/ Money

New industry code for bank transfer scams: how can it help?

bank transfer

Last Wednesday, the Payment Systems Regulator set out its plans for the design and development of an industry code to better protect people from bank transfer scams and provide a reimbursement scheme to help victims. Here, our guest, Paul Smith, the regulator’s head of policy, explains what it means..

Authorised push payment (APP) or bank transfer scams can have a devastating impact on peoples’ lives and we, the Payment Systems Regulator (PSR), want to make sure everyone is protected.

In the first six months of 2017, over £100m was stolen fraudulently as a result of people being tricked into transferring thousands of pounds to fraudsters. Our new plans are about protecting people by trying to prevent APP scams from happening in the first place and ensuring that banks help customers more effectively when, unfortunately, they do happen.

We’ve set out how we consider the issue can best be tackled, including through a new industry code, backed by the right for customers to raise complaints to the Financial Ombudsman Service (FOS). This will be in place by September 2018, paving the way for victims of APP scams to have better protection.

Better protection

From September 2018, the FOS can take this code into account as a relevant consideration when determining new complaints about APP scams. This means that victims of APP scams can be confident any claim for reimbursement will be given fairer consideration.

September isn’t that far away and so, to help us achieve our challenging timeline, we’ve set up a steering group made up of both consumer and industry representatives.

We know it’s important to bring together the right people to design the code and collaborate to deliver something that helps prevent these scams and works for everyone. The group will start their work this month, and Which? has agreed to be a member, representing consumers.

This is a complex piece of work and there is a lot to do from now until September, but it is essential we see, as soon as possible, a code that is effective in protecting people.

But the design of that code won’t be the end of the matter. Fraud is constantly changing and we expect the code will continue to evolve to keep pace in giving everyone the protection they need.

This is a guest contribution by Paul Smith. All views expressed here are Paul’s own and not necessarily those also shared by Which?.

What do you think about the PSR’s plans to introduce a new code to better protect people against bank transfer scams? What measures would you like to see be included in the code?


I was scammed of £12225 in 2014 how do these criminals get bank accounts ?

Hi I was scammed in 2017 and 2018 by the same person I put a report to fraud action kept all messages and bank accounts they never even looked at evidence then told me they are not pusue it any further I was scammed £5000 found action fraud a total waste of time

People should be responsible for making sure that the bank account they are sending money to is the correct one.
Always send a £1 transfer first to make sure you’ve entered the bank sort code and account number correctly.
Never take the word of someone on the phone or in an email that tells you they have changed their bank details.
As for house purchase completion money being sent? Always go to the estate agents office to complete – never do it online.

To day I phoned nationwide and ask how can i check bank details belong to a company I am buying a car from. These had been emailed to me. Nationwide claimed they cannot help/advise and I need to take risk. Shame on Nationwide for not protecting customer!

There is seemingly an obstacle to such data being disclosed that has to be overcome. This will no doubt be achieved because of the “Confirmation of payee” being used as a third piece of information when making a bank transfer.

If you are concerned about whether the details are correct, transfer £1 to the supposed car vendor then contact them to see if it has received.

There should be an automatic delay on bank transfers to allow for verification of the recipient’s bona fides.

This comment was removed at the request of the user

In bank transfer scam cases both banks one transferring and other bank receiving large amount of transferred amount out of blue with any appropriate notification from the scammer (receiver) and immediately withdrawing to unknown fraudster’s hand. There should be some sort of time line to do security checks all the banks for large and unusal amounts. Time is of paramount importance for a large amount of transfer happening initially between two known British Banks working according to the established security systems.

tucker says:
9 March 2018

It is essential that banks have a legal duty to support customers who have been tricked into giving away confidential information or data that results in loss of money. We, the public, are not experienced enough to detect the subtle ploys used by clever fraudsters

Although I’m very careful and don’t click links to Bitcoin offers, invoices for goods not ordered, or emails from “Banks” and HM Customs, especially when they’re from banks I don’t use or goods not expected! Neither will I bank on line, but I know it’s inevitable that one day I’ll be tricked into parting with money through a scam.

Additionally, you can rely on banks finding a method of identifying false claims, probably one of the sledgehammer/nut type, that also penalises a few—-perhaps several—-innocents. Banks won’t lose out that’s for sure.

My worry about all these compensation schemes is they have to be paid for by innocent parties. I had more sense than to sign up for PPI – so lost twice, NO compensation, and my bank shares value was decimated. Of course, it’s a bonanza for lawyers…..and there is no way the borrowers who were taken for a few pounds should have had the hundreds & thousands many got. Sorry for the rant!

I feel for a free trial with an automatic subscription after 14 days which was buried in T&Cs not even shown on the confirmation page. I think I have stopped the subscription after a single phone call – which went through to the Philippines – however hats off to John Lewis Financial Services who offered to investigate and try and recover the money without me asking. Some institutions are on the ball!

Primary responsibility for reimbursement ought to lie with the receiving bank as they are the ones responsible for allowing the opening of & ongoing operation of fraudulent accounts.

They fail to know their customer, to adequately ID them – especially if accounts are opened online – plus they are the only ones in a position to identify flows of funds through accounts.

Too much emphasis on speeding up transactions these days – Which? please take note – which allows funds to be received & disbursed again same day having barely rested on an electron inbetween times

This speed is just not necessary for the majority of transactions & in fact only facilitates fraud – need to fundamentally rethink this whole payments system

(and I speak as an ex-banker)

I was scammed of £1000 of hard earned cash. In the attempted to buy car. My bank failed to help me.

Ryan says:
9 March 2018

If the receiving account was opened fraudulently or there was evidence to suggest it had been used fraudulently in the past. The bank should refund. However people need to take personal responsibility for greed and/or stupidity.

peter says:
9 March 2018

Rule of thumb.If it looks to be too good to be true,it most certainly is.

This comment was removed at the request of the user

N D Hughes says:
9 March 2018

The on-line electronic Bank Transfer payment system was set-up by the Banks themselves, the intrinsic weakness of the system is ease of fraud.
This intrinsic weakness is thus the responsibility of the Banks. The Banks have over time replaced the more secure Pay by Cheque/Postal System with this insecure on-line/Credit Card method. This did not happen because of choice by Bank customers, but decided as part of Banking Policy. Money transfers are the responsibility of the Banks since it was their decision that this new modern method is now used.

It is not the case that the banks have replaced previous forms of payment with the electronic Fast Payments Service. All the previous methods are still available to all customers each method having features – like time delays or verification requirements – that make the funds transfer more secure, albeit the more secure the process the higher the transaction fees.

I am in favour of an instant money transfer facility and plenty of suggestions have been made in this and previous Conversations on how customers can protect themselves and their money. However, I feel there is a need for a quick and easy method by which one can obtain confirmation of payee account destination without revealing restricted data. I ought to be able to input a sort code number and account number and then the account-holder’s name and get an immediate YES/NO response [with traceable ref. no.]. I understand that that will become part of the new process but it would be helpful if it could be introduced without further delay.

Again some of the mistakes are due to the speed that they are done Some must do everything a quickly as possible not thinking at all but when they do think and realise just what they have done it is usually to late Don’t scammers want you do things NOW don’t even give you time to think Fools and their money are quickly parted

alan chappell says:
10 March 2018

I have not read the proposals yet but I hope they address the issue of the how the receiving Bank (for the transfer) allowed the criminals to open a Bank account.

I remain to be convinced that a code of practice will put an end to bank transfer scams. Can we be sure that all the banks will sign up to the code? Perhaps Paul Smith can advise.

It won’t put an end to them. All compensation schemes mean the rest of us pay one way or another and scammers get away with it.

This new industry code compensating victims is fixing the end result and not tackling the root of the problem.

Banks and police need to work together to catch the criminals. How difficult can it be to hold a payment for a short time, and if a victim realises they have been scammed, contact their bank, flag the payment, send that flag onto the next bank, and the next bank, stopping the payment going abroad and contacting police where the end of the trail leads? Even payments going abroad will have accomplices in this country.

I would support having a delay, Alfa. From posts on this website, some of those who have been scammed realise the problem at the time but it is too late to take action.

I am in favour of a 24-hour holding period so the recipient can see that the money is coming but it is treated as uncleared funds for that period. However, I would like there to be a threshold of, say, £1,000 so that small payments can be transferred rapidly [or perhaps the option of an instant transfer could be made available on a no-liability basis by the transferring bank].

The comment is often made that online payments should be delayed for 24 hours, say, in case the payer finds they’ve made a mistake or been scammed.

When I make on online payment I am given a choice – make the payment immediately or at a future date. I have never used the “future date” but it gives me a calendar from which to choose the payment date, at daily intervals. So I can delay the payment by 24 hours. As far as I know, I then have until 10pm the day before to cancel the payment but cannot verify how well this works.

So, if you are not sure, and don’t choose the step of transferring £1 and checking it has gone to the right person, delay your payment date while you do the checks. Better still, of course, is to not make a payment until you are sure of what you want to do, before you instruct your bank to do it for you.

I use the future date choice for a number of payments, like credit or store card bills, although I have never cancelled one or wanted to alter the amount but that is a useful facility that you cannot get with a cheque payment.

One has to keep in mind that a future payment will become due as the on-line banking system does not treat it as an accrual and deduct it from the ‘available balance’.

Chris says:
10 March 2018

I think the receiving bank providing fraudsters account should be criminally liable under Joint Enterprise.

Joint Enterprise and Money Laundering would apply if you are an individual. However the bankers have always been so careful to ensure that these laws do not apply to them – just like directors of companies.

This comment was removed at the request of the user

I agree that the balance of advantage lies too much with the banks.

Ever since it became almost impossible to function without having a bank account they have collectively been immune from any loss of customers and so their practices have, by default, hardened against their customers who generally have not been made aware of the lack of protection for on-line payments. The banks are under various pressures to allow anyone to open an account and their background checks and status enquiries are clearly not keeping criminals out of the system. I think the speed with which new accounts can be opened shows that the process is probably in the hands of counter clerks or cashiers and not qualified managers, and that comprehensive references are not required as used to be the case; this is probably all because the banks want to seem to be acting quickly and expediting customers’ applications.

We have to come to terms with the fact that the potential rewards to the perpetrators are so great that serious criminal brains are heavily involved in the process and might even have ‘plants’ in the various banks who can open accounts fraudulently. They are also quite capable of operating an account along ‘normal’ lines for a period of months or even years before suddenly throwing it into overdrive and making a rapid number of in-and-out transactions and then emptying the account. If the timing is clever the banks involved will not be alert to the scam even if the computer system has run the warning flag up.

jon smith says:
10 March 2018

when people or companies open a bank account banks need to ask for more details and proof of identity, address and if a company a search on companies house data bases, perhaps a reference from another bank, it should not be so easy to open an account to get money transferred into.
Banks should be forced to do more KYC and should have to record and prove they did the due diligence before allowing an account to be opened and have to produce records if there are suspected fraudulent transfers immediately.
One bank- either the sending or receiving bank needs to be made responsible for issues so there is no passing the buck between banks- The receiving bank would be an idea as they allowed the accounts to be opened.
Banks should be forced to have the ability to track money through multiple accounts across multiple banks immediately they are informed of a suspected fraudulent transfer- not wait days or say it cannot be done.
When transferring the end bank details bank account number, sort code, business name and address should be displayed to you before you transfer- if no details no transfer can be made
As with the old cheque system there is a clearing time- can the same time gap be put into high value electronic transfers- i.e the money ring fenced for a couple of days so that sender and receiver can check it is correct. For this to work the receiver would be told the transfer has been made immediately but the funds would be held for a period of time- therefore if the receiver does not get told immediately then the funds have gone to the wrong place- perhaps a lower limit of say £5,000.

This comment was removed at the request of the user

Banks used to know and check their customers’ signatures. A forged signature is null and void in a British court, and all the risk was with the bank.
In saving costs by going digital, they increase their own risks, and it is miserly that they try to pass this risk to their customers.
Continue to use cheques, to avoid incurring your banks risk.

Ah, but only today I got an email from my bank telling me that the chegue clearing scheme is being revamped (perhaps overdue after 50 years) and you will only have 24 hours to cancel a cheque!
The TSB say 2 days, but then give an example of paying in a cheque on Monday and it can only be cancelled on Tuesday – so in fact only 1 day!