/ Money

Been scammed? It’s all on you!

Bank fraud

Royal Bank of Scotland’s CEO has said that customers need to take more responsibility if they are conned by online scammers. We think there’s a lot more they should be doing to protect you from sophisticated scammers.

The Chief executive of Royal Bank of Scotland has reportedly warned victims of bank fraud not to automatically expect refunds.

Speaking to the Daily Mail, Ross McEwan has suggested it was not wholly the responsibility of banks if customers provide their account details to fraudsters.

He told the paper: “We are working very hard to help customers detect when there are difficulties, but I think this has to be in partnership with the customer and with the bank.”

Of course, there will be times when people could have taken reasonable steps to protect themselves, or have acted with gross negligence, and need to accept responsibility for that. There is a role here for educating people to protect themselves from some of the risks, but it can’t be a blanket approach or the only measure to address the problem.

We wrote to the banks earlier this year to ask them what progress they’d made. The overwhelming response from industry was that focus remains on educating consumers to better protect themselves.

The industry is being required to do more, and banks are looking at best practice for responding to victims and how to better share information. In the meantime, we’re still hearing from people who’ve lost huge sums money to scams that have been incredibly difficult to spot.

Agnes said:
‘I fell victim to a telephone banking scam in which I transferred £20,000, unknowingly to a fraudsters’ account. Within 20 mins of realising what I had done I alerted RBS, who assured me an immediate stop would be put on the transfer. I later learned when speaking to my bank manager that no such stop had been put on the transfer and indeed nothing had been done until some six days later, by which time any hope of retrieving our money had long since gone.’

Scam paranoia

Probably the most stressful experience of my life, so far, was the day I finally transferred my deposit to my solicitor in order to buy my first home. I’d always known I wanted the security of my own house (OK, flat – it is London after all) so had saved hard for years, often living in rubbish places to keep the rent down so I could build up a deposit. I’d just managed to get enough to be able to afford a small flat outside London weeks before prices shifted up again, putting everything out of reach.

At the time I was paranoid I was going to send it to the wrong account, but it never crossed my mind that someone could have hacked into my solicitor’s emails and sent me the account details of a fraudulent account instead.


Thankfully that hadn’t happened and nearly two years on I’m happy in my little flat, despite a DIY to-do list as long as my arm. But for many people that dream of a new home turns into a nightmare when they realise the account they’ve just transferred their life savings to doesn’t belong to their solicitor, but to a fraudster – and they have no legal right to get their money back from the bank.

Impersonating a solicitor to con you out of a house deposit isn’t the only scam that tricks people into transferring money to a fraudster. That’s why, last year, we issued launched our scams campaign and issued a super-complaint to the Payments Systems Regulator (PSR), who agreed there was a lot more banks should be doing to protect their customers.

Do you feel educated enough so as to not fall victim to a scam?

No (64%, 4,148 Votes)

Yes (36%, 2,351 Votes)

Total Voters: 6,499

Loading ... Loading ...

This is not just about refunding consumers when things go wrong. There are things banks can be doing to prevent the customer losing money in the first place, such as bringing forward the introduction of ‘Confirmation of Payee’ that checks the name of the account holder where you were sending money to ensure it matched.

PSR report

The PSR is due to report back in the coming months on what progress banks have been making to better protect people since the start of the year. As our CEO Peter Vicary-Smith said earlier this summer, this is an opportunity for banks to step up and address this problem themselves. This doesn’t have to be a chore for industry, banks could even see it as an opportunity to compete to be the best on handling this issue for its customers.

But if they fail to take this issue seriously they are leaving the regulator with little option but to intervene. We would expect the regulator to take strong action to protect consumers from this continued risk.

Do you think it’s right that banks are putting all the responsibility on you to spot when you are being scammed?

Comments
Mr Inman says:
11 August 2017

I’ll have to admit to feeling a bit misled by the email I got from Which? about this. The impression I had was that this was referring to investment by the banks: banks (especially RBS) are guilty of some thoroughly reckless decisions on this, so I voted that money invested by the banks should be entirely the responsibility of the banks.

What I didn’t realise was this was to do with security of customers’ personal accounts. If the entire responsibility for the security of these lies with the banks, then it becomes more likely legitimate account holders would be prevented from accessing their accounts through prohibitive security measures. Protecting customers from scams requires a bit of work from both banks and themselves, I think.

Wait until Open Data regulation take effect – then we’ll all be in trouble!

Nicholas Evans says:
11 August 2017

I am 72 years old. As time goes on the odds are that I shall become more susceptible to scams not less. For this reason I have resisted the many attempts by my bank. ironically NatWest, to encourage me to use its on-line system to make payments. Instead I have made payments in batches by going in person to my local branch. They have now closed this local branch (in a town, not a village, and one which even houses the local authority for the County!). So far it is the only one of the major banks to do so but, given the continuing mindset of our banks, (RBS historically, in my opinion, having been the worst), to focus on money for its shareholders and directors ahead of service for its customers, and to follow each other like sheep, I fully expect others to follow and for RBS to praise itself for being the first, rather than apologise. I believe that the banks have a duty to protect the money we deposit with them and to take responsibility for any defect in their systems which fails to give, and to continue to give, this protection.

Nicholas NatWest is part of RBS I should know I very recently had dealings where I was dealt with by NatWest employees working for RBS who were able to help me . RBS is owned by HMG (73 %) but is likely to sell-off its shares at a tremendous loss ( whats new ? same old sell at a loss to attract -well what are Yuppies called nowadays ? ) Who loses out – one guess ?? — why you the British public. It doesn’t take a City accountant to work out who will buy the shares – goodbye UK owned -hello America owned . Whats left to sell off ?? why our souls to Beelzebub but then they aren’t worth the birth certificate they are printed on.

Dawn says:
11 August 2017

Correct me if I am wrong is it not the royal bank of scotland who lost so much money and had to be bailed out by our government. They are a disgrace and both them and Nat West should be made more responsible and take control instead of passing the buck to their customers who do their best not to be scammed. It is also laughable that this bank who still owes the taxpayer for the bail out and are still working at a loss talk about the oot calling the kettle black.

John T Temple says:
12 August 2017

If I take responsibility for looking after someone’s precious children or goods I automatically become it’s guardian,
That means I take full responsibility,
And that means not just the good bits of the responsibility,
They have our money and they make a lot of money by using our money for there gain,
If they want the good bits of money holding then they must take the bad bits as well

But, John, supposing the parents of the children in your care ask you to take them to a party, give you the wrong address, and that is inhabited by not nice people that you do not realise at the time. Who is responsible – you? Or the parents?i

june says:
12 August 2017

Having been the victim of scammed. I can assure you that these people are extremely clever and convincing. I am by no means stupid but I fell victim to these terrible people who preyed on my good nature and my honesty. They manipulated and abused me emotionally to the extent that I feel unsafe everywhere.

Helen says:
12 August 2017

With any payment I set up on internet banking I send a small payment of say £1.00, check that it has arrived successfully, perhaps make a phone call to the person involved. Only when I know the small payment has arrived successfully would I send the larger payment. I’ve worked in the banking industry for over 20 years and have seen first hand how payments can end up in the wrong account by accident let alone when sophisticated scammers get in on the act. It is frightening how fraudsters can get hold of enough information to successfully get through the security questioning and try to pass themselves off as a genuine customer.

Some of us have done the same but I wonder why this advice is not provided by every bank.

And have Which? provided this advice? Anyone provide a link please?

Hi Helen – You mention that fraudsters can easily get hold of enough information to get through security checks, but do you know if standards differ significantly between banks. Obviously I’m not looking for names.

Having used various online accounts with banks and building societies, the security of the login procedure seems better for some than others.

Some years ago when opening a new account (probably a building society), I had to take a photo of myself and several items of proof of where I lived to the local post office who then endorsed it.

It seemed over the top at the time but I haven’t been asked to do this since. Anyone else come across this?

Arthur D Hyde says:
13 August 2017

It is very easy to fall for any Scam. The Scammers are very well trained! I have told hundreds of students how to look out but I was still ‘taken in’ by a MS Phone Scam for 15 minutes. Never believe it won’t happen to you.
With Banking, the Banks make the rules and encourage us to do these unsafe operations.. They should then take full responsibility. They have the choice to change the system but, at the moment they make more profit by letting the customer pay. ADH

John Tait says:
13 August 2017

When someone is scammed by a bank transfer the Scammer has opened an account to take the deposits
The Bank receiving the payments should be responsible for ensuring that their client is Bona Fide and not a scammer
I would say when scams do occur they should have to refund all the money unless they can show its not due to their inability to correctly vet the applications
Also when a bank transfer takes place the sending bank should be responsible for recovering that money from the bank who took the transfer

We bought a car and the dealer asked for a bank transfer which I was very unhappy about because if the sales guy made a one digit mistake or I did then the 10K could disappear into the ether while all the parties washed their hands of the problem
It went through OK thankfully but there needs to be some really robust set of checks and balances not just lets punch in the number and press send
How can that make sense?

bishbut says:
13 August 2017

No technology is 100% secure When a new way is found to improve security some one starts to discover a way to beat it Not just rogues it is a challenge to some Make use of it but do not trust it at all many things can go wrong Somebody once said—-IF anything can go wrong it will —-sooner or later

Sue Sturt says:
14 August 2017

I certainly feel the elderly and vulnerable should be particularly protected, as many are not completely computer savvy and too trusting. These accounts should be flagged up, and no unusual or large transactions on accounts should be completed until they have been fully investigated by the bank.

George says:
14 August 2017

Who needs banks? Bitcoin all the way. Resaearch it!

Mark Gentry says:
16 August 2017

From a layman’s point of view I find this type of rebuke from the Royal Bank Of Scotland hard to take, given the way it has been reported by the media over the last eight yearsI mean The continual crisis it seems to have in over the past years when led by others in charge of the Bank at the time. Perhaps if it came from a bank that had been led by good stewards in the past ( Leaving a company or organisation in better standing and condition than when they took there directorships or chairman ships.) I would accept it, as we all are responsible for, in part, for our security.
In any company dealings there should integrity (honesty uprightness.) Are you old enough to remember when banks and managers were considered pillars of society? Gods word to us the Bible was the basis of our society in years gone by, Was there more integrity in business then? Perhaps we should dust the old book down and as a society have a read. The chances are there’s one laying around in our homes, normally an older relatives ?

alan cowell says:
19 August 2017

I lived in Spain for 30 years and for the last 10 years the major banks operate the following system :-
Every time you make a transfer, use an ATM machine, pay at a petrol station or make any purchase using your credit card, you receive a text message to your mobile within 25 to 30 seconds, therefore alerting you straight away that your card has been used.
The text states which company took the money and the time and date of the transaction.
If you receive a text and you know you did not make the transfer or use your credit card you can call your bank immediately to inform them and cancel.
This saves the banks millions paying out to customers and allows you to contact the bank straight away if your card has been used without your knowledge.

Patrick Taylor says:
19 August 2017

Seems sensible. The Credit Agricole in France confirm card payments and DDs over the internet though possibly this could be by SMS instead.

The cartel of the UK banks has for years being arranging matters to their own benefit.

Scottie says:
23 August 2017

One votes a particular way and Which? has the audacity to inform me about someone who HAS been scammed.
What percentage of fraud carried out is the bank’s fault? More public information films need to be aired to inform people that Microsoft don’t call people about virus’, banks don’t ask for passwords, etc.

I have just been informed that -711million passwords+email addresses have been hacked ( more info if required ) . This has led to emails being sent out asking them to click on to confirm their banking details , as this is a major cause of many losing money to help them I have a website that will check too see if YOUR data is on their list . This is an excellent checker and no it isnt a tracker( no serious malware type trackers ) or malware website just make sure you check DIRECT not via cnet or others . : https://haveibeenpwned.com/ make a note of this URL it will help many who dont understand how hackers can get your data , just input your email address and click on and , if you want they will email you if your data is breached . Top 10 data breaches exposed =-nearly 5 million pwned accounts and more. I have just checked the URL I posted and yes its kosher.

I recognise that from the BBC news: http://www.bbc.co.uk/news/technology-41095606

Not doubt other sites will give more detail.

Your right Wavechange its the same story I got mine from a US security website that emails me. The test URL is still “good to go “.

Many will rightly be wary of messages about security issues that invite them to access unfamiliar websites, but might trust an organisation such as the BBC. The BBC page gives the same link. I appreciate your efforts to keep us informed about security matters because I suspect that many don’t believe that they could possibly be affected.

Sorry Wavechange I dont trust BBC websites . On the one you posted there are 5 tracking Jscripts / 1 WEB-BUG 2 other trackers and thats only one protection app .On another 6 trackers are blocked and NO Script app on another browser has blocked a host of tracking J scripts so much so that it will only allow text to be displayed . So ,in essence , the URL I posted has much less deep tracking than the BBC who , no matter how high a regard you think of them are not the “angels ” most people think and that is only scraping the surface I have more technical trackers that are deeper installed on their websites . So much for “the Peoples service more like Third party service and I dont mean the old radio waveband that played classical music. I believe in the British public being told the truth upfront no matter how “ugly ” it seems .

Fair enough, but I expect that people will trust the BBC more than anything that you or I or any unknown person might post on a website.

Websites generally mention they use cookies but what I would like to see on every website is an honest and up to date explanation of what information is used for.

Which? has a host of trackers but does explain why. But I agree; the BBC is inherently far more trustworthy than many other sites. What is interesting about the linked site is that you have to type in your email to see if it’s been ‘pwned’, which is exactly what scam sites ask you to do. And, in the past, sites like that have been ether hacked or taken over or – in some cases – are already being run by scammers.

So I treat with incredible scepticism being asked to enter my email address in a site of which I’m not extremely sure.

bishbut says:
31 August 2017

Stop one or more scams ok but there will other scams waiting in the wings just to take their place Can anyone win but the scammers ??

How about the biggest “scam ” of them all since -2006 Intel and since -2013 AMD who design CPU,s have installed back-doors into them originally to allow updates etc to be made but both the NSA+GCHQ have been given the codes to access any computer and see what you are doing and make changes to your mouse/keyboard and any ancillary . This applies to both types of mobile phone systems . In Intel,s case its the Management Engine that allows this . The problem , if you think official control of your computer is “okay ” is that guess who have got wind of it and are using it ? All aspects of your computer are an open book even when you switch off they can switch on again . When I downloaded the info after 30 seconds a blocker came up ( nice ) but I have it by other means.

Duncan, I think the best way to avoid those back doors is simply to use old PCs with pre-2006 designs. I have no shortage of those here, but do also use a couple of newer i5’s now and again.

Your right of course Derek , I have a spare PC with a pen 4 CPU and I stuck 32 bit Ubuntu on it. , slow but it works ( lack of memory ) at least I know they arent controlling it as I use it . I have downloaded the details to overcome this but , no dice , you need a degree in computer design + the associated electronic equipment + all the keys/passwords to gain access to the basic firmware programme in the CPU , even then one slip and you have bricked the PC . Good as my brain is this is beyond me. Its just the slyness of it that annoys me – the 5 “Eyes” in action . The latest news is the NSA dont even need back-doors now. I am now in the market for pre 2013 AMD chip PC,s although they are not as good as Intel I would rather have a slow PC than somebody playing tricks on me as I use it.

At least these old PCs are nice and cheap. I even managed to acquire a 2008 MacBook for £100 a couple of weeks ago. It has a nice fast 2.4GHz Core2 Duo CPU. Whilst its version of OS X is no longer supported with security patches by Apple, “upgrading” these machines to run a modern, supported version of Linux is a simple matter.

This is a good step. I have had no problems with Bank so far. Unfortunately I was a victim of a online scam, through Facebook, most of my hard earning savings were lost. All gone by Western union and money gram. Though the matter was reported, nothing was done. I am still suffering.
I wish there is more help from Western union and money gram for public once scam is reported.