RBCs Account Imbalance
Faulty code caused so many errors in RBC Financial Group's systems that payroll deposits got blocked and customers couldn't check their balances.A foul-up at RBC Financial Group, Canadas largest bank, stifled payroll deposits and left as many as 10 million customers uncertain of their bank account balances last month. That has prompted an internal review of the banks technology and processes, and will likely result in millions of dollars in damages.
The problem, which took close to two weeks for RBC to correct, began on May 31 when a single worker introduced a "relatively small number" of faulty pieces of code into the banks transaction processing system, which then began issuing error messages to users. In press reports, RBC chief information officer Martin Lippert chalked up the incident to human error. .
Nevertheless, it serves as a warning to other banks that they need processes to ensure that proper procedures for updating software are in place and rigidly enforced. They should also expect to compensate customers when errors occur, say analysts. .
RBCs woes also made it a target for hackers. Fraud operators took advantage of the computer glitch to launch a major phishing attack against the Toronto-based banks customers over the Internet. .
In the "Dear RBC Royal Bank Customer" e-mail, what looked like an official request asked for names, account numbers and personal identifiers to verify customers standing due to "increased fraudulent activity." Once a person clicked on the e-mail, went to a spoof site and entered information, hackers could access those accounts. "Those of us who know how banks operate understand that this type of error shouldnt have happened," says Paul K. Wing, an industry analyst and former head of the Bank of Nova Scotias information-technology security division. "But the question that needs to be asked is, why werent there controls in place to prevent it?" rbc controls should have required thorough testing of new code, restricted access to systems and required work be done during off-peak periods. Wing says it is almost unheard of in banking circles for new code to be entered during the work week, when transactions are at a peak.
The banks protocols do call for all new pieces of code to be thoroughly tested, but rbc says the code entered production without being tested "as well as it should have been." RBC wouldnt reveal whether the worker was disciplined, and Lippert was unavailable. However, the bank did say it did not suspect foul play.