/ Money

New industry code for bank transfer scams: how can it help?

bank transfer

Last Wednesday, the Payment Systems Regulator set out its plans for the design and development of an industry code to better protect people from bank transfer scams and provide a reimbursement scheme to help victims. Here, our guest, Paul Smith, the regulator’s head of policy, explains what it means..

Authorised push payment (APP) or bank transfer scams can have a devastating impact on peoples’ lives and we, the Payment Systems Regulator (PSR), want to make sure everyone is protected.

In the first six months of 2017, over £100m was stolen fraudulently as a result of people being tricked into transferring thousands of pounds to fraudsters. Our new plans are about protecting people by trying to prevent APP scams from happening in the first place and ensuring that banks help customers more effectively when, unfortunately, they do happen.

We’ve set out how we consider the issue can best be tackled, including through a new industry code, backed by the right for customers to raise complaints to the Financial Ombudsman Service (FOS). This will be in place by September 2018, paving the way for victims of APP scams to have better protection.

Better protection

From September 2018, the FOS can take this code into account as a relevant consideration when determining new complaints about APP scams. This means that victims of APP scams can be confident any claim for reimbursement will be given fairer consideration.

September isn’t that far away and so, to help us achieve our challenging timeline, we’ve set up a steering group made up of both consumer and industry representatives.

We know it’s important to bring together the right people to design the code and collaborate to deliver something that helps prevent these scams and works for everyone. The group will start their work this month, and Which? has agreed to be a member, representing consumers.

This is a complex piece of work and there is a lot to do from now until September, but it is essential we see, as soon as possible, a code that is effective in protecting people.

But the design of that code won’t be the end of the matter. Fraud is constantly changing and we expect the code will continue to evolve to keep pace in giving everyone the protection they need.

This is a guest contribution by Paul Smith. All views expressed here are Paul’s own and not necessarily those also shared by Which?.

What do you think about the PSR’s plans to introduce a new code to better protect people against bank transfer scams? What measures would you like to see be included in the code?

Ian Smith says:
9 March 2018

Three cheers to Which setting this action off. The banks are happy to benefit from our trust – and our money! – in them but do very little to protect our hard earned cash merely issuing vague warnings and advice how to avoid being scammed. Unfortunately these warnings are too little too late leaving us out of pocket while absolving themselves of any sort of responsibility. I have long wondered why it is just too easy to transfer money with no opportunity to reclaim it if an error or crime has occurred. Why is there no “cooling off” period built into the process – even 24 hours would offer an opportunity to claw back money erroneously or criminally transferred. Good luck with this to Which – I hope you are successful!

I want to know why the bank Nat West managed to claim back a quarter of a million wrongly credited to my account after at least a week and only after I had noticed it and then claim they were aware of the error when clearly from the phone call they thought I was trying to get money out of them at first. How come fraudsters are immune to money recovery? Answer the banks are totally negligent about checking any who are not easy meat like ordinary UK citizens.

I’m sure that a code and improved response from the banks are both very necessary. However we must also be careful not to introduce a regime which encourages consumers to take LESS care on the grounds that ‘the bank will pay’. There’s still no substitute for caution at all levels.

A cooling off period sounds a good idea, but wouldn’t be much help if the criminals have bounced the funds on through several further banks within that period, something which I imagine they do routinely.

The code does recognise the dangers of relaxing responsibilities of customers to ensure that their contributory negligence, if any, is taken into account as well as dealing with negligence on the part of the banks.

Many people realise they have just been scammed when the phone call ends and as things stand, it is already too late as funds are transferred too quickly.

All bank transfers need at least a few hours to give time for victims to reclaim their money.

Sending and receiving banks of fraud must work together to prevent scammers quickly moving money onwards.

Victim is scammed.
Victim calls bank.
Sending bank contacts receiving bank to hold funds.

That scenario could take less than 15 minutes and funds could be returned to the victim.

Mark B says:
9 March 2018

Will this code offer any help to those already scammed, or is this just for future use?

Shelly says:
9 March 2018

I would be interested to know this too!

PaulT says:
9 March 2018

Banks need to take more responsibility for enabling fraudsters to set up the bank accounts to which money is transferred, and for the lack of safeguards in the means by which fraudulent transfers are carried out.

Money transferred out from one bank account has to go into another bank account. I have always wondered why fraudsters don’t often get nabbed if their bank has their details. The total solution is for banks to also review and revise the true meaning of their data protection policy, as it is more important to protect victims from being scammed rather than the data of some crooks. By reimbursing victims, it is only a superficial cure for the problem. But by nabbing and punishing the perpetrators, it would reduce and deter fraud cases.

A cooling off period would be useful but I think must be limited to 24 hours. It should only commence above a certain sum say £1000 and could be an option to all transfers on an account

Shelly says:
9 March 2018

Thank you for this protection. My husband became a victim to just this type of scam recently and he has lost £500 as the person he paid the money to is refusing to return it. Its shocking that there is no protection for people who pay by bank transfer for what they deem to be a genuine transaction but turns out to be more sinister.

Banks should need a positive agreement to a transfer rather than presuming agreement in the absence of a response.

Simon says:
9 March 2018

I’m not so keen on the reimbursement scheme, I think people should take more responsibility for their own actions and not cry foul when they do something daft, with the reimbursement scheme it won’t be the banks footing the bill for it, it will be the customers.
I do think the banks have a responsibility to check the payee name on the account being paid to and not just let funds be transferred on the sort and account numbers, I think it would be very easy for them to implement that and that one factor alone could reduce the amount of fake transfers dramatically.

I *am* keen on a reimbursement scheme; however I agree with the idea of banks performing a “name check” against the given sort-code / account number magic number.

Also I am curious as to why the banks appear unable to notice that a small number of their accounts have an unusual pattern of usage. In my view a typical account belonging to a fraudster will have all of the following characteristics:
– a large number of high value receipts.
– each victim sender will only make one transaction with the fraudster.
– other banks are frequently making enquiries concerning this account.
– the money is moved elsewhere rapidly.

Lorraine says:
9 March 2018

Well done which,it’s to late for my brother in law as he passed not knowing he was being defrauded as the man involved told him his bank was bankrupt and my brother in law went downhill from there

Mike C says:
9 March 2018

Automatic Name of Payees Account identification, displayed in Online Banking before anybody transfers money is an obvious Safeguard. Just inputting Payees Sort Code and Account Number is not enough. The Banks MUST provide Name of Payees Account identification before any transfer can take place. NO NAME = NO TRANSFER.

In addition a Scam Catch All of a minimum 24 hours before a transfer is made, would provide a window to allow individuals to contact their Bank to stop a transfer.

All Banks are crooked. Look at the history, speaks for it self. Furthermore, any body or system that regulates itself and can wipe off and shrug off any whistle-blowing is suspect.
Fraud exists because banks like it to. They make money. Every ‘move’ to make debt, cause debt, grow debt, the Bank makes money.
The Banking system says it operates a know-your-customer policy, well that is not working well is it. Furthermore, Banks remain quiet of fraud, knowing full well where it is, how it is and that really if themselves and regulators got together – it could be dealt with.
Any service operated in the United Kingdom, cannot have monies wired outside. A known business address, known personages, known ring-fenced bank a/c is operating, so that all business conducted by UK citizens, remains in the UK.
At period accounting end, of course the distribution of profit to parent / sister / mafia can be made, as the tax man has now given the all clear.

TSB bank knows full well that cancelling a Bank card will NOT stop fraudsters, because this does not GET the full treatment of BLOCKING. So on it goes, misery to the customer (feel that community love they spout) and another bad transaction pushing the affected account into unplanned overdraft, goodness me, more money made by TSB in fees and charges. Glee on their leadership part.

It is disgusting.
It is immoral too.

Punitive fines should be levied against Banks for each and every failure.
CEO and higher management should be ‘risk’ patrons, and their job / career should end with a scandal, not given a nod and wink, and go for a pay rise because targets of cash holding has increased.

Three months, I’ll cleanse it all up.
A few hangings to boot, no more wishy-washy no good for anything paper pushers.

And as for bit-coin, god knows the bally-hoo that people could side-step the banking system, hives are appearing.
So what do you the consumer want ?
Idiot and greed free banking ?

The wash back to get that has to be strong, no nonsense and brutal in the execution.

I had £60,000 stolen in July of 2017. The criminals used the internet, after building a ‘Clone Company’ of a legitimate company to trick investors. The theft was executed with all the panache, and flair, you could imagine; we lost £60k of our life savings!
The FCA were less than useless! The NFIB were less than useless! This made the whole sorry mess even worse!
As we went through the process of reporting this crime, experts in the industry field of ‘Bank Fraud’ stated to me that this was a ‘Daily’ occurrence, and they were neck deep in fraud cases of this type. Yet the ‘Powers to Be’ are today, were then, tragically behind the curve in putting resources in place to protect the public.
I would like the ‘Compensation Scheme’ to have the facility to ‘Consider’ cases of this type of ‘Bank Fraud’ back to 2016. This criminal activity is a blight on ordinary peoples lives; ‘Compensation’ should be afforded to the victims, when the ‘UK Gov’ knows full well that they are not, and have not, resourced appropriate levels of protection in the banking sector for many years; they have left us ‘Joe Public’ to fend for ourselves and then shrug and wring their hands in anguish. The ‘Anguish’ sadly is ours!

What is needed is to protect people from deception. When I request money is transferred it is to a named person. If this person is not genuine then surely the receiving bank is negligent under the money laundering rules and should have to refund the money. A sending bank should only lose out if they fail to warn that the bank is not in the uk. A 24-hour, time to think, seems perfectly reasonable. Before electronic transfers, banks could reclaim a chegue within 3 days. Mind you that was only to protect themselves. They were perfectly happy to allow a Mr Brown to cash a cheque saying “pay Mr Smith”, provided Mr Brown signed on his name on the back!

Although I am in favour of a reimbursement scheme, an obligation should continue to be placed on individuals to take care of their own money. Many bank customers are downright negligent and the rest of us should not have to pay for their casual approach and the attitude that someone else is always responsible for whatever ill befalls them. Having said that Banks should be doing more to protect those who have been defrauded through no fault of their own. I have come across examples where banks may as well have put a sackful of money outside the door and said “help yourself”.

Martin Brooks says:
9 March 2018

Putting additional measures in place so people have to confirm they really do want to carry out any transfers and maybe limitations to transfer values without additional checks being made is certainly a good idea.

However, the banks seem try and get the message across about scams and what people should never do.

If people still carry on blindly disregarding the warnings and handing their money to strangers I see no reason why their bank should be expected refund them.

After all you wouldn’t willingly hand over the contents of you wallet or purse to a stranger in the street and then expect to be refunded for having done so.

Chris Clark says:
9 March 2018

Clearly the bank should be required to check the name field to make sure it is correct, but why not take advantage of the new blockchain technologies whereby the bank can challenge the identity of the payee in an ‘identify to accept’ way before the funds are accepted?

[Hello your comment has been removed to align with our commenting rules. Please refrain from posting promotional material as this is against our commenting rules. Comments which break our community guidelines will be edited or removed. Thanks, mods]

John Smith says:
9 March 2018

I would certainly suggest freezing the account that money has been transferred into, even once money has been transferred out. This would stop the fraudsters from using that account again, and would seriously impact their activities if they needed to set up a new account (with the palaver that entails) for each fraud.

Some one , somewhere must know where the money goes, why can’t Banks bring the culprits to justice?