Ulster Bank snafu subjects digital payments to nondigital problems
Ulster Bank customers in the Republic of Ireland were left fuming as a second problem with the bank’s digital systems emerged only a week after the last mess, slowing down payments.
Apparently due to the widely-celebrated May 1st holiday, users of the bank’s mobile app have found payments going missing or appearing multiple times. Though the bank holiday may have been expected, the impact on customer service was aggravated by the expectation that payments would continue to process behind the scenes.
At the time of writing the bank’s homepage carries a message reading “Tuesday 1st of May is a European Bank Holiday. This may impact your payments/ transfers.” A link leads to a statement on the company’s status page, explaining the issue as follows:
“We are aware of an issue where some duplicated Mobile App transfers completed between 6.30pm Monday 30th April and 6.30pm Tuesday 1st May have debited customer accounts but have not credited the beneficiary account as expected. We are working hard to rectify this as a matter of urgency.”
The bank, part of the RBS group, has promised its customers that any payments affected by the issue, including those made repeatedly by customers who saw their requests having no effect, will be reversed and resolved, ensuring “no customer is left out of pocket”.
Exactly why a modern digital system should stop working because the humans who monitor its automated processes are on holiday is not really addressed. There’s also no explanation for why things came back online in the evening of May 1st, when presumably even more staff would be out of the office.
Ulster Bank’s response seems to suggest that customers should not expect digital bank services to function on bank holidays — which rather goes against the idea of moving to online banking and mobile apps to avoid the inconvenience of dealing with physical branches, human cashiers and restricted operating hours.
The app payment issue appears not to have affected customers of Ulster Bank in Northern Ireland, which is a separate business unit. That audience was also lucky enough to escape a much bigger problem just the week before: Starting on April 20th, a number of customers reported funds mysteriously “vanishing” from their accounts, card payments being declined and direct debits failing to process.
The problem grew so serious the bank was forced to provide emergency cash of up to €500 per customer. There’s no mention of the issue on the company’s press release page, but the bank later blamed the incident on “human error”, in a statement reported by the BBC.
This seems to further reinforce the idea that digital systems remain overly reliant on flawed, unreliable flesh-and-blood people.
Ulster Bank customers in particular must be doubting the reliability of digital banking, after being hit by several major snafus in recent years, many of them affecting the whole RBS group. The most recent was in 2015, following on from the epic disaster of 2012, which was big enough to merit its own Wikipedia page and led to fines of £56m.
Ulster Bank took longer than any other part of the group to recover from that particular mess, which was blamed on a software upgrade.
Of course, it’s not just dodgy software and clumsy or vacationing staff which pose a risk to the availability of online banking systems — there are also plenty of malicious actors who like to disrupt access to money. TSB customers hit by the recent (and ongoing) problems with IT systems there may well have been targeted by phishing scams keen to cash in on the problem.
In this area at least there is some good news. Last week, the U.K.’s National Crime Agency reported the takedown of a cybercrime network providing “distributed denial of service” (DDoS) utilities, which were used to bombard numerous victims, including many of the U.K.’s largest banks, with floods of digital traffic intended to overwhelm and disable their services.
The multinational effort shut down the website and servers of “webstresser.org”, described by Dutch police as “world’s largest illegal DDOS seller“, and included a search at an address in Bradford linked to a campaign in November 2017 targeting seven major U.K. banks.