An interview with Tesco exec on Radio 4 this morning suggested something like this was going on. Obvs they don't say what their detection rules are. Which makes you wonder how the attackers gamed them (inside info, or reverse engineering after compromising many accounts?)
Honestly based on the average amount in a checking account at a bank like this they probably could've drained the entire balance without triggering any limits.
Do you know if the the £800 was all there was in that particular account?