumour that at least one bank has the system that's right at the bottom of all the layers still using pounds, shillings and pence.

7
0
Bronze badge

Re: We're not in Kansas anymore, Tony.

"pounds, shillings and pence"

I really, really, want this to be true. The timing is plausible, since decimalisation was in 1971, and banking mainframes did exist in the 60s, but even so, that should have been relatively easy to fix in '71.

6
0
Anonymous Coward

Re: We're not in Kansas anymore, Tony.

"The timing is plausible, since decimalisation was in 1971, and banking mainframes did exist in the 60s, [...]"

A friend was manager for one of the high street banks. His twin children had been born on New Year's Eve - which was always the day when he couldn't leave the bank until they had balanced the books down to the last 1/2p (1/2d?). He always arrived home long after the party had finished.

He was finally at home for the twins' 21st birthday party in 1971. That was the year the computerised systems relieved him of the end of year chore.

7
0
tfb
Silver badge

Re: We're not in Kansas anymore, Tony.

"Clean modern code" written by someone who hasn't lived through some banking nasty, as well. I think I prefer the old code which works on the whole.

12
0
Silver badge

Re: We're not in Kansas anymore, Tony.

But why bother to fix it by amending many tens of thousands of lines of COBOL when you can just write a shim to do the conversion on all the inputs and outputs? There's an exact conversion between LSD and decimal currency so even those financial institutions which calculated interest to 10 or more decimal places would still be happy.

7
0
Silver badge

Re: We're not in Kansas anymore, Tony.

That Horizon was interesting, but back then I didn't really care because I'd already got my CompSci degree and was waiting to join the elite whilst expecting the rest of society to crumble around me.

As it was, I was the one who crumbled.

6
0
Silver badge

I got a text from them at 16:45 on friday telling me that the system would be offline from 16:00 on friday.

Which was nice.

Then on Sunday evening at 6pm when the system was meant to be back online my card stopped working - I don't know if that's because I've fucked up and don't have any money in that account (I only keep a small amount in that one as its contact-less) or if there is an issue at the bank stopping authorisations going through.

I also dont have access to my business account so dont know if clients have been paying me or not.

I dont have phone banking set up because a few years ago someone managed to phone up impersonating me, set up a new account and then set up direct debits with vodaphone on a business account and ordered a shit load of new phones in my name - luckily caught before the situation got bad but still a pain in the arse.

9
0

Did nobody get basic PR training on this one?

Someone really should have pointed out that, given the rather negative publicity associated with Banks over the last 10 years, the very last image you should have on a "Service Unavailable" page is a Fat Cat .....

17
1
Silver badge

Re: Did nobody get basic PR training on this one?

The cat has disappeared.

They are watching us.

*puts on tinfoil hat.

3
0
Anonymous Coward

Re: Did nobody get basic PR training on this one?

"The cat has disappeared."

Has it left just a big grin behind?

13
0

Tested how many times?

Wonder how many times they have tested the transfer procedures and verified the data before running it into production?

Was it in-house or out-sourced? Was it on-shore or off-shore?

4
0
Anonymous Coward

Re: Tested how many times?

Development and testing was mostly offshored in Spain which is where their banking software originates. Some UK testing done too with mixture of contractors courtesy of KPMG and branch staff.

I'm wondering when TSB renames itself to Sabadell in the hope people forget about this weekend.

6
0
Silver badge

Re: Tested how many times?

1. Testing is for wimps

2. Out-sourced

3. Off-shore

11
0
Anonymous Coward

Re: Tested how many times?

I have experience with testing this type of things long tome ago for a bank in spain.. and testing tends to be hell because they DONT trust you with real data.. so you get "synthetic data" that is "as good as the real deal".. and well, the whole thing is a travesty.

I dont know if this is the case this time,with this bank, but I suspect it might be.

7
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018