Online Banking: More Site Outages and Cyberattacks Coming?

Increasingly, banks want people to use digital means of conducting their banking business. But when things go awry, huge infrastructures can grind to a standstill, and customers become collateral damage.

  • Share
  • Read Later
Scott Eells / Bloomberg via Getty Images

Increasingly, banks want people to use digital means of conducting their banking business. When everything works as planned, it’s cheaper and more efficient for customers as well as banks. When it doesn’t, huge infrastructures can grind to a standstill, and the customers stuck in a holding pattern are the collateral damage.

Bank of America customers trying to log into the bank’s website on Friday, February 1, found that both the desktop and mobile versions of the site were down for much of the day — an especially frustrating situation given that it was the first of the month, when people might have wanted to check on bill payments or paycheck deposits.

On Friday and into Saturday, the @BofA_Help Twitter feed was jammed with queries from panicked customers. “When a bank goes down, customers are basically frantic,” says Jacob Jegher, research director at consulting firm Celent. “We’re seeing an unfortunate trend to having down time on bank websites.”

(MORE: The Rise of the Alterna-Banks: 4 Options Beyond Traditional Banking)

Bank of America’s Twitter account moderators Tweeted a series of updates and instructions for people who were hit with fees as a result of the outage. Still, customers today have high expectations for their banking technology — probably due in no small part to banks’ touting their tech tools and nudging customers to make greater use of them. On Friday, some Twitter users posting the Help account as well as BofA’s other Twitter accounts said they were annoyed enough to switch banks.

In reality, most of them probably won’t, says David O’Connell, a senior analyst at the Aite Group, a financial services consulting company. “It’s really hard to switch banks,” he points out.

(MORE: Are Iranian Cyberattacks Damaging American Banks?)

But there’s a bigger issue here. Although the BofA outage was attributed to an internal technical problem, most of America’s biggest banks have recently been victims of DDoS cyberattacks. The acronym stands for “distributed denial of service” and involves sending a barrage of traffic to a website large enough to overwhelm it. The onslaught against banks began last year and still is ongoing, albeit more sporadically; Capital One’s website went down for several hours the night of January 23, according to ABC News. A group called the Izz ad-Din al-Qassam Cyber Fighters took credit for that outage, along with others that preceded it. Thought to come out of Iran, possibly with the aid of Iranian military institutions, the attacks are annoying but (so far) they’ve been fairly harmless in that the attackers can’t get access to customer information like account numbers.

The attacks illustrate a troubling flip side to technological progress: Despite our reliance on digital banking technology, we’re depending on a system that can be hijacked using rudimentary tools. The al-Qassam group said last week it had suspended its attacks on American financial institutions, but also said it might reinstate the attacks in the future. And, as Bank of America’s outage last week illustrated, banks’ digital technology can apparently fail even when there’s no malicious intent.

“I think we live in an age of disruption,” O’Connell says. But should we just accept that?

(MORE: Policing the Web: How Google’s Cops Track Down Bad Ads)

“This growing trend points to the idea that maybe we need to rethink the way we’re managing these digital properties,” Celent’s Jegher says. “Whether it’s advances in technology or the destruction of that technology, it’s important for the bank to be able to manage both sides of that.” Although it’s not as exciting as rolling out new apps or features, banks need to devote as much effort to managing risk as they do to innovation. “The more banks push you towards self-service channels, the more they have to support them.”