/ Money

How does your bank tackle fraud?

Each week seems to bring with it a new scam and with more than half of all UK adults banking online, fraudsters are having a field day. So how supportive is your bank when you’ve been a victim of fraud?

Online banking fraud losses soared to £60.4m last year – a 48% increase on 2013 – while total card fraud losses were up 6% to £479m, says Financial Fraud Action UK.

Conmen are always finding ways to adapt. They can spoof your bank’s phone number, send convincing phishing emails (such as this recent HMRC tax rebate scam), or call up pretending to be your bank so that you give away banking login details or other sensitive information.

It’s enough to make you feel downright paranoid.

Bank fraud – getting your money back

Banks, building societies and credit card providers say they work hard to prevent and detect fraud, but victims don’t always get their money back.

If you unwittingly authorise a payment because of a phone ‘vishing’ scam or email ‘phishing’ scam the bank’s liability is limited because you have inadvertently given your own money away.

Older people are particularly vulnerable – the Financial Ombudsman Service (FOS) recently reviewed 185 phone scam cases and found that 80% of victims were aged over 55, with some losing over £100,000.

Card fraud victims generally have much more protection because the bank can only refuse to refund you if they can prove you were ‘grossly negligent’. Firms don’t always get this right – the FOS says that it often has to remind businesses of the rules about their liability for disputed transactions and in particular the differences between credit cards and debit cards.

Have you been a victim of fraud?

The Financial Conduct Authority last week reported that firms are ‘making good efforts to deliver fair outcomes for consumers’ when they handle claims for unauthorised transactions (when a payment is made from your current account or credit card without your consent). But now we want to hear about your experiences of bank fraud.

Have you ever been a victim of fraud – and if so, was your provider supportive? Did you get your money back quickly – or even at all? Does your bank ever query unusual payments, or warn you about the latest scams?

Comments
Guest
Steve T says:
4 August 2015

I love that Fos have to ‘remind firms’ of their responsibility. This is exactly the problem with financial services. Despite the fact firms know exactly what their responsibilities are they too often try to get away with not meeting them until regulators ‘remind’ them, then they cry about being over regulated. If we forget to meet our legal responsibilities we usually get more than a reminder…

In a world where these firms really put their customers – rather than their bottom line – first, these losses would be covered by hedging or whatever, just as potential losses faced by banks themselves are.

Guest

If a fraudster impersonates a bank and persuades the victim to transfer money to the fraudster, then some victims are expecting their banks to compensate them for the fraud.

If a fraudster impersonates a Nigerian lawyer (419 scam) and persuades the victim to transfer money to the fraudster, then the victims don’t expect their banks to compensate them for the fraud.

Why should the approach by the banks be different according to whom the fraudster is impersonating? It shouldn’t, and the banks quite rightly refuse to compensate in both cases. Consumers need to exercise due diligence over their money and treat all unsolicited communications as suspicious. The weakness in both cases above is not the banks or banks’ systems, but the stupidity of consumers, which the fraudsters are exploiting.

Guest

@NFH, That’s a little harsh. Note I said a little. I mean how difficult is it if a grey haired old lady turns up at the bank asking to withdraw £4k cash for the cashier to simply ask. “Are you withdrawing this money as a result of an unsolicited phone call?”

Banks don’t care about fraud cos at the end of the day its the customer that pays or their insurance. And as too many people in this country seems to be far too trusting, why is it too much to expect more from banks?

Guest

William, I think that some banks do give a warning about unsolicited phone calls when setting up a new payee in online banking. But the next step will be for the fraudsters to anticipate this warning and give some plausible-sounding reason to the victim to ignore it.

The banks do care about fraud, as it impacts upon their profits. I doubt that banks have insurance for this kind of fraud. I know that credit card issuers don’t even have insurance for Section 75 claims for example, so fraud is even less likely to be covered by insurance.

When it comes to fraud that banks don’t care about, contactless cards would be one type. The cost of fraud on contactless cards is less than the merchant fees generated from card usage and the saving on stocking cash machines. Therefore the banks tolerate a small amount of fraud in exchange for increased profit and cost savings elsewhere. This is not the case with bank transfer fraud.

Guest

Thanks NFH, so do you believe victims of email or phone scams shouldn’t be entitled to refunds, no matter how sophisticated the scam? What about card fraud? Do you think banks should reimburse customers if someone steals or clones their card, for example?

Guest

I believe that banks should compensate victims only where the bank’s systems have been compromised. This would include card fraud and phishing (with one-factor authentication). Banks should not be expected to compensate victims who log into their online banking and transfer money to a fraudster at the fraudster’s request. It doesn’t make any difference whom the fraudster was impersonating. If the banks compensated in this case, then they would also have to compensate for 419 scams; this would be absurd.

Guest
Alex says:
4 August 2015

I agree, if we were to return to a day when there were no electronic payments and someone were to knock on my door and convince me to pay them a sum of cash for a bogus service, no one would find it reasonable to hold the bank responsible.
But.. if the bank has my money in it’s safe and the same bogus salesman knocks on the banks door and convinces them that I owe them money, if the bank pay it without asking me, I would certainly hold the bank responsible.

In my opinion, an electronic equivalent:
Transferring money on a 419 scam is negligent behavior and should not be compensated;
Card cloning is unavoidable as a customer and should be compensated.

Guest

Alex, that’s extremely well put. One just has to describe the same thing in an offline context and it becomes much clearer.

Guest

If you always compensate people when they have been conned, then I see possible downsides. One is where does the compensation come from? Well, in the end it’s from you and me, ordinary customers, not the institution. Two, if you know you’ll be compensated for a loss inevitably you will become less careful when looking after your funds. Three, it leaves the field open to collude in a scam – someone steals your money and you can reclaim it. So I do not think it is straightforward.

We have to take responsibility for our actions. If someone is not capable of doing that then they need help from family or some organisation. They, or someone, needs to recognise when they have become vulnerable, through age for example, and arrange their affairs accordingly.

I feel genuine sympathy for those affected, and revulsion at the type of people who target them.

Guest
Nicole says:
4 August 2015

I think card fraud should definitely be compensated – this is surely the responsibility of the bank to detect and notify their customer.

With regards to the email or phone scams, I can understand that since some sort of consent is given then it causes a debate, however, perhaps consumers would fall for fewer scams if we were in fact informed about the latest scams by the banks. Although I have been contacted once by my bank to check if a payment was fraud, I don’t remember even being warned of any scams that happening at the time. Perhaps if banks could keep track of the latest scams and let people know what to look out for and by wary of (especially if they are old – something through the post?) then there would be some sort of damage control?

I think certainly for large amounts (£100,000) the banks should at least check with the customer before making the transaction?

Guest

http://phys.org/news/2015-08-netherlands-bank-customers-vocal-payments.html

What we have is a problem in that humans can make bad choices quickly and everything that Banks and retailers do to make the payment system simple and easy to use assists the villains.

Humans need time to reflect and it is being denied to them as cheques are being replaced by other transactional devices..

So the future seems pretty certain to be a raft of increasing frauds unless there is some grit put into the system. Whether this payments are automatically delayed for 48 hours where they are one offs or there is a limit restriction, or some other grit in the system I know not.

One thing may be fairly sure is that villains are often availing themselves of accounts opened within the Banking system and perhaps more attention could be paid to payments into these accounts to see whether the turnover and where the payments come from accord with what the account claims to be for.

Guest
Ca86 says:
4 August 2015

I had a good experience when fraud was committed on my account, Natwest got in touch with me, froze the account and when it was clear I hadn’t been making withdrawals from Benin and Thailand, refunded the stolen money. I had the complete opposite experience with another account though, a random monthly payment was set up that triggered overdraft charges even though I never authorised it.

Guest

ca 86 – Which bank was at fault with the random payment and how long ago?

Guest
Zee says:
4 August 2015

https://www.callercenter.com/blg/articles/spoofing-caller-ids/
Some explanation about what Caller ID Spoofing is. I do agree that customer need to do their due diligence and take responsibility of their own action. But we can expect that everyone is that savvy about technology, especially the elderly. As stated above, mostly victims are those above 55. And they can’t have their child all the time to remind them about what to do and not to do. We need to raise the scams awareness. But other than that, maybe the bank can also participate in avoid scam to actually happen by providing some procedure.

Guest

Zee, it’s not about being savvy about technology. Alex explains it very well above with the equivalent scenarios in the offline world. There’s no reason for consumers to be any more trusting in the online world than in the offline world. I also disagree that age has something to do with it (or being over 55). My parents are in their 70s, and they routinely ignore or reject any attempts by scammers. It’s about using common sense in the same way, whether it be online or offline.

Guest

How do we protect vulnerable people from criminals – these are the people who scam – whether on-line or in the real world? They are clever people who will defeat those who are either less savvy or who have lost to some extent their faculties. Well, my first reaction is for the family to look after their own, however inconvenient of difficult that might be. As your parents looked after you when you were vulnerable.

However we need something else for those without a supportive family. We should provide local support groups throughout the country to help vulnerable people in an organised way, both with community centres and by home visits to help them with their problems and weaknesses. But it needs funding from the rest of us. I, for one, would say why did we spend £9 billion on the 2012 Olympics with little benefit for UK sport for the masses, and profits largely for the likes of Coca Cola, McDonalds, the Olympic business machine and coe. It cost £142 a head for every man woman and child. Even the £21 million spent on a failed 2018 World Cup bid would have helped.

I think we need to get our priorities right.

Guest
Dave says:
5 August 2015

Chiara, from your introduction I note that less than half of the adult population do not bank online. Are these are the really savvy people?

Guest

ONS figures (2014) have it that 53% use internet banking, although this was much higher in younger age groups. I don’t automatically assume that those who don’t bank online are less savvy. But, for the wider issue of fraud, I think it is interesting to discuss whether you think banks and card providers do enough to warn customers of potential fraud threats, whether this is online, over the phone, through cloned cards, ID theft etc.

Guest
never again says:
8 August 2015

fraud barclaycard. Try this one. I sent barclaycard £400…. I still kept getting a bill. Eventually having phoned and written several times over a period of time I had to send the money again as I was worried. I didn’t realise that one none payment of a bill could seriously affect your credit score. When I realised this matter had seriously affected my score I asked the bank to send a copy of my cheque, signed by me, with my details on to my home. They very kindly did and I forwarded this to barclaycard. Baclaycard replied by post to…. MY HUSBAND saying that yes they had indeed paid the monies off his account. Yes maybe I was hugely naive as to experian and their role in the financial world today. I certainly didn’t understand that experian can’t change a credit reference even if they have proof. I have complained in the strongest terms to barclaycard and eventually they have given me “compensation”. £150. That’s only one months higher interest rate payment on my new mortgage. Please please please everybody out there: always make sure that when you pay a bill that they up date your records correctly immediately, if anything goes “wrong” look at how it has been recorded on your credit records, inform experian or whoever and the financial ombudsman immediately to correct errors as you only have six months or you may have to employ a solicitor to rectify matters later.

Guest

I was defrauded to the extent of £20,000 over a period of three days. The bank refunded this. I was in touch with the local branch on the second day

When I constructed a time-line of the events against the movements from my bank account it was clear to me that the bank knew that something was happening and I felt that I may have been being used by the bank for entrapment. I don’t have any issues about this. The bank treated me fairly, considerately and totally without any hint of recrimination.

I would like to know whether any prosecution took place after this – or what the consequences were.

Guest

I have two offerings, and both involve questionable practices by banks.

The more recent was 1 to 2 years ago, Barclays phoned me (as the most active director of the management company of a block of flats, though if caller knew what the company did then such a call would have been inappropriate: he/they wanted to explore what help Barclays could offer us with regard to the business and expanding it (?!) All went well until he asked for my password, which I refused to give, on the grounds that he knew whom he was speaking to ‘cos he had called me on my land line, whereas I had no means of knowing that he was as claimed. If Barclays are still doing this, they should change their tactics to avoid emulating scammers! Not only this, but “awareness that Barclays staff DO call customers out of the blue and ask for their passwords” might make people less vigilant when scammers call them!

My other experience was a number of years ago, relating to a personal account, with Lloyds TSB as it then was. My wife and I discovered that over £4000 was missing from our account, so we went to the branch as soon as possible. What had happened was that, MANY months before expiry of my debit card, they sent me a new one (without alerting me to expect it!), and it never arrived. But according to the bank’s database this was the card that had been used for the unexpected transactions, presumably “customer not present”, as the payments were all made to William Hill OnLine, first a small (test?) transaction, then increasing amounts, probably 6 or 8 transactions in the one day. The bank did refund the money, and (at my insistence) the charges that would have arisen from going overdrawn because of this. But what really got to me was the adverts I was seeing which praised their “very sophisticated anti-fraud system” with regard to the cards. Surely this sort of pattern, coupled with the fact that we have never had any transactions relating to that industry, should have been enough to trigger even the crudest of such systems. Of course, we never learnt anything abut what had happened to my alleged card, or whether there was any attempt to identify and/or prosecute the fraudster – and the bank seemed to treat the whole thing in a very casual manner!

Guest
B Davies says:
19 September 2015

You haven’t mentioned banks “frauding” customers. I had an account with Santander which I kept as a reserve account for large cheques or emergencies. I wrote cheques occasionally but there were no standing orders etc. For that reason, the bank made the account dormant, without communicating with me IN ANY WAY! When I tried to pay a large cheque to a builder, it bounced, causing worry & embarrassment as there was a substantial sum of money in the account. I closed the account immediately and received a tiny amount of compensation. I think it is likely that, without my knowledge, my account would eventually have been sucked into Santander’s mighty maw & they would have “lost” it. The bank was unsympathetic & evasive throughout.

Guest

I get calls from financial and non-financial institutions when they ask me to provide identity information. Unless I am certain I know who has called me I refuse and ask them to give me information about me so I can identify them. They refuse to do so, citing “data protection”. My response is to throw “data protection”back at them and say I cannot give them information if I am not certain who they are. If all else fails, I ask them to write to me, which can horrify them that they will have to find a pen and some paper! On one occasion I asked my bank why they don’t set up a password system so I could be satisfied I was speaking to them, but I think this went into the “too difficult” box. We are always being told, don’t give out your identity information without knowing to whom you are speaking, but often, it is the institutions themselves who ask us to do this.

Guest

Barclaycard still send me emails with a clickable link to their log-in page, when my account is ready to look at. I’m sure this is a bad idea (so I don’t click it!) It’s asking for fraud. But surely they ought to follow other banks in that they “never include clickable links in an email”.

Guest

I had £1300 taken from my Halifax account over a period of a week .I notified the bank and the police. I got a crime no,I contacted the council cctv, to see who had used my card [town centre cameras] I paid a visit to the bank that the card was used outside of ,to see if i could i see the CCTV footage, because i wanted to catch the **(&^$!!! in the act. I got a call from my bank stating that it could possibly have been a family member. I stated that my card must have been cloned as i still possesed my card and my family were with me when one or more of the transactions had taken place. They said it must have been my card they can tell if it was a cloned card ??? Anyway chip and pin cannot be defrauded. …..end of story. It was a debit card so different rules apply apparently. Anyway it still hurts every time i think of the Halifax. I got so paranoid i was thinking maybe the bank does this on a regular basis and just blames card thieves. We all may as well go back to using cash.