/ Money

New industry code for bank transfer scams: how can it help?

bank transfer

Last Wednesday, the Payment Systems Regulator set out its plans for the design and development of an industry code to better protect people from bank transfer scams and provide a reimbursement scheme to help victims. Here, our guest, Paul Smith, the regulator’s head of policy, explains what it means..

Authorised push payment (APP) or bank transfer scams can have a devastating impact on peoples’ lives and we, the Payment Systems Regulator (PSR), want to make sure everyone is protected.

In the first six months of 2017, over £100m was stolen fraudulently as a result of people being tricked into transferring thousands of pounds to fraudsters. Our new plans are about protecting people by trying to prevent APP scams from happening in the first place and ensuring that banks help customers more effectively when, unfortunately, they do happen.

We’ve set out how we consider the issue can best be tackled, including through a new industry code, backed by the right for customers to raise complaints to the Financial Ombudsman Service (FOS). This will be in place by September 2018, paving the way for victims of APP scams to have better protection.

Better protection

From September 2018, the FOS can take this code into account as a relevant consideration when determining new complaints about APP scams. This means that victims of APP scams can be confident any claim for reimbursement will be given fairer consideration.

September isn’t that far away and so, to help us achieve our challenging timeline, we’ve set up a steering group made up of both consumer and industry representatives.

We know it’s important to bring together the right people to design the code and collaborate to deliver something that helps prevent these scams and works for everyone. The group will start their work this month, and Which? has agreed to be a member, representing consumers.

This is a complex piece of work and there is a lot to do from now until September, but it is essential we see, as soon as possible, a code that is effective in protecting people.

But the design of that code won’t be the end of the matter. Fraud is constantly changing and we expect the code will continue to evolve to keep pace in giving everyone the protection they need.

This is a guest contribution by Paul Smith. All views expressed here are Paul’s own and not necessarily those also shared by Which?.

What do you think about the PSR’s plans to introduce a new code to better protect people against bank transfer scams? What measures would you like to see be included in the code?

Peter Sdellek says:
10 March 2018

I would like to see a scheme where the bank of the receiving account bears the loss so they are encouraged tom weed out their criminal account holders. Bank transfer systems should show who you are transferring the money to and should warn you if the account is not held by a bank under British jurisdiction. For large amounts there could be an escrow scheme a bit like PayPal where the money is held until the service is provided.

I believe that people who are genuinely scammed, but do their best to prevent such events should be reimbursed. But I do not believe that people who give their bank details to fraudsters over the telephone deserve to be reimbursed. How you decide one from the other I don’t know.

This comment was removed at the request of the user

The Payment Systems Regulator report from Nov 2017:
Worth looking at for answers to some comments.

Every transaction is by law traceable so how do they get away with it?
I suspect that certain banks turn a blind eye to law and regulation so they need to be held to account over this and if they do not comply with the law then the status of “Bank” should be removed from them.

I was scammed purchasing Adel tickets, did all the checks and even know what bank the money went into, even tracked down the fraudsters who were part of a multi national fraud group.. Santander did nothing to help, what I want to know is were are the checks and why can’t a bank that transfers funds into a fraudulent account have there own systems in place to be able to claim off the bank that set up the account in the first place

Precisely: The bank with the fraudulent account should be liable where they failed to ensure that the ID used to open the account was correct. I understood that this was a requirement of the Money Laundering Acts.

“We know it’s important to bring together the right people to design the code and collaborate to deliver something that helps prevent these scams and works for everyone. The group will start their work this month, and Which? has agreed to be a member, representing consumers.”

I trust that Which? – who may not have any staffer with knowledge of banking law and electronic payment systems – are able to resource this role as consumer representative. My fear is that, rather like when Which? was involved in the mass-marketing discussions, that they become entwined in non-disclosure and are unable to use the knowledge of subscibers many of whom are or have been bankers and some even to very high operational levels.

“TheRegister” is a very large online community with a daily enewsletter with very savvy members working on the technical side in many industries and I would think their expertise might also prevent bamboozlement.

Perhaps I am being overly cautious but having worked for three of them and having an inside line to a very senior ex-banker I am not overly confident of the banking industries ability to be responsible.

Overall I think that there needs to be a delay in the payment system. Humans are gullible and always will be. However having second thoughts is also a human way to think and unfortunately in a world of nano-second transactions this does not work. Systems should work at human speeds when it is matters of major importance.

Design systems for humans not for machines. Resist calls for instant this and instant that until the benefits and dangers are weighed and a decision made as to an overall benefit.

“Forming this steering group alongside Which? are Age UK, Toynbee Hall, and representatives from the banking and tech industries.” ……… This is Toynbee Halls expertise – financialhealthexchange.org.uk/aboutus/ourteam/

Which? Money Expert, Gareth Shaw, said: ‘The introduction of a steering group, that includes Which?, should help to ensure this much-needed reimbursement scheme properly compensates victims who have been left out of pocket through no fault of their own. ‘While this vital scheme is welcome, the industry must also use other measures to better protect consumers at the point of transfer to stop such scams happening in the first place.’

“No-fault of their own” is a rather unfortunate phrase. If the scheme relies on that phrase then very few would fall into that category of scammed. Most people have pressed the button on a transaction. That they should not have, and had been momentarily duped in some way, is really the problem that many might think needed to be addressed.

I always believe that we should look at how other countries systems deal with financial fraud so we borrow the best ideas. I hope this committee will have the resources to do this.

Just in case you wonder about borrowing good ideas from abroad bear in mind that in Denmark, France and the USA, and probably other countries they can borrow for fixed rate mortgages for decades . In France and Denmark under 2% for 30 years. You might wonder why it currently is not available in the UK though trialed after 2007, when Gordon Brown recommended it, by a handful of small societies.

Shame that the Governement , currently giving billions to the mortgage companies, does not see this as a good way to bump start a system where people can plan very long-term for their finances particularly as currently interest rates are extremely low. Too many people/companies with noses in the current trough?

Surely the interest rate at which money can be borrowed depends upon the current financial conditions? Fixing a rate for 30 years implies that when inflation and interest rates generally rise, those on such long-term fixed rate mortgages will be subsidised by other borrowers to fund the purchase of a valuable asset. I don’t want my taxes used this way.

What I would like to see is local authorities given the ability to borrow the money needed to build traditional council houses, to purchase the land needed at sensible cost (planning permission lies in their hands) and to provide these houses for those unable to afford to purchase, or to pay market rents. Tenants would be asked to pay higher rents if their income increased, and to move into the private sector if their income exceeds the point at which public subsidy is justified. Thus freeing up a property for another deserving family.

Malcolm – I am afraid you have deduced something that is not true. In Denmark the money for the mortgage is raised from a matched Bond where someone invests in the Bond. There is no cross-subsidy. As far as I can establish the bondholder is in the same position as someone who buys UK Treasury stock and keeps it to maturity, or sells it on the bondmarket.

There is no tie to other mortgages.
“Jul 12, 2016 – The interest rate payments and repayments from the borrower are passed directly through to investors. Danish mortgage banks are merely intermediaries and require a fee from the borrower. The fees are denoted in percentage points and can be interpreted as mortgage banks’ margins.”
I believe the margin is 0.5% which compares extremely well when you look at what UK building societies charge for mortgages but pay a lot less for the deposits currently I guess 2% difference

I suggest a simple Duty of Care with rules:
Receiving bank liable if:
1: Account opened with false ID
2: Name of account not supplied when setting up transfer
3: Money not held for 24 hours – maybe exception if recipient account a genuine financial org in the UK – with onus on recipient bank to check.
Sending bank liable if:
4: Customer not warned if receiving bank outside UK jurisdiction
5: Also if 2 & 3 breached when outside UK.
In all cases money refunded as under Direct Debit Guarantee –i.e. immediately.
Otherwise, customer responsible as in if you give cash.

I was scammed of 475 for ticket online to Nigeria through a fraudulent agent,that associated himself to mediview airline last year October to December.

Janine says:
17 March 2018

We were scammed out of £3,000 by someone that hacked into eBay (their words). Neither eBay, our bank or receiving bank would take responsibility. The Police refused to investigate as thee were ‘no leads’ .
If the receiving bank knows the account holders identity and address how can this not be a lead? If the police refuse to visit the address to interview the person in question or verify the validity of the banks info then it is impossible for us to prove that the bank has failed to carry out proper ID checks.
I think they are all working hand in hand to deflect culpability.
I got the impression that someone stealing money from you is no longer considered a crime by the police.
That attitude of the bank was that we were negligent – even though we are exceptionally wary people and this was an extremely complex scam.
Bay just didn’t bother to respond at all.

Adler Frank says:
21 March 2018

I got in a really a bad situation recently when i mistakenly transferred the sum of GBP 890,500 into a fraudulent acccount in the office. i did not only loose my job i also went to the bank and the bank said they could not do anything about it and was soiled in debt. I was very devasted and depressed. I was in a really bad place and was desperate for solution.

[Sorry Adler, we don’t allow promotional content on Which? Conversation. This is explained in our community guidelines will be edited or removed. Thanks, mods]

Hi Adler, thanks for your comment. Just to note that we don’t allow promotional content on Which? Conversation. I’m sorry to about what happened and I hope that you’ve had the right support and the matter has been resolved for you now. This is exactly why we’re campaigning for better protection for scams victims.

If you require help with debt or money advice, please do take a look at this page here: https://www.which.co.uk/money/credit-cards-and-loans/debt-and-how-to-deal-with-it/guides/free-debt-advice-contacts

Brian says:
4 April 2018

As far as Ombudsman are concerned, those set up so far are private companies (e.g. Energy Ombudsman) and seem to fall well short of impartiality and legal competence – in short we need an ombudsman to protect us from the ombudsman!

I deduce from reading up and assessing some of the really insightful comments on this very popular and enduring topic that innovative and progressive technological advanced banking procedures have enabled the financial institutions as a whole, to operate more efficiently by cutting back on outgoing expenditure through online banking and by branch closures, but have failed to consider and protect the financial interests of their customers in the process.

The new banking code needs to focus on evaluating and putting the interests and potential risks to their customers first and foremost before proceeding with any new money saving technological developments that could allow fraudsters easy access to their accounts, before their own.

To illustrate my point – on this mornings BBC news, we have Mark Zuckerberg, Facebook CEO, current worth US $62.2 billion, apologising for failing to protect the data of its users from hackers. A classic example of the rapid technological advancement created by innovators who put their own interests before the personal interests of their users. Can we expect banking CEO’s to follow suit? I very much doubt it!