The Full English Accompaniment – Are banks safe?


What’s piqued my interest this week?

One of my threads of thought this week has followed the TSB issues and a Radio4 Moneybox episode a few weeks ago. It transpires that fraudsters used the opportunity to see others bank account information during TSB’s blunders as a a good ticket to cash-out town. This week we had the admission from TSB that at least 1300 customers lost money due to fraud as a result of their IT changeover (1). Nils Pratley at the Guardian sums it up nicely; for all TSB apologises, it doesn’t change the incompetence (2). Between this, and a discussion with YFG on an old Full English about the TSB debacle, I decided to have a chat with some friends who work IT security. One is a white-hat hacker, the other works as an IT security consultant and provides subcontracted coding services (as well as currently writing some code for a little spin-off). Both confirmed what I had read before; that the monolithic goliaths that are the main high street banks have pitiful IT infrastructure.

It makes sense. These are banks founded on the premise of an on-site vault, a list of ledgers and a network of staffed branches. Their IT was adopted ad-hoc, as a necessity, developed or brought in to fit the old model. The old model was anachronistic, it included human foibles and errors, and a degree of leniency to allow for it. Trying to bring in coders, explain and then cram all that into Windows 3.1, then 95, then 2000, etc was never a long term solution. IT departments are not the moneymaking focus of a high street bank, they don’t win all the praise, so the funds will only stretch to essential patching. This is not safe. Threadneedle street is trying to combat this by setting cyber security challenges to recruit IT experts to bolster their security (3)

Sadly, there lies my concern. A bank, by definition, should be a safe place. Your money no longer resides in a huge locked vault. It sits on an online ledger, protected by minimally patched although mostly secure firewalls and security systems. Security systems prone to outages and instability, as Tesco Bank customers found this week (4).

Which is why I find ‘challenger banks’ so tempting. The Starling Bank CIO, John Mountain (strong name), was interviewed last September about working at a bank that is challenging traditional IT thinking (5). Starling have released their API and ran a hackathon of their systems at London Campus in April this year (6). Anne Boden, the Starling CEO, is reported to have said that a bank should not have an IT department, as it’s whole business is now IT. In John Mountain’s words:

“We don’t run a technology function here because the whole business is a tech function”

Will I move all my money into ‘challenger banks’? Probably not. The Rothschilds’ don’t throw their banking system out with the bathwater every time there’s a systemic crisis. Traditional banks will have to learn the hard way, as TSB are doing. For the time being I’ll split my pots as, after all, a bit of diversification can’t help can it?

Have a great weekend,

The Fire Shrink

Side Orders


Blogs/ Opinion pieces:

What I’m reading:

When Breath Becomes Air – Paul Kalanathi – Useful for a sense of perspective

Enchiridion by Epictetus – Bedside reading for a bad day