| Recurring |
multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The article does not mention any specific information about a similar software failure incident happening again within the same organization (Lloyds bank) or with its products and services. Therefore, it is unknown if a similar incident has occurred before at Lloyds bank [114771].
(b) The software failure incident having happened again at multiple_organization:
- The article mentions that fraudsters were able to exploit a vulnerability in Lloyds bank's system that allowed them to make payments to previous payees without the need for further security checks. This indicates a potential systemic issue across multiple banks or financial institutions that allow similar payment processes without adequate security measures [114771]. |
| Phase (Design/Operation) |
unknown |
The articles do not provide specific information about the software failure incident related to the development phases, whether it was due to design or operation factors. Therefore, it is unknown which specific phase contributed to the failure in this case. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article is primarily within the system. The failure occurred due to the bank's internal processes and procedures related to fraud detection and account freezing. The bank's call center staff insisted that only the fraud department could help, leaving the customer on hold for a long time and not taking immediate action to freeze the account to prevent fraudulent transactions [114771]. Additionally, the article mentions that the fraudsters were able to exploit the bank's system by using the telephone banking system and taking advantage of the feature that allows customers to make payments to previous payees without further security checks, which facilitated the fraudulent transactions [114771].
(b) outside_system: The software failure incident does not seem to be primarily due to factors originating from outside the system. The fraudsters' actions were enabled by the bank's internal processes and the customer's account details within the bank's system. The incident does not indicate any external factors such as external cyber attacks or breaches that directly caused the failure [114771]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions. The fraudsters were able to exploit the bank's system by using the telephone banking system to move money from the victim's account without the need for further security checks. This allowed them to make unauthorized payments to contractors without the victim's consent [114771].
(b) Human actions also played a role in the incident. The victim, Adrian Giles, tried to take immediate action by contacting the bank to halt the unauthorized payments. However, he faced challenges in getting through to the fraud department and experienced delays and lack of support from the bank's call center staff. Additionally, the bank's initial response to the incident, where they did not immediately freeze the account and later pressured the victim to admit potential security compromises, contributed to the distress and inconvenience faced by the victim [114771]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article does not seem to be related to hardware issues. It primarily revolves around the bank's call center staff not being able to block the account or take immediate action to prevent fraudulent transactions, as mentioned by a Lloyds spokesman. The failure appears to stem from procedural and operational shortcomings rather than hardware-related issues.
(b) The software failure incident in the article is primarily related to software issues. The fraudsters were able to exploit vulnerabilities in Lloyds' telephone banking system and online account management software to move money from the victim's account without proper authorization. The victim mentioned that he was unable to stop the fraudulent transactions even after multiple attempts to contact Lloyds' customer services, indicating a failure in the software systems' security and fraud detection mechanisms. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. Fraudsters exploited vulnerabilities in the banking system to fraudulently transfer money from the victim's account. They used the bank's telephone banking system to move money from the victim's savings and authorize payments to contractors. The fraudsters pretended to be the victim and contacted the contractors to request the money be moved back to a different account controlled by them. Additionally, the fraudsters took advantage of the fact that the bank allowed customers to make payments to previous payees without additional security checks, enabling them to carry out the fraudulent transactions [114771]. |
| Intent (Poor/Accidental Decisions) |
unknown |
The software failure incident described in the article [114771] does not directly point to a specific software failure caused by poor decisions or accidental decisions. The incident primarily revolves around the bank's handling of a fraud case where the victim faced challenges in stopping fraudulent transactions and recovering the stolen money. |
| Capability (Incompetence/Accidental) |
unknown |
The articles do not provide information about the software failure incident being related to development incompetence or accidental factors. |
| Duration |
temporary |
The software failure incident described in the article is more related to a temporary failure rather than a permanent one. This temporary failure was due to contributing factors introduced by certain circumstances but not all. The incident involved the bank's call center staff insisting that only the fraud department could help, leaving the customer on hold for more than an hour before cutting him off, and the inability to immediately freeze the account when the customer called up to report the fraud. These factors contributed to the temporary failure in the system's response to the fraud incident [114771]. |
| Behaviour |
other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The incident primarily revolves around fraudulent activities and the bank's response to them, rather than a system crash [Article 114771].
(b) omission: The failure does not seem to be due to the system omitting to perform its intended functions at an instance(s). The issue here is more related to fraudulent transactions and the bank's handling of the situation rather than the system omitting its functions [Article 114771].
(c) timing: The failure is not attributed to the system performing its intended functions too late or too early. The focus of the incident is on fraudulent activities and the subsequent response from the bank, rather than timing issues related to system functions [Article 114771].
(d) value: The failure is not due to the system performing its intended functions incorrectly. The main issue in this incident is the fraudulent transactions and the bank's handling of the situation, rather than the system providing incorrect outputs or results [Article 114771].
(e) byzantine: The failure does not involve the system behaving erroneously with inconsistent responses and interactions. The incident primarily revolves around fraudulent activities and the bank's response to them, rather than inconsistent behavior of the system [Article 114771].
(f) other: The behavior of the software failure incident in this case can be described as a failure to adequately prevent fraudulent transactions and provide timely assistance to the customer. The bank's system did not effectively block the fraudulent transactions, leading to financial loss for the customer. Additionally, the response from the bank's customer service was inadequate, requiring the customer to go through significant effort to resolve the issue [Article 114771]. |