/ Money

PSR super-complaint one year on: what’s happening now?

banking scams

It’s been a year since we called on the payment systems regulator and industry to better protect consumers from bank transfer scams. That makes it our anniversary! Or, scammiversary, if you will…

Like all anniversaries, you hope the other side hasn’t forgotten, and the PSR didn’t disappoint. To coincide with this 12-month landmark, it has announced that it intends to publish an update in November. In it, they will outline what has happened since they responded to our super-complaint and set the industry the task of doing more to protect consumers.

While it’s encouraging to see banks and regulators treating this issue as a priority, people have continued to remain at risk from bank transfer fraud with many of you sharing your stories where you’ve lost life-changing sums of money to scammers.

That’s why we’ve told the PSR it must now clearly set out what progress has been made by banks, and what more industry should be doing to ensure those who are tricked into making a payment to a fraudster are not left out of pocket.

More support is needed

In particular, we want to see progress on a number of measures including robust guidelines for financial institutions to support victims of scams and the adoption of a best practice approach across the industry. Banks also need to demonstrate how they will enhance data sharing to improve their response to bank transfer scams.

We also want to see an update on when the industry will introduce measures such as Confirmation of Payee, which would help cut down the number of victims who lose money when they are tricked into sending money to someone they aren’t expecting to. And while all of this should some scams from happening, we still need to see proposals to ensure people are not left worse off, financially, when they fall victim.

While we are waiting to hear more from the regulator, we also know there is more banks can be doing themselves. In April this year, we asked you to tell us about things you’ve seen banks doing differently since we raised this issue with them. And earlier this summer, we wrote to the banks asking them to set out what additional steps, beyond what the PSR has asked them to do, they have put in place to protect you.

Fraud awareness campaigns

One of the areas that has seen the most attention by banks is around awareness campaigns for consumers, while also improving education and training for staff to help spot scams and give advice to those who may be at risk. A number of banks have invested in TV advertising, such as Barclays. The below video asks people to think twice if they get an email out of the blue from a loved one asking for an urgent transfer of money.

While these campaigns play an important role, focusing on them alone isn’t enough and places too much emphasis on the consumer to spot and protect themselves from increasingly sophisticated scams.

Another area that came through in their response was the alert systems a number of them have in place to warn you about the risks when you are about to make a transaction. A number of them, for example, now give staff a list of things to check when customers want to make a transfer in a branch. Some of you, like Tim, who is a customer of Santander, have told us you’ve seen warning messages to pop up before you make a transfer online, such as this one seen by Nationwide customers.

Nationwide warning

Payment monitoring systems

We also know the banks do a range of things behind the scenes to monitor payments, both when you are making them and when they are coming into accounts. This intention of this monitoring is to spot suspicious activity and close down any payments set up by scammers before you can send them your money.

Finally, when things do go wrong it’s important that you can contact your bank anytime, day or night. Scams happen 24/7 so the sooner banks are alerted and can contact where the money has been sent, the better the chance they have at stopping that money from being moved on. It’s good to see some banks already offering this to their customers.

Ultimately, while we recognise that our super-complaint has led to some positive steps, there is still more industry can be doing to protect us. That’s why we’ll be keeping an eye on the update from the PSR to make sure industry is delivering.

In the meantime, tell us, do you think banks are doing enough? Do you have any ideas for how your bank can help prevent scams?

Comments

Some of these fraudsters, I am convinced are people with inside (or ex inside knowledge) of your personal banking circumstances.

I recently received a call from someone purporting to be from my bank who knew a great deal about my personal bank accounts, including the name and branch of my bank. She proceeded first to pressurise me into switching over to banking online and went into great lengths to inform me of all the benefits of online banking. I reminded her that I was a member of Which? and that I was all too aware of the increase in banking scams taking place and of the sophisticated methods used to relieve unsuspecting people of their life’s savings and had therefore decided it was not an option for me.

More sales patter followed about various other available accounts where I was assured of a better return on my savings and that my current savings were in fact losing their value because of current low interest rates. Her approach was extremely professional and convincing. However, I started to become a little suspicious when she mispronounced the name of the bank official she purported to be who I knew spoke with an Asian accent whereas she spoke in a clear English accent, but it was when she quite suddenly offered to transfer one of my accounts with some urgency in her voice asking “shall I do it now?” Alarm bells immediately starting ringing so I replied with a very firm “NO”, stating any transfer of money would not take place over the phone. I requested further details to be forwarded to my home address when I would have more time to ponder over opening new accounts and transferring any monies.

True to my original suspicions they never arrived, which begs the question, how does one differentiate between a genuine caller and a fraudster when the cold caller on the other end of the line knows so much about your personal bank accounts, even the exact amount deposited there. It has to come from someone with inside knowledge, and therefore there is an urgent need for banks to first monitor, examine and take stock of its own employees, or ex employees as the case may be, in an attempt to stop the violation of its own customers personal details and accounts.

Bank insiders are, I suspect, not uncommon now but the banks seem curiously unwilling to instigate prosecutions.

I’m glad to hear you avoided the scam, Beryl, and thanks for letting us know. My approach is never to enter into any financial dealings over the phone unless I have initiated the call.

That’s very true Ian, a banks reputation is sacrosanct.

Might be in your interest to get some form of call blocker for your phone and caller display. Any numbers that get through that I don’t recognise or have no name on are ignored, anybody who might be wishing to contact you can always leave a message and if you want you can call them back.

That’s good advice Syd, my son has already taken that precaution and has advised me to do the same.

The intro says “the PSR didn’t disappoint. To coincide with this 12-month landmark, it has announced that it intends to publish an update in November”. Would not this Convo have been better left until the update is published, so we’ll have something concrete to discuss?

On the contrary Malcolm, I consider we need frequent bulletins to remind people to constantly remain vigilant lest they are targeted out of the blue when they least expect it, as I was. If I had not been made aware of these scams through my participation in this forum, I could easily have been taken in by the sales patter.

I would like more regular information and updates too, Beryl, by Which? asking it from those who are dealing with it (or not 🙁 ). However, this is not the first time Which? has pronounced its requirements just before an authority or regulator is about to provide a report or update. Too late to have any influence on it, so I still think, under those circumstances, it would be more sensible to wait for the publication and then deal with it.

My suggestion is to regard all links in emails as potentially dangerous because it may not be obvious whether an email is genuine or part of a scam. All that genuine emails need to do is to advise customers to look at the website regarding whatever is in the email and get over the message that customers should never reply to an email or click on a link. Since banks seem incapable of taking this action, maybe they should be told to.

The problem of misdirected payments could and should have been dealt with years ago.

Keep up the pressure, Which?

Treat every communication of any kind with suspicion until you can CONFIRM in some way that it is genuine I would rather ignore a genuine one than fall for a scam and lose money Genuine people will contact you by other means if they need to say something very important if they don’t it cannot be important at all

Apart from Barclays I am unaware of any bank that I deal with on a regular basis doing anything, giving advice on anything other than a change of any interest rate in a downward direction, that puts more into their revenue pockets !!

We have only got ourselves to blame. I watch daily as people wave cards over machines and then don’t pick up receipts. Same with cash machines. Receipts left with balance enquiries showing some details of the account. These wave the cards can be read if you are in close proximity to the owner. Banks do not lose anything. They just pay out from their pool of money and then pay lousy interest rates to savers.
I know how some of these fraudsters work as I know of someone who was relieved of £60,000. Yes it was investigated and I worked out the very clever way it was done. The money was returned after investigation but it was only recovered because the ‘recipient’ held the money in a holding account to see if it was investigated before making it vanish. Most money doesn’t exist any more and its held in a series of 1 and 0 in a computer. One day the power will go out or the computer will be hacked and those who have online statements will have nothing. If Equifax can be hacked then so can the bank computers.
All the warnings, tv adverts etc will not change how complacent we have all become.

SANTANDER have also added Scam Warnings with examples to their Pass Code Texts, before the pass code is used to authorise a payment. Positive Payee Name confirmations would be a very useful final notification prior to an Account holder authorising a payment. This would not only be useful for stopping Scam payments but ordinary payments too where the Account holder had made an error in selecting the Payee.

Ann Thomas says:
28 September 2017

I am with First Direct Bank thank God. This bank spotted two instances of thieves trying to steal from me and stopped them defrauding me of over £3000.

Some time ago, a test payment of I think it was £1 was stopped by First Direct. Apparently thieves often try a small amount before going for a larger amount.

I’ve always done a test £1 transfer successfully to confirm I’ve put the account details in correctly. An email or phone call from the recipient then assures me of that.

When I do a transfer on line I normally have no need for it to go through instantly, or even in 2 hours. I’m quite happy to wait if that ensures a new secure transfer is made correctly.

It seems our obsession with speed (or the banks assumption) currently leads to a degree of insecurity. Getting a quick automatic response to an intended payment with the name of the payee’s account, allowing us to confirm the transaction, should take very little time. I hope a verification of payee, that the PSR is working on, will be introduced by banks in 2018 as they suggest.

Elizabeth says:
28 September 2017

I have in the past been targeted. My bank Lloyd’s have me on what I call suspicious list, they check with me any usual transactions. The other week I found they blocked my account until I spoke to them via the number on my bank card as I did not recognize the number on line. I spent a few hours speaking to various people before resolving the problem but lost no money. The next day I had a letter from a catalogue saying my new not opened by me had been cancelled. I find it has been helpful to be proactive or to put another way annoy your bank. Please be proactive and safeguard you accounts.

There is a lot of relevant information in the Payment Systems Regulator’s initial comprehensive response to the Which? compliant.

One issue many of us would like to see addressed is a 3rd tier of information required when making an online payment, in addition to the sort code and account number. The report
https://www.psr.org.uk/sites/default/files/media/PDF/PSR-Which-super-complaint-response-December-2016_0.pdf
says “7.19 The Forum has prioritised the collaborative development of the necessary standards and rules,
which are required for implementation of ‘Confirmation of Payee’. The Forum has proposed a
timeline of July to produce these for public consultation, with the work finalised by end 2017.
Once these standards and rules are in place, the competitive market will be in a position to
develop products and services for end-users, so there is a possibility that a ‘Confirmation of
Payee’ solution could be available from 2018 onwards.”

One proposal that seems appropriate was that when a Payer sets up a payment using the sort code and account number of the prospectie Payee, they are then sent the account name that corresponds and only then do they confirm (or not) the transaction.

After a transfer is there anything that the bank is responsible for after it has been used as a vehicle for fraud surely they can trace the money after it has left there bank and so on.
Paul W

SammyTin says:
28 September 2017

When transferring money I always send no more than £5 and await confirmation from the recipient before transferring the remainder!
The Banks must be capable of “following the money” Why is it not done?

Too lazy.

The banks normally notify you by mail if any information is needed.The new bank cards are a thieves paradise ask the bank to issue a none contact card which is safer.Any phone calls relating to transfers or bank details stop the call and call your bank to verify .Any suspicious calls what so ever or uninvited calls stop the connection call your bank if you can record the caller for future proof .

Banks are continuing to push risk on to their customers.

For example Chip and Pin is to protect the banks and not their customers since forged signatures are harder for them to reject. The onus is now on the customer to prove that they have not disclosed their pin number.

An attempt to withdraw cheques in favour of online payments is also to reduce their risk as cheques can only be paid into the named payee’s bank account whereas online payments are only to sort code and account number and it is the payers responsibility to get them right.

Refusal for the banking sector to take responsibility for online fraud is unacceptable since the payment is going to another bank account. The banks are effectively hosting criminal activity or allowing accounts to be used for fraudulent transactions and refusing to accept blame. The last bank in the chain before cash is withdrawn by the criminal or sent overseas should be held responsible for the customers loss.

I tell the potential scammers to look out of the window to see if the police are there because they are already on their way to them. Usually the line goes dead

For anyone who is worried about scams, or maybe have vulnerable friends and relatives please feel free to have a look at our new consumer rights guide, all about how you can protect your elderly relatives from scams.

http://www.which.co.uk/consumer-rights/advice/protect-elderly-relative-from-scams

😀

I will post this for the third time as it has been ignored……..

I was wondering why people were still getting caught with scammers still being on the line when they ‘call’ back their banks for confirmation so did a test……….

I initiated a call between my mobile and BT phone.
Then disconnected the call with my mobile.

On my BT phone, I heard clicks that sounded like the call was being disconnected then a continuous tone, but the phone stayed connected clocking up time. After just over 3 minutes, the what sounded like a police siren started up.

I was able to dial another phone number while still connected during that time although the other phone did not register a call.

But all a scammer would have to do is record a dial tone and the victim would be fooled into thinking the call was disconnected.

So calls are not being properly disconnected by BT.

WHY ???????????????

This type of scam is completely preventable if both parties phones are disconnected immediately one person ends the call.

Perhaps Which? could ask OFCOM why this very simple solution has not been implemented.

Ofcom state:
We make sure that people in the UK get the best from their communications services and are protected from scams and sharp practices…

In July 2013, Ofcom and the ICO agreed a joint action plan to tackle the issue of nuisance calls and help protect consumers.

morning alfa, According to this 2014 article, disconnect times were being reduced by the telecom operators. It seems to require a change to exchange equipment –
https://www.out-law.com/en/articles/2014/october/telecoms-companies-cutting-time-to-disconnect-calls-in-attempt-to-combat-bank-fraud/

This later article (2015) reports that BTs change was completed an disconnect time should be within 2 seconds “Now when a person hangs up, an incoming call to a BT line should disconnect within two seconds.
Regulator Ofcom says similar changes have been made to most of the UK’s other major phone networks.

http://www.bbc.co.uk/news/business-34714531

If this is not happening, perhaps someone could explain why. In your case. if the incoming call was to your BT phone, then try disconnecting with that one – it will be your BT exchange that has the equipment. I don’t know how a mobile phone disconnect works.

Morning malcolm,

Thanks for the links. I hadn’t read that article before, but it does highlight the scam.

I have just rerun my test and after disconnecting with my mobile, the BT phone stayed ‘connected’ for 3 minutes 10 seconds before playing the siren noise that tells you the phone is ‘off the hook’.

My mobile disconnects almost instantly the BT phone ends the call.

Carole Baker says:
29 September 2017

Bank Staff don’t know the correct information to give you if you want to transfer money anyway I have done this 3 times and each time the information was different!

Did you know M&S bank has Customer Services overflow in Manilla along with Security Services for Fraud!!