Metro Bank

Metro Bank operates as a banking institution providing financial services to customers. Its operations include utilizing SMS-based two-factor authentication as part of its security measures for customer account access. The bank primarily serves customers within the United Kingdom market. Information regarding its specific product range, overall scale, ownership structure, or distinct market positioning beyond its UK base and banking function is not detailed in the provided source material.

Metro Bank experienced a security incident on January 31, 2019, stemming from exploitation of the SS7 telecommunications protocol. Attackers intercepted SMS authentication codes, bypassing security to access a limited number of customer accounts. The UK’s National Cyber Security Centre confirmed criminals exploited this vulnerability targeting banking systems, with industry sources noting similar incidents across European financial institutions. No impacted customers suffered financial losses due to existing fraud protections. While telecom providers implemented safeguards against SS7 flaws, inherent weaknesses like the lack of request authentication persisted, enabling targeted interception of sensitive messages. Cybersecurity researchers highlighted that such attacks, though relatively uncommon, were increasingly employed by financially motivated criminal groups exploiting fundamental protocol vulnerabilities.