back to article Royal Bank of Scotland, Natwest fling new bank cards at folks after Ticketmaster hack

The Royal Bank of Scotland and NatWest have issued customers with replacement cards as a result of last year’s Ticketmaster breach that hit around 40,000 Brits. The banks said on social media they were swapping out the plastic used by punters on Ticketmaster's website as part of efforts to ensure “significant levels of …

  1. MrMerrymaker

    SLA

    Boy, back when I was an Incident Manager, I'd have killed for a six month + SLA on such a major incident!

    1. Wellyboot Silver badge

      Re: SLA

      Indeed!

      Barclaycard informed me I would be getting a nice new card on July 10th only two weeks after TSHTF.

      1. notyetanotherid

        Re: SLA

        Kids' prepaid card provider goHenry notified that theirs would be replaced on 26 June

        TescoBank followed on 29 June.

        @Ledswinger may have a point about RBS...

  2. Anonymous Coward
    Anonymous Coward

    Top tip: obliterate the CV2

    (you're welcome :) )

    1. Dan 55 Silver badge

      Re: Top tip: obliterate the CV2

      After taking a copy of it for Internet purchases as it should be never used for customer present purchases? Or perhaps you mean people shouldn't ever buy over the Internet either?

  3. Doctor Syntax Silver badge

    Six months. It gives a whole new meaning to "proactive".

  4. Steve 129

    Ticketmaster should be financially responsible for card replacements

    Vendors that 'loose' their customer's details should have to foot the bill for card replacements and any incurred losses in my mind.

    Currently there isn't even a real slap on the hand for absolute carelessness handling card details.

    They just don't care since there are no real consequences.

    1. Jay Lenovo Silver badge

      We won't be fooled again

      Ticketmaster could consider donating tickets. Maybe a "Who" concert?

    2. Anonymous Coward
      Anonymous Coward

      Re: Ticketmaster should be financially responsible for card replacements

      Vendors that 'loose' their customer's details should have to foot the bill for card replacements and any incurred losses in my mind.

      What persuades you that Ticketmaster haven't had to pony up? I suspect the "early responders" didn't worry about who was paying, but prioritised their customers and their own security. Bottom dwellers like RBS and Natwest, well, I'd expect they only acted after they'd managed to ensure that Ticketmaster were paying, and that is why the delay.

      Outside of the third world, RBS always has been amongst the most disreputable banks in the world. Fred the Shred should have been put in concrete wellies and thrown into the Firth of Clyde, in front of a partying audience.

      1. James R Grinter

        Re: Ticketmaster should be financially responsible for card replacements

        Indeed, they may well be getting a less favourable transaction fee now. Unfortunately we’ll end up paying it in “booking fees”.

        (In my case it was my Amex card number that got stolen, but it only came to light after the subsequent BA incident. I haven’t flown with BA in years but it seems someone started testing the numbers they had to see which were still working... it’s good to get alerts on card transactions!)

  5. Spoonsinger

    This comment is...

    genuine.

  6. Antonios Karantze

    Westpac NZ did this in August 2018.

    35k cards replaced quickly and brutally fast, breaking all manner of standing renewals etc

  7. Kevin Fairhurst

    Halifax changed my card last year

    A couple of months after I’d phoned and asked if it needed changing due to Ticketmaster and British Airways. “Not at all” they said.

    Then they did it without warning, meaning repeat payments screwed up. Typical. Except PayPal somehow managed to get the new card number without me needing to tell them...

  8. Andy 97

    NatWorst

    The first I heard of it was when I received one of those net promoter score surveys from their security team without having called them in the first place.

    Cue; twenty minutes on the phone between three departments before I found out this reason.

    What made it worse was that my card ran out at the end of this month anyway.

  9. Anonymous Coward
    Anonymous Coward

    lose / loose

    2 different words FYI

  10. Mr Dogshit

    Why is there a picture of Brian Blessed?

  11. Sproggit

    Force Change

    Last year I was unfortunate enough to be caught up in the NewEgg shopping cart malware issue... Apart from a couple of notifications I received from them, along the lines of "Hey! Guess What? We've been hacked! Fancy that...", I've seen or heard nothing from them.

    However, I did immediately call my bank (Bank of Scotland) and demand a replacement card for the one used on the NewEgg site. At first they did their best to talk me out of replacing my existing plastic, suggesting that I could just keep an eye on transactions and call them if I saw anything suspicious. At that point I suggested that if they didn't want to send me a new card, pronto, I would happily cancel my card account there and then. Funny old thing, they changed their mind...

    During that process (it was, for me, the first time I've been involved in a potential loss of my card details), I made careful notes of all the places I had to contact (those I remembered on the day and those that were identified during the subsequent sweep-up) to change my details. I now have that list, which I can re-use when needed.

    The reason my bank tried to talk me out of getting a new card was because it costs them to do so. If you are involved in anything like this, DEMAND an immediate replacement of your card. No bank can reasonably refuse - and you should not be doing business with one that tried to refuse you. The reason is simple - the more of us that demand that banks do this, the greater the expense to the banks from having to. It's only when the cost of having to continually re-issue cards reaches a point of irritation that banks will actually bother to do anything about it.

    For example, for those with smartphones [such as those with smartphone banking apps] there is no technological reason that your bank could not include, with your mobile banking app, a piece of software that generated a one-time pad that could be used with all card purchases, among retailers who supported that use... This would mean that instead of using a fixed 3-digit CV2, the number could be 4, 6, or 8 digits and would change with every transaction... This one change is not it itself a cure-all (your phone can still be stolen or lost) but it makes it incrementally harder for criminals. For non-smartphone users, banks could issue hardware tokens...

    The cold hard truth is that card fraud hasn't yet reached the level where it's hurting the banks. Until it does, we won't get a more secure solution. If, by demanding our rights, we can accelerate that process, we stand to benefit through (significantly) reduced risk of being defrauded or inconvenienced if we're unfortunate and have our card details compromised.

    Hit them where it hurts - and they will do something about it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019