Tesco Bank May Have Facilitated Their Own Heist By Using Sequential Debit Card Numbers

A few weeks ago, news broke about Tesco Bank falling victim to a massive fraud attack. As it turns out, the institution brought this upon themselves, as they issued debit cards with sequential numbers. This is perhaps one of the worst examples of financial malpractice to hit the banking sector in quite some time.

Sequential Debit Card Numbers Are A Plague

To put this news into perspective, the issues described were first discovered in a report published by FT. After Tesco Bank had lost close to £2.5m during a hack attack, it became apparent that the cause had to be identified as soon as possible. With over 9,000 customers affected by this theft, recovering the funds remains the number one priority.

In the meantime, the investigation goes on. So far, things are not looking good for Tesco Bank and its management. It turns out that the institution used sequential debit card numbers for their payment cards, which is an absolute no-go in the financial sector. This puts the original explanation of Tesco bank suffering from a ”highly sophisticated attack” into a different spotlight.

When a bank uses sequential payment card numbers, they open themselves up to different types of abuse. Just over a week ago, we published an article about a study that explained how it takes six seconds to guess full credit card information. Using sequential card numbers only makes that job easier, which is the last thing any bank wants to deal with.




Tesco Bank has yet to comment officially on the findings published by FT, but they have not denied the allegations so far. The investigation is still ongoing, and it remains unclear how long it will take before an official report is published to the world. For now, the bank will not comment on any issues that could endanger the investigation.

As one would come to expect, Tesco Bank uses Visa debit card for their clients. Visa is also the only payment network not detecting multiple invalid payment requests on the same card, giving hackers plenty of options to exploit the information. Moreover, they can just go down the list of sequential card numbers to generate the expiry date and CVV code for the card in question.

All of this points out that smaller banks have a lot of things to take into consideration. The Financial Conduct Authority has contacted British lenders to see if they are employing a similar tactic, although no results have been made public yet. Traditional finance continues to dig its own grave, and banks are the cause of most of the evil taking place in the sector.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.