/ Money

Banks cannot delay tackling fraud: my letter to Stephen Jones

With £434 per minute lost to authorised push payment (APP) scams, I’ve written to UK Finance CEO, Stephen Jones, to outline our critical steps required to halt their growth.

Dear Mr Jones,

Which?’s 2016 super-complaint called for urgent intervention to better protect consumers from bank transfer scams. The APP Scams Code of Conduct is a positive step forward, and Which? is keen to see it successfully implemented by banks following its launch next week.

Whether people are conned out of a few hundred, or many thousands of pounds, the impact of scams can be devastating.

Scammers are using increasingly sophisticated tactics that are harder to spot, and every day innocent victims continue to lose life changing sums of money through no fault of their own.

Your recent figures show that £434 every minute is lost to scams in the UK, equivalent to £625,000 every day. It remains clear that your members are best placed to identify and take measures to reduce the risk of fraud.

Through the APP Scams Steering Group, Which? has argued that an overall reduction in scams and the swift reimbursement of all victims who lose money through no fault of their own are both critical measures of the Code’s overall success.

Critical steps required for success

In addition, however, we believe that the actions set out below are also critical steps required to successfully halt the growth of APP scams:

– Banks must promise to protect their customers by signing up to the Voluntary Code as it launches on 28 May 2019, and the PSR must commit to conducting a one year review of its implementation

– Banks must implement Confirmation of Payee, which can cut scams in half, no later than its proposed new deadline of March 2020

– No blameless scam victim should ever be denied reimbursement again, and full refunds should be issued swiftly

– Banks must show they are serious about protecting consumers and immdediately publish their joint timetable to agree a long-term funding solution for no blame refunds

– Individual banks must publish scam victim and reimbursement figures of a regular basis

Banks can provide greater protections

Responsibility should be allocated to those best placed to manage the risk of fraudsters using bank accounts and payment systems to facilitate their scam.

TSB’s recent announcement to offer a full Fraud Refund Guarantee demonstrates that banks can act to provide much greater protections to their customers than will be offered through the Voluntary Code.

Given this, we urge all UK Finance members to implement the Code immediately and to begin offering significantly more comprehensive protection to their customers in-line with TSB’s Fraud Refund Guarantee.

Until these steps are taken, the devastating impact of bank transfer scams will continue to cause growing financial and emotional harm to UK consumers.

Yours sincerely,

Anabel Hoult, Which? Chief Executive.


Millions potentially still vulnerable to devastating bank transfer scams, warns Which?
8 August 2019

”Almost half of the UK’s major banks and building societies still haven’t signed up to vital new fraud protections
And goes on
”Signatories to the code account for over 85 percent of authorised push payments, which make up the vast majority of the 218.5 million faster payments that were made last month.

So, is it more informative to refer to “half the banks have not signed up”, or “85% of customers are protected.
It’s how you tell ‘em.

I wonder if those banks that haven’t signed up might be wondering why, if they have no negligent part in a successful scam, they – actually their customers – should automatically pay back another customer? We will all pay in the end through increased charges or decreased returns of course.
We’ve already seen how such an approach has resulted in everyone with an overdraft being penalised. Those who were responsible enough to ask their bank if they can have an overdraft are now paying twice the fees than before, because those who didn’t ask cannot now be treated differently. So much for personal responsibility

In the Telegraph on line 23 Aug:
“Blameless fraud victims could be denied refunds after January because banks cannot agree how to fund compensation payments.

Under a voluntary code introduced in May, victims are reimbursed if the bank was at fault. The code also established that customers who took reasonable steps to protect themselves would be repaid, even if the bank had done nothing wrong. However, banks agreed to fund payments in this “no-blame scenario” only until January.

A levy of around 2.5p on bank transfers to pay for these refunds, proposed by UK Finance, the banking trade body, is being considered but the Telegraph understands there is little chance that it will be accepted.

A fraud start with an action, however unwitting, by the victim, so they are a party to the loss of their money. What I do not see is why, if the bank plays no negligent part in the loss of money, the bank should use our money (because that it where it comes from) to refund the “victim”. One problem, apart from the cost, is that it dilutes the responsibility of customers to protect themselves, knowing they’ll likely be reimbursed. Another problem is the possibility of customers setting up a collaborator to fake a fraud and receive compensation.

It will be interesting to see how the banks resolve this but, like overdrafts, it is likely to be the responsible customer who loses out.
Well, that is my gut feeling. 🙁

I agree malcolm.

The banks need to start working together on fraud and fund a joint bank fraud squad that ‘victims’ have instant access to.

Well I am one of these victims and I have lost a total of £75,000 which is all my money which I was planning to retire with, I now have nothing and have to sign on to claim benefits. I am devastated. My bank did nothing to protect my money I am finding it very difficult to now live with what has happened.

Hi all. Developments today as the Co-Operative Bank signs up to voluntary bank transfer code.


We have a quote from Gareth Shaw, our Head of Money as follows:

“This is an important step from the Co-Operative Bank and its customers should now be better protected against devastating transfer fraud.

“However, many other current account providers are still not signed up to these vital protections, exposing their customers to a greater risk of losing life-changing sums of money.

“A voluntary approach to protecting scam victims is not enough. The code should be made mandatory and the government must work together with regulators and the industry to put in place long-term plans to ensure no blameless victims are left out of pocket.”

I open a bank account as a convenient place for me to store my money. I expect to have the freedom to use my money as I wish, just as I would in dispensing my cash. It is my responsibility to decide who to give my money to. I do not expect to be reimbursed if I use that money unwisely, or if I fall for a confidence trick (as they used to be known). Unless, that is, my bank has been negligent in handling my money.

There is plenty of publicity about scams and the precautions we should take. For example, I still transfer £1 to a new payee, and ensure the right person has received it, just to check I have not made a mistake in transcribing their bank details, or been duped. And the banks (well mine anyway) make me aware of precautions I should take whenever I start a money transfer process

This responsibility to look after your spending could, and I think should, be helped by banks offering accounts with differing facilities depending upon the perceived ability (by their family for example) of the person owning the account. So, it may be that a less competent account holder might have a smaller limit on the amount they can transfer, transfers might only be permitted to pre-assigned payees, transfers might require a second authorisation from a family member, for example. Vulnerable people should be declared by the family or caring organisation; I’m not sure how a bank is otherwise going to decide an account holder needs special protection.

The “no blame” or “no fault” defrauded customer is used to justify other account holders giving them their money back. However, to be defrauded, the customer has to respond to a fraud; they are the initial active participant and have the responsibility for making the decision to make a payment or divulge security details. So, while “blame” and “fault” are maybe not the right words, they do have a responsibility. At that stage, in most cases, all the bank has done is to act on their customer’s instructions. As far as I can see, anyway.

Fraud victims face a lottery to get their money back
”The code is based on the fundamental principle of fully reimbursing those who have lost money to criminals through no fault of their own.

A selective quote, but why should the bank be liable if they have taken no part in the process? Unless, for example, they know that the payee is fraudulent.

I suspect that it may be all too easy for criminals to establish networks of payees through which they can channel their ill gotten gains.

About three weeks ago, I helped a friend’s 13 year old daughter set up her first bank account. We applied online and did not have to provide any physical documents for identity checks. Instead two scanned documents were sufficient.