/ Money

Banks cannot delay tackling fraud: my letter to Stephen Jones

With £434 per minute lost to authorised push payment (APP) scams, I’ve written to UK Finance CEO, Stephen Jones, to outline our critical steps required to halt their growth.

Dear Mr Jones,

Which?’s 2016 super-complaint called for urgent intervention to better protect consumers from bank transfer scams. The APP Scams Code of Conduct is a positive step forward, and Which? is keen to see it successfully implemented by banks following its launch next week.

Whether people are conned out of a few hundred, or many thousands of pounds, the impact of scams can be devastating.

Scammers are using increasingly sophisticated tactics that are harder to spot, and every day innocent victims continue to lose life changing sums of money through no fault of their own.

Your recent figures show that £434 every minute is lost to scams in the UK, equivalent to £625,000 every day. It remains clear that your members are best placed to identify and take measures to reduce the risk of fraud.

Through the APP Scams Steering Group, Which? has argued that an overall reduction in scams and the swift reimbursement of all victims who lose money through no fault of their own are both critical measures of the Code’s overall success.

Critical steps required for success

In addition, however, we believe that the actions set out below are also critical steps required to successfully halt the growth of APP scams:

– Banks must promise to protect their customers by signing up to the Voluntary Code as it launches on 28 May 2019, and the PSR must commit to conducting a one year review of its implementation

– Banks must implement Confirmation of Payee, which can cut scams in half, no later than its proposed new deadline of March 2020

– No blameless scam victim should ever be denied reimbursement again, and full refunds should be issued swiftly

– Banks must show they are serious about protecting consumers and immdediately publish their joint timetable to agree a long-term funding solution for no blame refunds

– Individual banks must publish scam victim and reimbursement figures of a regular basis

Banks can provide greater protections

Responsibility should be allocated to those best placed to manage the risk of fraudsters using bank accounts and payment systems to facilitate their scam.

TSB’s recent announcement to offer a full Fraud Refund Guarantee demonstrates that banks can act to provide much greater protections to their customers than will be offered through the Voluntary Code.

Given this, we urge all UK Finance members to implement the Code immediately and to begin offering significantly more comprehensive protection to their customers in-line with TSB’s Fraud Refund Guarantee.

Until these steps are taken, the devastating impact of bank transfer scams will continue to cause growing financial and emotional harm to UK consumers.

Yours sincerely,

Anabel Hoult, Which? Chief Executive.


Two points.
1) Banks continue to drive more cashless activity, whether customers like it or not. So Banks must be totally accountable, and this includes total tracking of transactions.
2) This Government should legislate for protecting customers and override voluntary action, which clearly does not work.

It is three years since I suggested to Barclays that they institute name checking! With the advent of almost instant money transfers, surely it must be easy to perform a FETCH instruction when a client is about to transfer money. Fetch the name as on the sort code and account, and if there in not a match, disply “Check details with payee as account name does not match. Adding a warning about scams would be useful as well.
Also, the receiving bank should amend their software to read the name of payee as being sent by the payer. The receiving bank should then refuse to accept payment if there is not a match. Also, for newly opened accounts there should be a time delay before cash can be removed, giving the sending bank time to act and get funds returned.
Finally, if I want to open an account, there are many checks on my ID. How come scammers can open accounts and then just vanish?

Although I think I am fairly careful when dealing with my bank details and unknown callers I realise that some of the people scammed must also have felt the same and yet were still conned. Some of the stories about huge losses are truly frightening and must wreck peoples lives.
I agree with a lot of the correspondents above and am not happy with the way that over time banks have completely changed the way they relate to customers (on-line banking, closing branches etc) but as soon as major problems appear they pass all the blame onto the customer.
I have never understood how fraudsters seem able to open a string of accounts so easily
that they can quickly pass ill-gotten gains along the chain and out of reach. Banks must be able to follow this chain and if it is found that an account has been opened using false information then that particular bank should be held completely responsible for all the looses up the chain.

All banks have a duty to ensure that no matter how people transfer their own money and from which ever country your money will be transferred into your own account shouldn’t be charged no matter from wherever it comes from. I also think that foreign banks will be liable for taking money from the people who have money transferred from foreign countries.

Geoff Pearse says:
24 May 2019

I know it sounds a bit old fashioned but in many instances a transfer could be effected by an identifiable carrier checked at both ends of the transfer. Especially if the carrier is directly involved.

If the banks would bring into operation all the recommendations made by Which CEO that would make a much stronger defence against on line bank fraud and scams

G.T.Moseley says:
24 May 2019

All banks should realize that without their customers they would not exist so they need to protect customers by whatever means to ensue their safety in making transactions from accounts of not legal action against them should be taken .

Banks have contributed by closing branches and encouraging on line banking to those of us who do not understand electronic banking and are less able to cope with its sophistication,even should they even have a laptop or similar device. Scamming these people,and there are a lot of them,is easy and the banks have a duty to them. Customers are not nuisances by definition and deserve prompt action when things go wrong or advice is saught.

I think that people should be far more alert to potential fraud. Where money is concerned, there should not be automatic trust.

Unfortunately Natalie it’s sometimes not as straight forward as being alert. My builders’ email was hacked and a request to pay a genuine invoice was made within an hour of being sent, with bank account details. This happened 3 times that very day to other customers. Neither the offshore bank that holds that account nor HSBC here would take any responsibility to trace the money or follow up the fraudulent transaction.

It is good practice with any new account to transfer £1 as a test amount and check with the legitimate recipient it has been received; the account details can then be reused to send the remainder.

I am starting to get suspicious of builders emails being hacked.

It seems to happen rather a lot and my suspicious nature wonders if some builders have signed up to a scam to get paid twice with first payments being directed to untouchable accounts.

Good point.

Actually, I think it would be easy enough to collect most builder’s email addresses from the public domain.

Then all that would be needed would be some of their passwords. Some of those would be either easy to guess or obtain by other means.

without customers nobody eats………..protect the customers from scammers..

The banks have a responsibilty to those who use their systems, they have the details of the people who have accounts with them(which they will not share) and do not care or act if you are conned by one of their approved customers, who they protect,so the banks involved are complicit with the fraudsters without any consequencies for their part in the transaction,that cannot be fair or even legal?

Anthony Edwards says:
24 May 2019

Fraudsters must have somewhere to put the money they have taken from their victims – another bank. Banks could easily create a global network able to identify the perpetrators and the place where those stolen monies reside and seize the accumulated assets. They could also create and maintain a central fund from which the victims could be reimbursed. At the moment they don’t because they don’t care where the money comes from or goes to. It’s just money to them no matter it’s source!

Pandora Melly says:
24 May 2019

To make banks liable for money lost through its customers falling victim to financial loss through scams, is unfair and more importantly, is not targeting or preventing scams.

It would be better to develop technology that enables any telecom company or internet provider to recognise the elements of a scam, to interrupt it as it is happening, and to block the perpetrators and hand over such details as location to the authorities.

I appreciate the devestatoon of being scammed out of your money. Education, vigilance and suspicious attitude is needed. For those more vulnerable in our society need to have stronger protections on their accounts. It’s not the banks fault that we are scammed and they shouldn’t be held responsible. At the end of the day we will all end up paying by way of higher account fees.
I am tired of this ‘blame culture’. We must learn to take responsibility for our own actions.

How are big sums of money going to unknown people in the first place? I have had several bank accounts in my life but each time I had to bare my soul to get an account. With various proofs of identity, the only thing they didn’t ask for was my fingerprints and a photo. Armed with this knowledge then the banks should be able to recall misappropriated money and in any case be held accountable

I have been a victim of bank transfer fraud and do feel totally stupid for it happening to me still to this day. I had transferred money to a company for a service (window installation) and when this never happened, I contacted Barclays who could not help me along with Action Fraud who I am also disappointed in as they took weeks to even respond! There should be much more protection whilst we are expected to pay for goods and services through digital methods. I lost £3500.00 which may seem a relatively small amount in comparison but nonetheless it was money I had saved over 5 years and lost. Something has to be done!

Richard Shannon says:
24 May 2019

The banks themselves are the worlds’ worst for their fraudulent ways that they find to steal more an more from the customer. I was involved in a fraud, neither the bank or the police were interested. The bank had all the details of the account, it was even a Barclays account, but they flatly refused to get my money back or even close the fraudulent account.

These bank charges should be fair just and reasonable, not used to generate extra profit and to pay excessive unjustifiable salaries to the senior management.

Account holders name should form part of any transfer. The account holder identity is fully verified by the bank when setting up a new account, (e.g. as a former bankrupt I can’t open an account) therefore without the correct identity no transfer should be completed.

Chris Drinkwater says:
24 May 2019

I was the victim of a courier fraud a couple of years ago. Having decided not to open an online banking account in my name because I feared I could be the victim of a scam, someone else managed to open an online account in my name, using their email address, which gave them access to both my current account and credit card account which were with the same bank. The perpertrator also managed to get hold of my landline number and phoned me, pretending to be a police officer, investigating fraud at my bank branch, quoting entries from my recent bank statement to convince me he was a genuine police officer from the fraud squad. He told me that certain bank staff there were involved in handling fake £50 notes and wanted me to withdraw a sum of money in £50 notes so he could check to see whether they were genuine or no. Sadly, I fell for it and after withdrawing the sum in £50 notes, handed it over to a courier he arranged to come to my house, saying he would refund the amount back to my account the following day. When he rang again the following day and asked me to do the same thing at another branch of my bank, I only then became suspicious. I contacted my bank straight away and explained what had happened to the deputy manager who then did a check on my account and this when they discovered someone had set up an online account in my name in order to make their story about counterfeit £50 notes more believable. The bank promptly closed the online account in my name. I immediately contacted action fraud and told them what had happened. They did do an investigation into my case but the scammer was able to hide his tracks and they couldn’t trace him. I am annoyed that someone else could so easily set up an online banking account in my name. And how they obtained sufficient details about me to do it, I have absolutely no Idea.

Caroline Dawkins says:
25 May 2019

I was scammed out of a fair amount of money that I sent to Standard Bank in South Africa in April 2019 from my HSBC account here in the UK.
On reporting the scam to HSBC I was informed that HSBC could not do anything to monies that were sent to Standard Bank in South Africa
I also reported the scam to he UK fraud department.
I feel that Full Fraud Refund Guarantee should be adopted Internationally

Janet Gray says:
25 May 2019

Banks must keep on top of these fraudulent transactions