/ Money

Update: Do you support our super-complaint on scams?

Bank transfer scams

Imagine this: You’ve had some building work done on your house and you’re arranging to pay the builder. Then you receive an email from your builder informing you that their bank account details have changed…

You transfer the money to them.

Later on, you find out the email was from a fraudster.

They had made their email virtually identical to the ones that you’d received from the builders before. You’ve been scammed – and you’ve got no right to get your money back from your bank.

Bank transfer scams super-complaint

Which? is using its legal powers to make a super-complaint to one of the financial regulators – the Payment Systems Regulator (PSR). We think banks need to do more to protect customers who are tricked into transferring money to a fraudster.

Some people might well think ‘that’ll never happen to me!’ They might say that people who are scammed should simply get better at protecting themselves.

But it’s an issue that comes up time and time again, with some people getting conned out of their life savings.

You only have to read the harrowing real life stories in our super-complaint to realise that these scams are often so sophisticated that it’s impossible for people to be savvy enough to completely protect themselves. And the people being scammed are not only the stereotypical vulnerable groups; they are often financially and technologically literate.

When we asked over 1,000 members of the public if they could spot the difference between real and spoof emails, we found that 50% of people were fooled by these sophisticated scams. Ultimately, people can only protect themselves so far, and with scams on the rise, we all need greater protection.

So what do we want?

Which? thinks banks should shoulder more responsibility for money lost to bank transfer scams. It’s unfair that customers who lose money due to scams via direct debit or credit and debit cards are reimbursed, for example, but not bank transfers. This would give banks an incentive to develop better mechanisms to prevent the fraud in the first place.


 

Update: 12 October

Alex Neill, our Director of Home and Legal Services, appeared on Rip Off Britain this morning (12 October) to talk about what action is needed to protect us all from scams.

After hearing the tragic tale of a scam victim who was tricked into transferring £77,000 to scammers posing as solicitors, Alex explained how banks can and must go beyond just protecting themselves from paying out against scams.

Banks already protect their customers for credit and debit card fraud, but there’s clearly need for them to improve their security processes to protect their customers from bank transfer scams.

That’s why we’ve made our super-complaint to the Payment Systems Regulator [PSR] . If you were tricked into transferring money from your account to a scammers’ account then you have no legal right to get you money back from your bank.

The PSR now has 70 days remaining to respond to our super-complaint.

Clearly, this is a complex issue. This is why we need financial regulators – not just the PSR but also the Financial Conduct Authority (FCA) – to work together and address our concerns.

What would you like to see the regulators do to help prevent fraud?

Comments
Guest
Kit S says:
21 December 2016

Scenario 1: A bank makes a mistake – the mistake of paying some money into your bank account. The bank realises the mistake, and asks for the money back. Can you refuse? No. You are not allowed to keep the money – you must pay it back.
Scenario 2: A victim of fraud makes a mistake – the mistake of paying money into the fraudster’s bank account. The victim realises the mistake, and asks for the money back. The fraudster’s bank asks the fraudster to return the money. Can the fraudster refuse? Yes. (This happens all the time, hence the super complaint). The banks have prioritised the fraudster’s instructions over the victims, and the fraudster keeps the money.

Guest
Richard says:
8 August 2017

The problem is that by the time you realise the fraudster will already have moved your money on, probably overseas. The account you transferred the money into may just belong to a mule.

Profile photo of KitS
Guest

I worked for over 20 years in a bank. Banks have a duty of care to protect customers from loss. In my opinion, the fraudster’s bank should be the one liable for the loss of money obtained by deception. A fraudster will either need genuine ID to open a bank account, in which case the fraudster can be traced and prosecuted. Or, the fraudster will use fake ID, which the bank should spot and reject. A fraudster can’t scam a victim out of money if they don’t have a bank account to receive the money. Banks have security checks in place to prevent accounts being opened fraudulently, or for fraudulent purposes. If a fraudster opens a bank account, it means that the bank has failed to complete the appropriate security checks. The bank’s inability to prevent the fraudster’s account being opened or being used for suspicious activity facilitates the crime, hence it should held be responsible for the victim’s loss. If banks know they will be responsible for the loss, they will be more diligent in identifying fraudsters at the application stage.

Guest
Elizabeth Astley says:
21 December 2016

Hi I was scammed out of £8,200 from an advert in my local press have been down all the routs open to me to try and reclaim my money banks should be liable as even with proof from metropoleten police that the account I paid money to was opened by a person who was not registered at address given or indeed in this country so Barclays opening bank account policy’s are not very effective and financial ombudsman won’t do anything unless the grievance is with the bank you hold accounts with anything I can do I will I hope that the banks will be made to account for their shortfalls in opening of mule bank account s

Guest
Reg Parker says:
18 January 2017

After being caught in a scam in which I was sent headed notepaper of a fake company, it’s name differing by only one word from that of a genuine one, as money goes through the banks, could they not program the names of real companies, so that the fakes are identified and banks have an agreed response to identify and locate potential fraudsters. A watching brief is possible, via databanks, but specific regulation and response mechanisms all need to be devised and function. Their must be penalties even for intention to defraud, otherwise it is attractive. Did not HM Govt cut their watch on scams to save our money? That, too, could be argued for reinstatement.

Guest
Deirdre says:
1 February 2017

My mother who is 79 years of age, was scammed out of £11,000 by an unsolicited caller.
It was only by good fortune that they didn’t get the rest of her life savings.
She heard a radio programme about these scams just before she transferred the rest of her savings.
While the police and bank have gone through the motions of being helpful and sympathetic, she’s lost her money.
When I went on holidays to Peru recently and tried to use my Credit Card, I was blocked.
Why? Because if the card was being used fraudulently, the bank was at risk of being liable!!!
So why, oh why do the banks not look at an extremely unusual bank transfer in the same way??
Because they are not liable and really don’t give a sugar?
All that needs to happen is that if an unusual transaction is flagged up, that questions are asked and a time-lapse is enacted.

Guest
Jasper Lawrence says:
29 March 2017

Banks basic function is to keep their depositors’ money safe. The only reason I have a bank account is to store my money, Visa and MasterCard can syphon my money out of any repository to enable me to easily spend it. They are separate from the banks.

They use “business intelligence” (BI) software and appliances to milk every penny out of us by recording our transaction characteristics to enable them to offer us products and services based on the patterns and characteristics these systems track.

They are capable of stopping my card if I go over their limit, a limit conveniently beyond the one I agreed to when I signed up by the way, which they allow for a fee on each and every transaction they choose to allow. they seem able to stop me spending more money very precisely when it suits them and their fees, but not when it suits me.

Fraudsters, those that are not banks clearly, should be as easy for the banks to detect, as well as transaction types commonly associated with fraud as it is for them to target us based on our spending patterns, etc. How is it that an OAP can possibly be allowed to transfer the ENTIRE contents of their account, probably using a method like online banking or telephone banking they do not commonly (in some cases have never used) use, to a third party account in one go?

To claim no responsibility in these types of situations is insulting to our intelligence. It shows that their predatory cultures, that lead to Libor fixing, market collusion on interest rates, wholesale money laundering, PPI lying and fraud, etc., etc, etc., are still in place.

Protect our money you jerks, it’s what we pay you for, and when you blow it own it and compensate those whose money you allowed to be stolen. It isn’t like making sure retirees aren’t ruined by your lax standards and procedures is going to materially affect your multimillion annual bonuses, is it?

The nerve of these people.

Guest
Jeanne says:
7 April 2017

I understand that under current law, banks are strictly liable for all losses due to debit card crime. The law should also make them strictly liable for refunding money taken out of their customers’ accounts by scammers. In most cases scams originate through information obtained by fraudsters who have gained unlawful access to information about their victims through access to cards and other banking information, so the law relating to cards should be extended to cover bank transfer scams.

Guest
A. James says:
16 May 2017

Regarding Debit Cards, I found that when I wanted to cancel a Debit Card DD arrangement with the bank they refused, saying only the beneficiary of the DD could do so. The trader was OK and complied with my request, so all was well, but had the trader been a fraudster I’d have had no control over my own account.

Guest
Himanshu Sharma says:
28 April 2017

https://newage-bank.com. registered as NEW AGE BITCOIN LTD has done very big scam. On this website any individual can invest in the form of Bitcoins by purchasing different cards with different validity periods. Rate of return on buying these cards was ranging from 200%-500%. That means anyone whosoever invests can double, triple or multiply their Bitcoins by 5 times based on different validity hold on that investments.

Now this company has given these returns for almost more than 45 days. All of sudden on the eve of Good Friday on 14th April, 2017 they have stopped giving withdrawals. People have thought this might be a temporary issue with the website. So it would get recovered. However on 21st April, 2017 their website got disappeared. Now here is not the end of this scam story. People are even taking an advantage of this situation to do more scam by building another website & gaining money from public to get their refunds.

Now I have tried to report this to Action Fraud. Their support advisers have confirmed that they cannot help in reporting this issue. They suggested me to this website. Now Aleksandra from Support has given me this link. Being a Non-citizen of UK they cannot help me. I am not sure what I am suppose to do. Because suspect is a resident of UK.

As per the details has been supplied by suspect on their website https://newage-bank.com.
https://beta.companieshouse.gov.uk/company/10632891.

Company Registered Address:
68 Hatton Garden, London, United Kingdom, EC1N 8JY

Director of Company (KAI WALLIS) Address:
428 Southcroft Road, Streatham, London, United Kingdom, SW16 6QX

Contact # +442070433810

I have dependent old parents. I have lost my job. Have kept my savings with them thinking that would help me to sustain for some period unless I get good job. Feeling helpless & cheated. Don’t know what to do & I am sure that I am not alone. There would be certainly poor UK residents who must have also got caught by these fraudsters.

Guest
a.hall says:
21 May 2017

We have just been paid compensation for PPI Insurance Policies we knew Nothing about. Halifax, Bradford and Bingley, and Cheltenham and Gloucester. But mainly the Halifax. We took out one PPI Policy and were paid for Seven we knew Nothing about.
NO Bank has been Prosecuted for PPI. Mis-Selling Balderdash; it is Fraud.

Guest
Sheila Clark says:
4 June 2017

I feel that banks need to be very careful where compo is concerned, after all an awful lot of folk fall for scams, yet every where you turn you are bombarded with warnings yet people STILL give bank details out over the phone for instance. Also why give building work to folk at the door. Ask Help the Aged if you are elderly for advice – they have lists of reliable people. Always remember scammers are clever people and nobody is completely safe; but there is being careful and being stupid.

Guest
Alexander Donis says:
6 June 2017

I have to say that the “test” for spotting fake emails to see if they are scams or not is a very poor test. I have many ways of checking if an email is a scam or not. Often there are rollovers on buttons on emails. By rolling over but not pressing, you can see where it goes. You cannot do this with your test. I can check source code. Where it cam from and a whole lot more without opening up any email.

Guest
Richard says:
8 August 2017

I agree entirely. I got two false negs purely because I wasn’t given sufficient information to accept the message as genuine. The recipient names were blacked out so I didn’t know if the message was addressed to me by name. I couldn’t see if there were any attachments (usually zip files) and I couldn’t see the actual URLs under text links and buttons.

You’re absolutely right. If in doubt check the message source and headers so you can see where it came from. Better still, use a plain text mail client that doesn’t follow external links or execute any active content.

Guest
Steve says:
10 June 2017

Banks don’t care. Police don’t care. The bank receiving the money should be made liable if a fraud is proven. The banks helping these fraudsters would think twice before releasing the ill gotten gains to the fraudster if the bank was made liable or charged with aiding & abetting the crime!!!

Guest
Guy says:
13 June 2017

I work for a a fraud department for a UK bank dealing with Faster Payments. I will not defend the banks customer servicing as its shockingly poor on so many levels. However there are some plainly incorrect satements in some of these comments that are big contributors to fraud prevention. When it comes to straight forward fraud the bank will become the victim and refund your money within legal timescales. The bank then recovers the money for itself if possible. This is often easiest with credit cards as chargebacks to retailers can be done.

However when it’s a bank to bank transfer like Faster Payments the ability to recover the money is reduced. The bank will still become the victim and you will get your money back within timescales. The benefit of the doubt is with the customer.

Now when a customer is socially eningeered or scammed, and it’s done by bank transfer, recovery is unlikely. Firstly the fraudster can move the money quickly- within 2 hours. Secondly the beneficiary account is sometimes a second victim account. Thirdly money paid to Moneygram or Westerunion means it has gone international.

The bank I work for will fraud check against this type of fraud. The problem is it is the customer who makes or authorises the payment, provides remote access to their own device and logs into Internet Banking on the fraudsters behalf.

The only reliable way to protect people against this is to interrupt payments that match the MO and verbally speak to the customer about your concerns.

Some people are appreciative of the checks but others are resistive, abusive and downright lie. The bank I work for does more often than not provide refunds in this situation. I have even seen people be refunded despite been given forewarning they might be about to become a scam victim.

Banks have not helped themselves when comes to communicating with customers and underresouced serivce levels. However when comes to fraud prevention a lot of customers could do with some better communication themselves. What doesn’t help is failing to answer security questions and saying. “Why are you stopping me transferring MY money”. People will log official complaints that the they felt their payments were interrupted unfairly because it is “clearly me making the payment”.

What might help everyone through is if Faster Paymets worked a bit more like mobile payments. When you make a mobile payment to a phone number the beneficiary details will automically show as they have been recorded on the beneficiary debit card.

Straight out Faster Payments are determined only by sort code and account number. It would be helpful to see the same info in this payment type as a mobile payment.

Guest
Agi says:
3 August 2017

Banks will not refund you if you are a victim of fraud where authorised BACS payment was made as they are no under legal obligation to cross check account holder name and bank account. Even where it is clear fraud was committed and money paid to fraudster account not the intended recipient – banks will hide under data protection. Act. They won’t even reveal the identity of the account holder. The money is very often cleared by the time victim discovers the fraud and banks will do nothing to help. Trust me – I’ve been there.
Fraud Act 2007, Money Laundering Act, The proceeds of crime Act should give customers greater protection and hold banks liable for creating fantastic platform for fraudsters – reality is different. Banks are under obligation not to facilitate fraud but in reality they do absolutely nothing. There are inconsistencies in liability as rules in cheques, credit cards and bank transfers differ. You are not protected if banks transfers your money that you authorised as only the sort code is checked.

Guest
sandie says:
3 September 2017

I have just become victim to the bank transfer scam, the customer service number matched the one on my debit card, which I later rang only to find out the number had changed, the day after husband checked his card and his debit card was issued a month before mine had new number on, so whose is at fault here. The bank don’t want to know

Profile photo of alfa
Guest

Hi Sandie, Sorry to hear you have been scammed.

Are you saying your bank changed a phone number that is now being used by scammers?

Profile photo of John Ward
Guest

I think if that is the case the Financial Conduct Authority needs to become involved.

Sandie – if your bank denies any responsibility, or refuses to consider your complaint, you should take this up with the Financial Ombudsman Service.

Guest
Moir79 says:
16 June 2017

Banks are complicit in fradulent activity. HSBC being an example of a company that made healthy profits through facilitating money laundering. Nothing will change unless there is forceful legislation, as banks will pay the paltry fines levelled against them as a cost of doing business.

Profile photo of duncan lucas
Guest

Banks have never been “upright ” Moir they have always been into covert deals , guess who financed Hitler in the 30,s ?? but the big ones are “too big to fail ” and the public bail them out both here and in the States . Invest in gold Moir safer than fiat money the US public are doing it now two US States have Legislated to make it legal tender – now that puts “the fear of death” into big banks and the biggest lenders in the world -IMF/WB/ECB. Russia isn’t stupid its building up very healthy gold reserves and China is doing the same. From the information I get in America dont be surprised if another crisis happens.

Guest
Tina says:
10 August 2017

Whilst consumers are bullied by the councils, banking industry and utility companies to have direct debits instead of standing orders there will always be an easy opening for scammers to access bank details and use them illegally.
It is not rocket science. The companies make it necessary for us to provide all personal and banking details to ‘someone’ on the telephone, these details are in these companies hands.
If people could use the standing orders system this is in their personal control and only the bank have all the details. It is an abuse of our human and consumer rights to enforce the direct debit system, which leaves us no control whatsoever and puts our personal and financial information out there making us more vulnerable than we need to be.
For this reason alone I believe the banking industry should take full responsibility for anything that goes wrong.
The Direct debit system is is after all the banks system and it follows that it is the banks responsibility.

Profile photo of wavechange
Guest

This Which? article suggests it should be possible to obtain a refund in the event of fraud related to direct debits and standing orders. I have numerous direct debits and cannot recall having arranged one using the phone.

Guest
RGradeless says:
12 August 2017

It is a very difficult time if bank customers their funds through transfer fraud but it is not the bank’s fault. if I give a legitimate instruction to the bank I would expect them to carry it out, not conduct a forensic investigation in my state of mind.

I think the regulator is right in saying that banks should not be responsible for money lost in bank transfer scams. If banks were made responsible, they could remove online banking facilities from vulnerable groups eg the elderly or those who had already reported a fraudulent transfer, or delay genuine payments while they make investigations. In addition it would lead to fraud where people conspire to transfer money and then claim it was transferred fraudulently.

The Bank of England or the Royal Mint don’t pay out if someone makes a claim against them for cash lost as a result of fraud. Or perhaps another super-complaint is needed.

Guest
Anna says:
31 August 2017

I disagree that it is not the banks’ fault. Banks created the system and gave fraudster fantastic platform to hide under Data Protection Act. If I am making a transfer to Mr Block I expect Mr Block not Mr Fraudser to receive my funds. I really should not care which bank Mr Block banks with – I am simply making a payment to that person not to an account that I do not know does not belong to Mr Block but Mr Fraudster. Banks should cross reference all information on the remittance including the name of the account holder. This would be simple and very effecitve way of stopping transfer fraud. In 21st century and advanced technology it should not be too difficult to create. If someone stole a cheque issued to another person, they would not be able to cash it (if they did – bank would be liable), so why if a transfer is made to a person a totally differfent person (but with the account number you are making the transfer to) is able to receive the money. The receiving banks should be liable or at least flag up to sending bank that the account holder name differes to the one on remittance advice.

Profile photo of malcolm r
Guest

The banks are looking at ways to include the account holder as part of the transfer confirmation process. It is not as simple as it seems – earlier comments have discussed this and given a link. One proposal is for the bank to notify the payer of the account name that matches the sort code and account number they – the payer – is proposing to credit. This would allow the payer to decide whether to proceed with the transfer, or not. This leaves the payer in control of the transaction and the opportunity to do any further checks. I hope this will be implemented. But nothing will be foolproof.

Guest
Jackie Carpenter says:
24 August 2017

I think the bank that I was tricked into transferring money to should reimburse me. They should know who opened that account as you need ID to open an account. So they should be be able to pursue that individual. It seems that I can’t take any action against that bank.

Guest
Dave says:
24 August 2017

I was conned in the computer fixing “Microsoft” scam and lost £650.00 over it. The Government should make a law that allows us to reclaim from the thieves all the funds that have been lost to us with a payment of interest against them as well.