/ Money

PSR super-complaint one year on: what’s happening now?

banking scams

It’s been a year since we called on the payment systems regulator and industry to better protect consumers from bank transfer scams. That makes it our anniversary! Or, scammiversary, if you will…

Like all anniversaries, you hope the other side hasn’t forgotten, and the PSR didn’t disappoint. To coincide with this 12-month landmark, it has announced that it intends to publish an update in November. In it, they will outline what has happened since they responded to our super-complaint and set the industry the task of doing more to protect consumers.

While it’s encouraging to see banks and regulators treating this issue as a priority, people have continued to remain at risk from bank transfer fraud with many of you sharing your stories where you’ve lost life-changing sums of money to scammers.

That’s why we’ve told the PSR it must now clearly set out what progress has been made by banks, and what more industry should be doing to ensure those who are tricked into making a payment to a fraudster are not left out of pocket.

More support is needed

In particular, we want to see progress on a number of measures including robust guidelines for financial institutions to support victims of scams and the adoption of a best practice approach across the industry. Banks also need to demonstrate how they will enhance data sharing to improve their response to bank transfer scams.

We also want to see an update on when the industry will introduce measures such as Confirmation of Payee, which would help cut down the number of victims who lose money when they are tricked into sending money to someone they aren’t expecting to. And while all of this should some scams from happening, we still need to see proposals to ensure people are not left worse off, financially, when they fall victim.

While we are waiting to hear more from the regulator, we also know there is more banks can be doing themselves. In April this year, we asked you to tell us about things you’ve seen banks doing differently since we raised this issue with them. And earlier this summer, we wrote to the banks asking them to set out what additional steps, beyond what the PSR has asked them to do, they have put in place to protect you.

Fraud awareness campaigns

One of the areas that has seen the most attention by banks is around awareness campaigns for consumers, while also improving education and training for staff to help spot scams and give advice to those who may be at risk. A number of banks have invested in TV advertising, such as Barclays. The below video asks people to think twice if they get an email out of the blue from a loved one asking for an urgent transfer of money.

While these campaigns play an important role, focusing on them alone isn’t enough and places too much emphasis on the consumer to spot and protect themselves from increasingly sophisticated scams.

Another area that came through in their response was the alert systems a number of them have in place to warn you about the risks when you are about to make a transaction. A number of them, for example, now give staff a list of things to check when customers want to make a transfer in a branch. Some of you, like Tim, who is a customer of Santander, have told us you’ve seen warning messages to pop up before you make a transfer online, such as this one seen by Nationwide customers.

Nationwide warning

Payment monitoring systems

We also know the banks do a range of things behind the scenes to monitor payments, both when you are making them and when they are coming into accounts. This intention of this monitoring is to spot suspicious activity and close down any payments set up by scammers before you can send them your money.

Finally, when things do go wrong it’s important that you can contact your bank anytime, day or night. Scams happen 24/7 so the sooner banks are alerted and can contact where the money has been sent, the better the chance they have at stopping that money from being moved on. It’s good to see some banks already offering this to their customers.

Ultimately, while we recognise that our super-complaint has led to some positive steps, there is still more industry can be doing to protect us. That’s why we’ll be keeping an eye on the update from the PSR to make sure industry is delivering.

In the meantime, tell us, do you think banks are doing enough? Do you have any ideas for how your bank can help prevent scams?

Comments
Profile photo of Beryl
Member

Some of these fraudsters, I am convinced are people with inside (or ex inside knowledge) of your personal banking circumstances.

I recently received a call from someone purporting to be from my bank who knew a great deal about my personal bank accounts, including the name and branch of my bank. She proceeded first to pressurise me into switching over to banking online and went into great lengths to inform me of all the benefits of online banking. I reminded her that I was a member of Which? and that I was all too aware of the increase in banking scams taking place and of the sophisticated methods used to relieve unsuspecting people of their life’s savings and had therefore decided it was not an option for me.

More sales patter followed about various other available accounts where I was assured of a better return on my savings and that my current savings were in fact losing their value because of current low interest rates. Her approach was extremely professional and convincing. However, I started to become a little suspicious when she mispronounced the name of the bank official she purported to be who I knew spoke with an Asian accent whereas she spoke in a clear English accent, but it was when she quite suddenly offered to transfer one of my accounts with some urgency in her voice asking “shall I do it now?” Alarm bells immediately starting ringing so I replied with a very firm “NO”, stating any transfer of money would not take place over the phone. I requested further details to be forwarded to my home address when I would have more time to ponder over opening new accounts and transferring any monies.

True to my original suspicions they never arrived, which begs the question, how does one differentiate between a genuine caller and a fraudster when the cold caller on the other end of the line knows so much about your personal bank accounts, even the exact amount deposited there. It has to come from someone with inside knowledge, and therefore there is an urgent need for banks to first monitor, examine and take stock of its own employees, or ex employees as the case may be, in an attempt to stop the violation of its own customers personal details and accounts.

Profile photo of Ian
Member

Bank insiders are, I suspect, not uncommon now but the banks seem curiously unwilling to instigate prosecutions.

Profile photo of wavechange
Member

I’m glad to hear you avoided the scam, Beryl, and thanks for letting us know. My approach is never to enter into any financial dealings over the phone unless I have initiated the call.

Profile photo of Beryl
Member

That’s very true Ian, a banks reputation is sacrosanct.

Member

Might be in your interest to get some form of call blocker for your phone and caller display. Any numbers that get through that I don’t recognise or have no name on are ignored, anybody who might be wishing to contact you can always leave a message and if you want you can call them back.

Profile photo of Beryl
Member

That’s good advice Syd, my son has already taken that precaution and has advised me to do the same.

Profile photo of malcolm r
Member

The intro says “the PSR didn’t disappoint. To coincide with this 12-month landmark, it has announced that it intends to publish an update in November”. Would not this Convo have been better left until the update is published, so we’ll have something concrete to discuss?

Profile photo of Vanessa Furey
Member

I agree Malcolm, i’d much rather we were talking about what is in the update. However, I do still think it’s important that we now have a clearer date from the PSR on when to expect it that we can hold them to, as previously they’d only ever said the second half of the year.

Whilst that update will be an important point to see whether industry and the regulator are delivering the action we expect to see, I think it’s also important that we look at what else banks have been doing, and can continue to do, to protect consumers out side of that process.

The comment about ‘not disappointing’ was more tongue in cheek about them not forgetting the scammiversary.

Profile photo of Beryl
Member

On the contrary Malcolm, I consider we need frequent bulletins to remind people to constantly remain vigilant lest they are targeted out of the blue when they least expect it, as I was. If I had not been made aware of these scams through my participation in this forum, I could easily have been taken in by the sales patter.

Profile photo of malcolm r
Member

I would like more regular information and updates too, Beryl, by Which? asking it from those who are dealing with it (or not 🙁 ). However, this is not the first time Which? has pronounced its requirements just before an authority or regulator is about to provide a report or update. Too late to have any influence on it, so I still think, under those circumstances, it would be more sensible to wait for the publication and then deal with it.

Profile photo of wavechange
Member

My suggestion is to regard all links in emails as potentially dangerous because it may not be obvious whether an email is genuine or part of a scam. All that genuine emails need to do is to advise customers to look at the website regarding whatever is in the email and get over the message that customers should never reply to an email or click on a link. Since banks seem incapable of taking this action, maybe they should be told to.

The problem of misdirected payments could and should have been dealt with years ago.

Keep up the pressure, Which?

Member
bishbut says:
27 September 2017

Treat every communication of any kind with suspicion until you can CONFIRM in some way that it is genuine I would rather ignore a genuine one than fall for a scam and lose money Genuine people will contact you by other means if they need to say something very important if they don’t it cannot be important at all

Member
Maurice White says:
28 September 2017

Apart from Barclays I am unaware of any bank that I deal with on a regular basis doing anything, giving advice on anything other than a change of any interest rate in a downward direction, that puts more into their revenue pockets !!

Member

We have only got ourselves to blame. I watch daily as people wave cards over machines and then don’t pick up receipts. Same with cash machines. Receipts left with balance enquiries showing some details of the account. These wave the cards can be read if you are in close proximity to the owner. Banks do not lose anything. They just pay out from their pool of money and then pay lousy interest rates to savers.
I know how some of these fraudsters work as I know of someone who was relieved of £60,000. Yes it was investigated and I worked out the very clever way it was done. The money was returned after investigation but it was only recovered because the ‘recipient’ held the money in a holding account to see if it was investigated before making it vanish. Most money doesn’t exist any more and its held in a series of 1 and 0 in a computer. One day the power will go out or the computer will be hacked and those who have online statements will have nothing. If Equifax can be hacked then so can the bank computers.
All the warnings, tv adverts etc will not change how complacent we have all become.

Member

SANTANDER have also added Scam Warnings with examples to their Pass Code Texts, before the pass code is used to authorise a payment. Positive Payee Name confirmations would be a very useful final notification prior to an Account holder authorising a payment. This would not only be useful for stopping Scam payments but ordinary payments too where the Account holder had made an error in selecting the Payee.

Member
Ann Thomas says:
28 September 2017

I am with First Direct Bank thank God. This bank spotted two instances of thieves trying to steal from me and stopped them defrauding me of over £3000.

Profile photo of alfa
Member

Some time ago, a test payment of I think it was £1 was stopped by First Direct. Apparently thieves often try a small amount before going for a larger amount.

Profile photo of malcolm r
Member

I’ve always done a test £1 transfer successfully to confirm I’ve put the account details in correctly. An email or phone call from the recipient then assures me of that.

When I do a transfer on line I normally have no need for it to go through instantly, or even in 2 hours. I’m quite happy to wait if that ensures a new secure transfer is made correctly.

It seems our obsession with speed (or the banks assumption) currently leads to a degree of insecurity. Getting a quick automatic response to an intended payment with the name of the payee’s account, allowing us to confirm the transaction, should take very little time. I hope a verification of payee, that the PSR is working on, will be introduced by banks in 2018 as they suggest.

Member
Elizabeth says:
28 September 2017

I have in the past been targeted. My bank Lloyd’s have me on what I call suspicious list, they check with me any usual transactions. The other week I found they blocked my account until I spoke to them via the number on my bank card as I did not recognize the number on line. I spent a few hours speaking to various people before resolving the problem but lost no money. The next day I had a letter from a catalogue saying my new not opened by me had been cancelled. I find it has been helpful to be proactive or to put another way annoy your bank. Please be proactive and safeguard you accounts.

Profile photo of malcolm r
Member

There is a lot of relevant information in the Payment Systems Regulator’s initial comprehensive response to the Which? compliant.

One issue many of us would like to see addressed is a 3rd tier of information required when making an online payment, in addition to the sort code and account number. The report
https://www.psr.org.uk/sites/default/files/media/PDF/PSR-Which-super-complaint-response-December-2016_0.pdf
says “7.19 The Forum has prioritised the collaborative development of the necessary standards and rules,
which are required for implementation of ‘Confirmation of Payee’. The Forum has proposed a
timeline of July to produce these for public consultation, with the work finalised by end 2017.
Once these standards and rules are in place, the competitive market will be in a position to
develop products and services for end-users, so there is a possibility that a ‘Confirmation of
Payee’ solution could be available from 2018 onwards.”

One proposal that seems appropriate was that when a Payer sets up a payment using the sort code and account number of the prospectie Payee, they are then sent the account name that corresponds and only then do they confirm (or not) the transaction.

Member
paul wilson says:
28 September 2017

After a transfer is there anything that the bank is responsible for after it has been used as a vehicle for fraud surely they can trace the money after it has left there bank and so on.
Paul W

Member
SammyTin says:
28 September 2017

When transferring money I always send no more than £5 and await confirmation from the recipient before transferring the remainder!
The Banks must be capable of “following the money” Why is it not done?

Member
D M Pritchard says:
29 September 2017

Too lazy.

Member

The banks normally notify you by mail if any information is needed.The new bank cards are a thieves paradise ask the bank to issue a none contact card which is safer.Any phone calls relating to transfers or bank details stop the call and call your bank to verify .Any suspicious calls what so ever or uninvited calls stop the connection call your bank if you can record the caller for future proof .

Member

Banks are continuing to push risk on to their customers.

For example Chip and Pin is to protect the banks and not their customers since forged signatures are harder for them to reject. The onus is now on the customer to prove that they have not disclosed their pin number.

An attempt to withdraw cheques in favour of online payments is also to reduce their risk as cheques can only be paid into the named payee’s bank account whereas online payments are only to sort code and account number and it is the payers responsibility to get them right.

Refusal for the banking sector to take responsibility for online fraud is unacceptable since the payment is going to another bank account. The banks are effectively hosting criminal activity or allowing accounts to be used for fraudulent transactions and refusing to accept blame. The last bank in the chain before cash is withdrawn by the criminal or sent overseas should be held responsible for the customers loss.

Member

I tell the potential scammers to look out of the window to see if the police are there because they are already on their way to them. Usually the line goes dead

Profile photo of Alex Whittle
Member

For anyone who is worried about scams, or maybe have vulnerable friends and relatives please feel free to have a look at our new consumer rights guide, all about how you can protect your elderly relatives from scams.

http://www.which.co.uk/consumer-rights/advice/protect-elderly-relative-from-scams

😀

Profile photo of alfa
Member

I will post this for the third time as it has been ignored……..

I was wondering why people were still getting caught with scammers still being on the line when they ‘call’ back their banks for confirmation so did a test……….

I initiated a call between my mobile and BT phone.
Then disconnected the call with my mobile.

On my BT phone, I heard clicks that sounded like the call was being disconnected then a continuous tone, but the phone stayed connected clocking up time. After just over 3 minutes, the what sounded like a police siren started up.

I was able to dial another phone number while still connected during that time although the other phone did not register a call.

But all a scammer would have to do is record a dial tone and the victim would be fooled into thinking the call was disconnected.

So calls are not being properly disconnected by BT.

WHY ???????????????

This type of scam is completely preventable if both parties phones are disconnected immediately one person ends the call.

Perhaps Which? could ask OFCOM why this very simple solution has not been implemented.

Ofcom state:
We make sure that people in the UK get the best from their communications services and are protected from scams and sharp practices…

In July 2013, Ofcom and the ICO agreed a joint action plan to tackle the issue of nuisance calls and help protect consumers.

Profile photo of malcolm r
Member

morning alfa, According to this 2014 article, disconnect times were being reduced by the telecom operators. It seems to require a change to exchange equipment –
https://www.out-law.com/en/articles/2014/october/telecoms-companies-cutting-time-to-disconnect-calls-in-attempt-to-combat-bank-fraud/

This later article (2015) reports that BTs change was completed an disconnect time should be within 2 seconds “Now when a person hangs up, an incoming call to a BT line should disconnect within two seconds.
Regulator Ofcom says similar changes have been made to most of the UK’s other major phone networks.

http://www.bbc.co.uk/news/business-34714531

If this is not happening, perhaps someone could explain why. In your case. if the incoming call was to your BT phone, then try disconnecting with that one – it will be your BT exchange that has the equipment. I don’t know how a mobile phone disconnect works.

Profile photo of alfa
Member

Morning malcolm,

Thanks for the links. I hadn’t read that article before, but it does highlight the scam.

I have just rerun my test and after disconnecting with my mobile, the BT phone stayed ‘connected’ for 3 minutes 10 seconds before playing the siren noise that tells you the phone is ‘off the hook’.

My mobile disconnects almost instantly the BT phone ends the call.

Member
Carole Baker says:
29 September 2017

Bank Staff don’t know the correct information to give you if you want to transfer money anyway I have done this 3 times and each time the information was different!

Did you know M&S bank has Customer Services overflow in Manilla along with Security Services for Fraud!!

Profile photo of malcolm r
Member
Member
David Stevens says:
7 October 2017

It seems to me that one very useful thing the banks could do would be to ensure that the account name and account number match. At present you need only sort code and account number to send funds. If you put a digit wrong in either or a fraudster asks you to send funds you cannot double check that the name of the person or company you are sending money to is correct. If a fraudster opens an account in the name of J Bloggs and then send you the sort code and account saying it is the number of say your solicitor you send the money entering the fraudsters account. if the bank required you to confirm the name and it came back J Bloggs you would know to abort the transaction. This is something banks should be doing now not in ten years time.

Profile photo of malcolm r
Member

The Payments Systems Regulator is tackling this and may have it resolved it to be introduced in 2018. It is not the simple problem it might seem. One proposal is that you arrange to make a payment using the sort code and account number, and the bank then sends you the name of the corresponding account. You then confirm or cancel the payment.