Tesco has taken matters into its own hands over the security risk posed by customers whose shoddy data security practices have put their Clubcard accounts at risk by issuing new cards to more than 620,000 loyalty club members.
The issue has been sparked by the fact that many consumers use the same username and password across numerous accounts.
The retail giant said it believed a database of log-in credentials stolen from other platforms had been tried out on its websites, and may have worked in some cases, although it insists no financial data has been accessed and its systems have not been hacked.
From as far back as 2013, Tesco has been warning its 19 million Clubcard members of the need to use robust data security measures to protect their online data following reports that money-off coupons had been stolen from compromised accounts.
And in September last year, four people were convicted of defrauding Tesco and Boots of tens of thousands of pounds. Cardiff Crown Court heard how the gang raided the online accounts of millions of Clubcard and Advantage Card customers and used the stolen reward vouchers to buy high end brands which were then sold on.
Tesco said the latest initiative was a precautionary measure. A spokesperson said: “We are aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers. Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts.”
The supermarket said it had emailed everybody potentially affected, that nobody would lose their points and new vouchers would also be issued.
Jake Moore, cyber-security specialist at Eset, told the BBC plenty of people still use simple passwords or similar log-ins for many different platforms.
“Cyber-criminals can do a lot of damage with a large breached list simply containing names and emails or other trivial data. The big risk is via brute force attacking the accounts where criminals use leaked common password combinations against the emails to try to break into other personal accounts.”
Many companies are now following best practice by using multi-factor authentication, in which a text message or email code is required as well as the password. For consumers, there are also password managers widely available which generate and store uniquely different passwords.
According to a recent study by Equifax, nearly three-fifths (57%) of consumers say they would be happy to ditch traditional passwords and pin number methods and embrace biometric verification.
NatWest has been one of the UK’s leading financial services companies in pioneering the technology, having run trials for a “fingerprint payment fob” which enables customers to make contactless payments up to £100 without a bank card or mobile phone. The bank has previously piloted biometric debit and credit cards.
Separate research from 360i Research forecasts that the global biometrics market will soar from $14.9bn (£11.2bn) in 2018 to $42.9bn (£32.6bn) in 2025.
Tesco woos loyal customers with major Clubcard blitz
Clubcard Plus ‘will save Tesco shoppers £400 a year’
Tesco plots huge Clubcard discounts for centenary push
Loyalty card fraud trial exposes ‘back door’ data theft
Morrisons man is spared jail after More loyalty fraud
Loyalty scheme chief gets 16 months for £200k fraud
Tesco warns of Clubcard theft threat