/ Money, Scams

Publishing our bank transfer scam dossier

A man looks worriedly at his laptop

Today Which? is submitting our report to the Lending Standards Board, sharing the experiences of consumers who have lost out to authorised push payment (APP) scams.

It is one year since the launch of the Contingent Reimbursement Model Code as a step forward in how to treat victims of authorised push payment (APP) scams. 

As you know Which? has campaigned hard for action on APP scams. As part of our super-complaint to the Payment Systems Regulator (PSR) four years ago we collected evidence from nearly 600 fraud victims who told us they had collectively lost over £5.5 million to bank transfer scams. 

We are pleased to see the code has led to more innocent people being reimbursed after falling victim to this type of scam. In the last full year before the code launched, just 19% of the amount lost by individuals was returned to them. In the first six months following the launch of the code, signatory firms reimbursed 41%. However, there are some glaring inconsistencies in how banks are treating their customers.

Today’s report captures some of the many experiences of consumers who have lost out to APP scams.  We hope that this will help inform the Lending Standards Board in their review of the code, and highlight what still needs to be done to protect consumers. 

Voluntary scheme

As part of today’s report we are also calling on the PSR to review whether a voluntary code is the best approach. 

We are worried that banks are failing to implement the code fairly and consistently, leaving customers scared, confused on what options are available, and unfairly out of pocket. 

According to the PSR, four of the eight signatory firms had fully reimbursed victims in 6% or fewer cases between May 2019 and February 2020. One firm fully reimbursed just 1% of victims, while a different firm had fully reimbursed 59% of victims.

Which? has had to intervene multiple times to help victims of APP fraud get reimbursed. 

We believe that banks, regulators, and the government must work together to make the code mandatory and ensure that strong standards on reimbursement are introduced.  

What to do if you’ve been scammed

If you think you have been scammed, you should contact your bank or card provider immediately. You should also contact the bank where your money was sent, as they may be able to stop the transaction.

Read our advice on what to do if you’re the victim of a APP or bank transfer scam.

Register for scam alerts

Which?’s free scam alert service will help keep you informed on the latest scams.

Do you feel enough is being done to help victims of these scams? Have you had an experience of attempting to get reimbursed on a bank transfer scam? Let us know your thoughts and experiences in the comments.

Kathleen Reynolds says:
18 January 2021

my Husband was trying to purchase from Argos, he thought he was on the site unfortunately it was fraudulent. Now has a payment set up and they have so far taken £1 out . They have been calling continuously pretending to be Halifax fraud team etc. He has spent four hours on phone to Halifax and they are saying he has to cancel the payments with the company as they can’t ??? We have no way of contacting this company can’t even google them ! MIX OKMAK.COM ???? the bank have put a stop on payments for 13 months but said he then has to ring up again. We don’t know how much or frequency of payments but they have attempted to take £49.95 today. How on earth do we stop this ? I think he needs to close this accept down . Any help or advice would be appreciated

Hi Kathleen, if either a Standing Order or a Direct Debit was set up, then you or your bank would be able to cancel those.

But if a mandate to make charges against a credit or debit card was set up, those are best cancelled by contacting the payee. For example, cancelling unwanted Prime subscriptions can be done this way. Failing that, can you get your bank to close the card account?

Scammer contacts to say that someone is trying to access your bank account. I was convinced I was talking to the bank and finished up with three payments of £750 exiting my bank account. Surely the bank should have noticed dubious payments and blocked them.

How were the payments taken from your account? What was dubious about them that the bank should have noticed?

I suggest that there is the option – preferably the default option – for pending transactions, allowing time for potentially fraudulent transactions to be reported to the bank and cancelled if necessary. I am not suggesting delaying payment of routine direct debits or standing orders.

I have noticed that when I order groceries online the payment is shown as pending in my current account, allowing time for adjustment of the payment to be made to reflect non-availability or substitution of goods.

If anyone is sufficiently confident that they do not need this protection against fraud they could waive their rights, in the same way that they can action payment into another account even if Confirmation of Payee fails to match the name of the payee.

When I transfer money online I can choose whether it goes immediately or on some specified date. So, if I was nervous about a transaction I could delay it by one or two days while I thought about it. But then, if I was actually nervous about a transaction I would not instigate it before I had thought about it. If they had or hadn’t thought about it at the time, might that change in the next 24 hours. I wonder whether anyone has evidence to support this. So I am not convinced for now that a default delay would help most people.

I do think the facilities and limits offered by bank accounts should be tailored to reflect the perceived needs and abilities of the account holder. So different types of account for different people to limit the risks to the more vulnerable.

Yes it is easy to delay payments and that can be useful for paying credit card bills on time to avoid interest.

When distance selling regulations were introduced, this provided consumers with an opportunity to cancel contracts after they have had time to reflect on what they have agreed to do. If we are protected from over-zealous sales staff then surely we deserve as much protection against the efforts of scammers to take our money.

I cannot provide figures about how many people realise that they have been scammed soon after it happens but if you look through the various Conversations about scams there are examples of people who have realised they have been scammed when they put down the phone.

The growing number of scams is cause for concern and delaying payments to new payees by default would in my view help tackle the problem. At least this could be the default option.

I am all for placing limits on accounts and have advocated this particularly over credit card limits.

Instant money transfers is a more recent development as a few years ago (not sure how long now), transfers between banks didn’t take place until late at night, so there was time to reconsider your transactions.

Something that doesn’t help, is banks deleting payees you have set up. First Direct deletes them if you haven’t used them for 6 months and that is really annoying for annual payments or family members who are not going to be regular payees. It means you have to go through the palaver of setting them up again with the danger of getting it wrong, especially if finding your payee missing puts you in an annoyed state where you are more likely to make mistakes.

Confirmation of payee should now minimise the risk of getting it wrong.
The list of confirmed payees is extremely useful, I agree; in my case not particularly long. To have to remember the exact name of a payee is not always easy. My bank does not delete unused payees, as far as I know.

My bank does not delete payees. I had a cull recently and deleted ones that I have not used recently. That leaves seventeen that I am likely to use in future including one with a prominent label NOT CONFIRMED, where Confirmation of Payee failed but I ignored two or three warnings to be allowed to pay £7 for a society subscription. I will take screen captures with the details of payees in case any are cancelled without warning.

I am not in favour of a delay by default in making a bank transfer. I generally wish to transfer the money on the same day and rarely avail myself of the opportunity to defer it; this way means my ‘available balance’ figure shown on my current account statement is always more or less accurate and I do not have to worry about liabilities accruing in the background.

I agree that customers who cannot manage their finances to that extent should have limits placed on their activity.

I have no problem with you or me being able to transfer money immediately, John, provided that this is our wishes. I have advocated a delay by default as a way of reducing crime by giving customers a way of preventing money being taken out of their accounts by fraudsters.

Elsewhere I have suggested that credit cards should be set up to pay the full balance off monthly by default, meaning that customers have to make to ask if they want the option to pay off part of the balance. This could help protect some customers getting into debt. I have two credit cards with the same company and decided not to have my eggs in one basket. I now have a John Lewis credit card and that will be paid off monthly. I hope that other companies are moving in the same direction.

Credit cards are used by some (many?) to pay for larger purchases which they do not wish to pay off in one go.

I can set up a direct debit to pay off my credit card debt in full, monthly, if I so choose, just like anyone else. We should be able to choose how best we manage our own finances.

I think the best way credit card providers can help their customers, rather than themselves, is to be far more careful about the credit limit they provide. This should be initially quite low for some until a customer has built up a history; that history can then be used to set a limit that the customer can clearly handle.

I agree that many use their credit cards in this way. It’s convenient but (I understand) not necessarily the cheapest way to borrow money. I pay my card bills in full by direct debit but at one time my company would not let me do this.

Not only should a credit limit start low but in my view the customer should have to ask for it to be raised. I would prefer that customers were allowed more privileges if they manage their accounts responsibly.

There are changes here that I find sensible, particularly tailoring minimum monthly repayments to prevent those in persistent debt making things worse. Interesting that they block all payments to gambling sites. I hope all card companies will do that.

Hi All,

So, at the tail end of September 2020 i fell victim to an Authorised Push Payment scam to the amount of £23,500. This was like no scam i’ve ever encountered, looking back now i feel foolish but at the time i done as many checks as i possibly could, had up to around 20 calls on the same day to the seller ( a car online ), the seller answered each time had an answer for every question i asked ( including some hidden specification and previous private registration number of the car in question only available upon completing and HPI check ). The sellers accent was local to the place which the car was for sale in and i could hear little kids running around in the background calling her Grandma! She sounded every part the lovely little old lady. Also i should mention that the car wasn’t vastly under priced like most of the scams.

The bank details i sent the monies to were verified by the receiving UK banks, LLoyds and Barclays and the names used on those accounts weren’t common names. The Police referred me to Action Fraud whom were clearly not interested despite the vast amount of information i have on the fraudsters.

It’s now 4 months down the line and i’m still out of pocket, i have an APP Solicitor on the case but i have to chase them for answers.

I really am at a loss as to what to do, i simply cannot afford a loss like this, like everyone else finances are tight due this pandemic so my family are suffering as a consequence.

Any help appreciated.

Hi Rob, please don’t feel foolish. Have you contacted your bank? I’d do this as soon as you can so they can investigate. If you’ve already reported this, what was your bank’s response?


I’m so sorry to hear this Rob. There is nothing to feel foolish about, the blame lies firmly with the scammer, not you. We have a template letter to send to your bank asking for a refund here, and if they won’t reimburse you, ask the Financial Ombudsman Service to look at your complaint (this is free and doesn’t require a solicitor): https://www.which.co.uk/consumer-rights/advice/what-to-do-if-youre-the-victim-of-a-bank-transfer-app-scam

I fully sympathise with Rob and his loss. Buying privately online with an unknown vendor – I presume this was – is fraught with possible problems in validating the integrity of the vendor. I would have thought inspecting the car would be sensible before making a payment, and that is the opportunity to assess the vendor. However, when we suggest the bank should refund the money – underwrite a loss – this seems unfair to the bank (or all its customers who will fund the refund) unless it has shown negligence.

I wonder whether a 3rd party, such as a solicitor, could hold the money until the purchaser is satisfied. The cost would probably be low in relation to the money at risk, as here.

Riyaj Gurung says:
29 January 2021

There is no need to feel foolish Rob. I was a victim a couple of days after new year. These crooks are extremely sophisticated, and professional. The blame is not on you. as my incident took place after the tragic death of a good friend as well as academic stress which students across the world can relate to, my mental health has taken a turn for the worse. I hope you get your money back and these criminals get rammed up the backside with a tree trunk!

Patrick Taylor says:
14 February 2021

As it shows so many times the name Action Fraud is a complete misnomer and whilst calling it Inaction Fraud is closer to the truth the real problem is that it is a data collection hub and if it were properly named everyone might understand its role leading to a lot less angst.

Fraud Data Collection Office would sum it up its primary purpose and remit nicely.

I think any of the Conversations dealing with scams etc should refer to the excellent Which? Article that followed a Times investigation:

Patrick Taylor says:
14 February 2021


The six minute video should be seen to be believed.

Thechinahacks.com are really an amazing team of experts. I received a ton of successful transfers from them.

My mum has lost all of her life savings that she was due to retire with this year. She was a victim of APP scam and the scammers were extremely sophisticated. Inaction fraud is absolutely useless being very underfunded it seems. My mum is now suicidal and in the depths of despair. To witness every day and night the pain and suffering she is facing is just absolutely heart breaking. These scammers are soulless and I hope they get what’s coming for them. The banks are putting their foot down too and feel they are not supporting her whatsoever, they make out like everyone should be scam detectors. I hope to anyone reading if you have been scammed that you find a way out, that you get reimbursed, and if you don’t I hope you keep going, stay strong and let’s fight for a change to be made.

I bank with the Co-operative bank and have been the victim of an APP scam, losing thousands of pounds to fraud. I’ve just read this story on the BBC website which is almost identical to my own awful experience. Apart from one really big difference; her bank reimbursed her in full very quickly, even though they haven’t finished their investigation. After 4 and half weeks, I am still waiting for the Co-op to come back to me with some sort of resolution. I am practically having a nervous breakdown over it, and the so-call ‘ethical’ bank is just letting me stew at home whilst waiting for the banks my money was transferred to pull their fingers out and conduct their ‘investigation’.

The system for dealing with the victims of APP scams and helping them is hopeless. I’ve been through some tough things in my life but this is the worse by far – it feels as though it will never end. And the Co-op have been hinting that it’s my own fault for being stupid enough to be scammed. I am angry, hopeless, humiliated and depressed as well as completely out of pocket.


Three months ago I was the victim of an APP crime and both my current and savings accounts, both with the Co-operative Bank, were cleaned out. The bank has managed to recover about one third of the money that was stolen from me and the case is still open as they have to wait for a response from the banks my money was transferred to. But there seems to be absolutely no sense of urgency about the investigations and no real comprehension of the damage this does to one’s mental health and wellbeing.

I contacted Action Fraud and reported the crime. Within four weeks, the police had closed my case as, despite having the bank account numbers and sort codes to investigate, they said they didn’t have enough to go on. Earlier this week, I got back in touch with Action Fraud to try and find out how to get the police to reconsider. The details of my case have been completely lost; the person I spoke to has ‘escalated’ it, apparently, as he couldn’t find any record of my case. He said someone would call me. They haven’t.

I have practically had a nervous breakdown due to this happening to me. But there is no protection and no sense from the banks that they have a responsibility to protect their customers from criminals like scammers. I have had the distinct impression that the Co-op has started from the assumption that I am to blame and I have to prove otherwise – if I am ever allowed to speak in my defence. I am still waiting for them to review my case and let me know if they are going to reimburse me for the money that hasn’t been recovered.

As a bank customer and a victim of crime, I feel utterly lost, invisible, and ignored. They took my life savings and no one cares that this crime has deeply affected me, aside from the loss of the money. I think it will probably take years for me to recover but the banks and the police absolutely DO NOT CARE. I hope this never happens to anyone else, although I know it’s happening every day. I hope that Which? manages to shame the banks into dealing with APP crime victims with some humanity.

In March 2018, I was scammed for £3000 through APP: the money went from my NatWest account to the scammers NatWest account. I immediately contacted the Bank and Action Fraud, and when the Bank refused to compensate me, I contacted the Ombudsman. The Ombudsman supported the Bank’s decision not to compensate me because I was the one who had made the bank transfer so it was my fault that I had been scammed. I appealed to the Bank because I am a pensioner who had been a customer of theirs for 50 years!! and because £3000 was an enormous amount of money to me (and still is). To no avail.
Post 2019, after NatWest joined the Compensation Scheme, I tried again for compensation from them, arguing that since the scammers were using NatWest to perpetrate their scam, NatWest had failed to adequately protect me. NatWest argued that since I had been scammed pre-2019, they had no responsibility for compensating me and therefore would not do so. Needless to say, I never got the £3000 back.
It’s been over 3 years now since I was scammed, and I attribute the heart attack I suffered In 2018 (and the heart failure I have been left with) to the shock I experienced when I found out that I had been scammed for £3000. Incidentally, I have not told a single friend or family member that I was scammed: I’m far too embarrassed and ashamed.
I do hope others do not suffer long term health problems as I have from the scamming experience, and are more successful than I have been at being compensated for their loss. Keep at it!
Ironically, I recently received an advertising letter from NatWest’s Chief Executive informing me how wonderfully NatWest look after their customers.

Janine says:
21 September 2021

Beware “cloned” application forms for savings accounts. These look like bona fide application forms but the sort codes and account numbers cause the funds to go to the criminals instead of the savings institution the saver thinks they are sending the funds to. Suggest always check on the Financial Services Register the bank details and look up the phone number. Also check the institution is authorised under the FSA protection scheme to take deposits and that funds are protected up to £85,000. Before sending the funds suggest call and check the information on the application form re sort code and account number before sending any funds by fastpay as well as using the sort code checker.

Revolut’s security failures allowed my partner’s entire savings to be stolen . Even though they claim their Confirmation of Payee system designed to protect this did no such thing. The two key points and I also suggest they escalate this to the Information Commissioners Office as your personal date was not being processed lawfully or for its intended purposes along with a number of other principles and articles. They also have a lawful obligation under article 32 of the GDPR to apply adequate controls to protect your money.

The scammer created a bogus Revolut account in their name and then stole the money.

Same story but they dont protect your money. It is now with the ICO FOS but the two things you should be asking are authentication and authorisation : ask very specific questions to their data protection team ( their Data Protection Officer / their email can be found on the ICO web site register search and the banks privacy page) .

Kay says:
18 April 2022

I lost 5000 pounds to a fake revolut account on 17/4/22 and Revolut did not reimburse me and their customer service was painfully casual.Revolut is not bound by Authorised Push Payment Scam Code so we are not protected against APP when using Revolut.