/ Money

Banks cannot delay tackling fraud: my letter to Stephen Jones

With £434 per minute lost to authorised push payment (APP) scams, I’ve written to UK Finance CEO, Stephen Jones, to outline our critical steps required to halt their growth.

Dear Mr Jones,

Which?’s 2016 super-complaint called for urgent intervention to better protect consumers from bank transfer scams. The APP Scams Code of Conduct is a positive step forward, and Which? is keen to see it successfully implemented by banks following its launch next week.

Whether people are conned out of a few hundred, or many thousands of pounds, the impact of scams can be devastating.

Scammers are using increasingly sophisticated tactics that are harder to spot, and every day innocent victims continue to lose life changing sums of money through no fault of their own.

Your recent figures show that £434 every minute is lost to scams in the UK, equivalent to £625,000 every day. It remains clear that your members are best placed to identify and take measures to reduce the risk of fraud.

Through the APP Scams Steering Group, Which? has argued that an overall reduction in scams and the swift reimbursement of all victims who lose money through no fault of their own are both critical measures of the Code’s overall success.

Critical steps required for success

In addition, however, we believe that the actions set out below are also critical steps required to successfully halt the growth of APP scams:

– Banks must promise to protect their customers by signing up to the Voluntary Code as it launches on 28 May 2019, and the PSR must commit to conducting a one year review of its implementation

– Banks must implement Confirmation of Payee, which can cut scams in half, no later than its proposed new deadline of March 2020

– No blameless scam victim should ever be denied reimbursement again, and full refunds should be issued swiftly

– Banks must show they are serious about protecting consumers and immdediately publish their joint timetable to agree a long-term funding solution for no blame refunds

– Individual banks must publish scam victim and reimbursement figures of a regular basis

Banks can provide greater protections

Responsibility should be allocated to those best placed to manage the risk of fraudsters using bank accounts and payment systems to facilitate their scam.

TSB’s recent announcement to offer a full Fraud Refund Guarantee demonstrates that banks can act to provide much greater protections to their customers than will be offered through the Voluntary Code.

Given this, we urge all UK Finance members to implement the Code immediately and to begin offering significantly more comprehensive protection to their customers in-line with TSB’s Fraud Refund Guarantee.

Until these steps are taken, the devastating impact of bank transfer scams will continue to cause growing financial and emotional harm to UK consumers.

Yours sincerely,

Anabel Hoult, Which? Chief Executive.


Banks must be made accountable for all scams taking place. They musty continually improve their security systems to protect their clients.

YES !!! I absolutely agree. Banks must be made totally and solely responsible for the protection from scams.
Especially so as the UK is gradually becoming a cash-less economy.

jennifer Jones says:
25 May 2019

I was recently scammed using my nationwide account. The bank was extremely helpful and reimbursed me with the total that I had lost.

Gerri Bartlett says:
25 May 2019

Nationwide are extremely good at keeping their customers informed of scams frauds vishing and phishing and how they can be avoided — I have been a customer for over 20 years and have never had any problems / issues.

Today, I received an automated call allegedly from Lloyds Bank Security Department informing me that there had been an attempt at fraud on my account via my bank card.

The telephone call gave two numbers that I should call: 0345XXXXXXX and 004420360XXXXXX. It also gave me a three figure “code number”.

If I wanted any more evidence that the call should be treated with the maximum caution, the Lloyds website does not give either number.

The first sensible reaction of anyone should be to suspect a scam, and the next reaction should be not to call either number.

Offering a number to call, or a website to go to, is the classic method used by fraudsters. The fraud is enhanced by giving a “code number” (although what effect this number will have on security is open to question.)

There are many websites where one can check, against the experiences of others, numbers from cold-callers or given in automated messages or by people who are, or claim to be, associated with a business with such numbers. I checked the given numbers on several of these. The result was a rough 50-50 spilt as to whether the numbers given were genuine or not.

I called the number on the back of my bank card and got through to the fraud department. To my surprise and disbelief, Lloyds Bank had actually made the call.

I suggested that Lloyds Bank may not have thought through the idea of an automated call giving phone numbers to call about card fraud.

I suggested that what the call should say is “Call the number on the back of your bank card or on our website”. It is difficult to see how a fraudster could crack this.

The employee declined to take the suggestion any further.

When it only costs the banks and not the customer the problem will miraculously get solved !!

Many banks are happy s******g as much as they can from us, but when things go wrong it’s the customer that has to pick up the pieces

John says:
26 May 2019

Banks are pushing customers to more and more electronic systems as a means of saving the banks money. Therefore, banks must accept greater responsibility: pay back money taken by fraudulent bank transfer systems, admit liability when a receiving bank has not carried out due diligence and stop penalising customers for a simple ‘button’ error.

Audrey Jones says:
26 May 2019

I have been with Halifax Bank for several years now and I have never had a problem with them. On one occasion when I lost my Visa card I contacted the bank straight away and they immediately took action. I was put through to the police straight away so they could monitor my account. I was also offered cash to cover me until the card could be replaced. This is the standard customers should be offered.
However, I think implementing the Code of Conduct will add a feeling of security to their customers.

I understand Banks & Credit Card Cos often ‘prefer’ – for ‘prefer’ read ‘find it more cost effective/profitable’ – to have to make contingencies rather than address the frauds concerned. They have the capabilities to do much more but not the inclination. They don’t stay awake at night wondering if they will get their, or rather their shareholder’s, money back, let alone worry about the trauma this can create for their less well-informed customers. The fact that this is not already in place
is cause for concern.
Thank you Which? for taking this matter up for us & please, don’t let the Banks get away with any ‘cop outs’ or half measures.
Again, thank you.

Des Mackrill says:
27 May 2019

All banks must be held responsible for the safety of their customers’ financial activities!

My details were recently used to withdraw money from an ATM abroad. My bank dealt with this very efficiently and I was reimbursed. My card had not been out of my possession, and customer service told me my pin had not been used. How can this happen? I feel very insecure about using my(new) card in the future. How could this happen?

Criminals might have cloned your card. Used to be quite common in restaurants and petrol stations. Often an insider will have compromised a card terminal, so when you inserted your card it was cloned. In my case, a rogue insider at a company had cloned my credit card, and I only found out when the bank ‘phoned to ask if I’d really ordered £1200 worth of vitamin tablets…

If the banking sector was 100% safe in branch, online and mobile banking, the general public and business would do even more business with them.
Banks have to be clear in what hey say and own up to faults or breaches within minutes of it happening as it will give them more credibility with its customers

I am normally reluctant to endorse any action that is going to result in more inconvenience for me because idiots continue to fall for scams which require them to give their money to some party that they do not know, or who is tickling their greed or hope with a ‘too good to be true’ offer, or is pretending to be someone they may know. The fact is though only the banks have the experience, expertise and resources to protect these people from themselves and to deter the scammers. If the rest of us have to wait for a code sent to our phone to authorise even the simplest transaction then that is how it will have to be. That is why getting through an airport can be such an ordeal now but it has worked.

well being Disabled I don’t have lots of money in my account .But if money was removed from my account I would be in a right mess as all my bSills are paid on direct debit .and my illness could cause a heart Atact .SO I need my bank to be safe .

R Gradeless says:
1 June 2019

I recently lost £500 in bank notes through a betting scam. I am awaiting a reply from the Bank of England to my request for a £500 refund as they are the note issuers. They clearly failed to protect my money from scammers.

Beverley Ferron says:
2 June 2019

The bank I use is not on the list which I am disappointed to read they are not on the list

Hopefully they will see this and change their mind.

David Gardiner says:
2 June 2019

Banks must take more responsibility especially when they permit scammers to open fraudulent accounts.

Banks won`t voluntarily compensate their customers,who are victims of scams. The FCA hasn`t got the power to Prosecute them for the PPI Frauds.

I would expect banks to be obliged to compensate customers for scams and frauds if the bank has been negligent [e.g. not exercising due diligence over customer approval or permitting a criminal to open an account].

I would propose that protection for customers who become the victims of fraud where there has been no negligence by the bank [or other organisation involved in a money transfer] should be provided through household insurance policies as an additional cover.

I agree with the first part. However, to determine whether someone has been defrauded in a banking transaction through no fault of their own requires, I’d have thought, a detailed investigation of the banks’ processes, something many insurers would be unlikely to have the ability to tackle. Small claims may therefore be determined by simply paying out, to the possible detriment of all policy holders’ premiums. If the banks give the customer a written determination of their own findings leading to their decision then we need a properly resourced appeals process to examine any dissent. This will cost money and maybe should be paid for from a banking tax of some kind.

At present, banks deny liability and the defrauded customer gets nothing. Extra insurance cover could be priced to cover the cost of meeting claims without undue investigation, just as for other risks and perils. I expect the take up of additional insurance cover could be quite low so it is possibly not viable. It would be interesting to know how stealing by fraud can be distinguished from burglary.

PS19/4 – Specific Direction 10 (Confirmation of Payee)
Published 01 08 2019

We are giving a specific direction to members of the UK’s six largest banking groups to fully implement Confirmation of Payee (CoP) by 31 March 2020.

We consulted on the direction in May 2019, setting out that:

From 31 December 2019: Directed PSPs must respond to CoP requests.
From 31 March 2020: Directed PSPs must send CoP requests and present responses to their customers.


A Which? press release:

Which? responds to PSR confirming date for Confirmation of Payee
1 August 2019
Gareth Shaw, Head of Money at Which?, said:

“Delays to the introduction of this vital name-check security have already resulted in thousands of customers losing life-changing sums of money to bank transfer scams – so this announcement is long overdue.

“Confirmation of payee is essential in the fight to wipe out this type of fraud, and could quickly cut the amount of money lost overnight. It’s now vital that all banks, not just those covered by this direction, do the right thing by their customers and implement this measure. The regulator must also ensure this time frame does not slip again – consumers can not afford any further delays.”

Confirmation of payee or an alternative system to protect the consumer should have been place years ago.