Dutch Central Bank advises people to keep a few days' cash in case banking systems fail

Brendan Burgess

Founder
Messages
53,967

Keep cash at home due to cyberattack risks, Dutch Central Bank warns

Europol says episodes such as Distributed Denial-of-Service attacks are big business in the Netherlands, from which many hackers operate ‘to order’ internationally
www.irishtimes.com

The Dutch Central Bank (DNB) has issued an unprecedented warning to the public to keep cash in their homes because of the increasing risk of cyberattacks, particularly from Russia.

The advisory, which is expected to be followed by advice to customers from individual banks in the Netherlands, warns: “If the digital payment structure is disrupted, then people will no longer be able to pay for goods by bank card or transfer money automatically.”
 
I always have but then again I'm still one of those who uses pretty much only cash except for big things and online purchases. Hardly enough to tempt a burgler but enough to buy a weeks shopping and fill the car with petrol. I think it's a good safety net just in case!

Was watching old episodes of Frasier the other night and noticed him paying for his coffee with actual dollar bills, wouldn't happen these days!
 
I'm kind of the same, where everything I buy these days is with a debt card I always keep a few hundred in the house in case of emergencies
Same with my wallet I've had the same €85 since I came back from Spain in 22

Was doing a bit of part time work in a bike shop in 2016 and we were doing a cleanout/tidy-up of the shop when I found an old manual card machine with a box of slips, was going to throw them out when the owner said no keep them just in case there's an outage
thought it was a little overkill until one day while in Spain the Internet went down and that was it the whole village nearly closed up because nobody could take payments online or access money from the bank machine or teller for 24 hours
 
Doesn't need to be a cyber attack (speaking here as an ex Ulster Bank customer !), the state of some of the Irish banks infrastructure leaves a fair bit to be desired. Hardly a month goes by without one of them reporting a delay or issue with payments.
 
Peanuts20 said:
Hardly a month goes by without one of them reporting a delay or issue with payments.
Click to expand...

I paid a small amount into my credit card on Monday this week. The bank applied the payment on both Tuesday and Wednesday. No sign yet of them fishing the second one back.
 
The banks are all upgrading their SEPA payment systems for SEPA Instant and changes in the structure of the current files. You can expect issues such as we saw with PTSB a few weeks ago, across the whole system.
 
That headline is at best misleading and bordering on alarmist clickbait. Read quickly it could easily be interpreted as “keep all you money at home”. The body of the article makes it clear that the suggestion is to keep a few days/the cost of a week’s worth of groceries/€167. The headline would be far better worded “Keep a small amount of cash at home….” (Just like the excellent thread title !!)
 
I'm making an educated guess that there are multiple service providers and systems/structures involved, that they are also tested exhaustively to ensure they are robust, and that similarly robust backups are retained to allow the financial clock to be rolled back in the most extreme scenarios. This seems reasonable, based on the fact that disruptions to date have been both temporary and localised (and mostly due to coding errors which have been capable of being rectified).

By extension, it seems reasonable to assume that any future disruptions (from whatever cause) will also be both temporary and localised to a part of the digital payment structure. So if you or your social/family network have access to a number of financial services you'll basically be fine, but with some inconvenience. Probably public transport (and maybe other essential services) would if necessary be made temporarily free so peole could get from A to B and keep society functioning; after all the government isn't going to collapse the economy because people can't top up their Leap cards.
  • Just in my household there's both Visa & Mastercard, two credit unions, 2 banks, Revolut, Paypal, and Trading 212. Nobody is going to be able to collapse all of those simultaneously, never mind for an extended period. If we go to our extended families then there's at least one more bank and probably some Bitcoin available if we looked hard enough. So we'll be able to figure it out without having a stash of cash.

It's much more likely that you'll be unable to use your card due to electricity cuts rather than a cyber attack. If the electricity goes down nearly all the businesses in the town are out of operation until it comes back up; no electricity = no cash register, no lights, no petrol pumps, no coffee machine etc etc. It's happened a few times near where I live and it's a giant PITA.

It's actually much less disruptive if the internet gets cut (as occasionally happens) because then it's just the card machine that's out of service rather than basically everything.
 
Towger said:
The banks are all upgrading their SEPA payment systems for SEPA Instant and changes in the structure of the current files. You can expect issues such as we saw with PTSB a few weeks ago, across the whole system.
Click to expand...

Your point is very well made.

Firstly, it is particularly worrying that the Irish banks are implementing SEPA Instant well past the eleventh hour, with their backs to the wall and the first of the two SEPA Instant deadlines on 9th Jan 2025 just days away. Implementing SEPA Instant is a very substantial systems change and such changes are high risk, especially when implemented under pressure and unforgivingly tight deadlines. And based on the frequency and timing of the maintenance windows over recent weeks, not to mention the unexplained outages, it’s not difficult to conclude that this change is only happening now and actually introducing stubstantial risk.

Secondly, SEPA Instant requires that fraud prevention and detection operate at a whole new level. Currently, on-line transactions can be reviewed, filtered, paused and subject to manual checks/approval in the background at a leisurely pace without the customer ever being aware. Transaction timelines and service levels are so unpredictable and ill defined that the bank can take hours to review a transaction before allowing it to proceed. This buffer will now disappear and any fraud or AML flag will need to be raised immediately, or missed. This has significant implications.

Thirdly, any ‘new’ fraud or “new variant” will have the opportunity “go wild” and impact large numbers of accounts without the above mentioned buffer providing an opportunity for the trend to be detected and the big red stop button to be pressed.

What was it the Chinese lad said about living in interesting times…..
 

To be fair, headline writers have space constraints.

We experience the same issue on askaboutmoney where some people cannot summarise their question in the thread title and we have to edit it for them.
 

BOI app is down

https://www.independent.ie/business/personal-finance/bank-of-irelands-app-and-online-banking-down-as-christmas-shopping-reaches-fever-pitch/a1306973779.html
www.askaboutmoney.com

PTSB App and Site issues

Anyone notice the issues with the PTSB app and website of late. I can no longer login via the app. it takes me through the authentication only to take me right back to the login step. This started a number of weeks back so it's not just a temporary blip for which I would not be concerned. I...
www.askaboutmoney.com
 
DannyBoyD said:
You would like to think that is the case; regrettably it often isn't
Click to expand...
True that it often isn't the case. But either (a) it's the case for digital payment providers or (b) the hackers referenced in that article just haven't bothered putting any effort into breaking into digital payment systems.

The multiple providers/structures assumption is based on the assumption that there's more than one operator in the market, and each operator almost certainly guards their structures jealously in an attempt to enhance both security and competitive advantage.

The exhaustive testing for robustness assumption is based on the belief that the first time the service provider allows their system to be destroyed will also be the last time, because they will shortly afterwards have zero users of their system.
  • I'm defining robustness as the ability to not fail catastrophically, rather than never crashing for a few hours or days. I'd define a catastrophic failure as a failure that wasn't capable of being remedied by reverting to a reset point within a reasonable time (presuming after fixing whatever caused the failure).
Trying as hard as you can to break your own code is an inherent part of software development.
 
Having had (rare) issues in supermarkets, maybe once every other year, where card payments were kaput, I try to keep enough in my wallet to cover a grocery shop.
 
You must log in or register to reply here.
Menu
Log in
Register