Millions of pounds were swiped from Barclays accounts in a series of coordinated cyberattacks by a fraudster using a Monzo account and a payments initiation service provider (PISP), The Telegraph reported.

PISPs are a newer concept, introduced by the revised European Payment Services Directive (PSD2), and give retail customers the ability to pay companies directly from their bank account instead of using a debit or credit card.

“There is nothing new or different about a fraudster’s approach to these cases that are specific to using a PISP,” a Barclays spokesperson said, per the report. “It is the same type of social engineering to convince victims to share passcodes/Pinsentry codes as is done to defraud customers through traditional channels. We regularly warn customers to never give out their Pinsentry codes, passcodes or any passwords to prevent this type of fraud from happening.”

The cyberattack comes on the heels of an antitrust probe into Monzo by the Financial Conduct Authority (FCA). Monzo, a London challenger bank, is accused of being in violation of financial crime controls and anti-money laundering (AML) mandates.