/ Money

PayUK must ensure that blameless scam victims are protected

The CEO of UK Finance and I have written to Pay.UK to urge it to back a vital scams reimbursement funding proposal. Here’s our letter to its chair, Ms Melanie Johnson.

Dear Ms Johnson,

This joint letter from Which?, the largest consumer organisation in the UK, and UK Finance, on behalf of HSBC, Santander, Barclays, Lloyds, Metro, Nationwide and RBS follows the Pay.UK Call for Information and is in support of the Faster Payment Scheme (FPS) Change Request.

Authorised Push Payment (APP) fraud is a crime which can have a devastating impact on its victims, which is why protecting consumers is a priority for us all.

The launch of the voluntary Contingent Reimbursement Model Code in May set a new standard of consumer protection from this type of fraud, with a commitment from signatory firms to reimburse victims provided the customer has met the standards expected of them under the Code.

The Code was produced by the APP Scams Steering Group, which was composed of representatives from consumer groups, the finance industry, government bodies and regulators.

‘No blame’ fund

The proposal set out in the Change Request for an FPS CRM fee will provide a long-term, sustainable funding system for the reimbursement of victims of APP scams under the voluntary Code in situations where both the customer and payment service provider (PSP) have done everything expected of them, known as a ‘no blame’ situation.

Funds gained from the FPS fee will be held centrally in a ‘no blame’ fund.

If the Pay.UK board fails to pass the Change Request, many victims of APP scams could once again risk losing their life savings to this devastating crime.

Following consultation on seven funding options, with responses received from 34 stakeholders, including many Pay.UK participants, the Steering Group agreed that the FPS model is the best method to ensure that reimbursement for blameless victims continues beyond the end of this year.

As well as providing reimbursement in a ‘no blame’ situation for customers of PSPs which are signatories to the Code, the proposed model represents the only long-term funding option that also guarantees customers will be covered if their PSP is not a signatory.

If a customer is a victim of an APP fraud and their PSP is not signed up to the Code, they will be able to take their case to the Financial Ombudsman Service which will have the power to refer the PSP to the ‘no blame’ fund to reimburse the customer.

Reducing APP scams

The proposed fee would provide a financial incentive for the firms involved in push payments to individually and collectively reduce APP scams, above and beyond the minimum requirements in the Code.

The protection that the fee offers consumers could also benefit payment providers and Pay.UK by strengthening trust among consumers in the Faster Payments Service.

The Faster Payments Service was designed for speed and convenience. Unfortunately, sensible pro-customer and pro-growth measures are being exploited by criminals.

Latest data from UK Finance shows that in the first six months on 2019, 95per cent of all APP fraud involved a customer making a Faster Payment. Therefore, it is important for Pay.UK to consider the part it can play in the fight against this growing fraud, by recognising that it has the power to take decisive action to protect end users.

The FPS Change Request, submitted to Pay.UK in June, provides a mechanism to achieve this consumer protection.

As well as being the decision of the APP Scams Steering Group, the Change Request also demonstrably fits with Pay.UK’s strategic objectives. Specifically, these include being “end user focussed” and “acting as a catalyst for change in the payments industry; addressing threats; and supporting industry-wide initiatives.

Protecting consumers

The fight against rising APP fraud has become an issue for society to tackle. Pay.UK is supporting these efforts with its work to introduce the Confirmation of Payee service.

Careful consideration of the case for the CRM FPS Fee is now needed, as Pay.UK assesses the responses to its Call for Information.

This well-thought through and widely supported option is proportionate to payment providers of different sizes, consistent with the APP Scams Steering Group proposals, and widely supported by consumer bodies and much of the financial industry.

We urge the Pay.UK board to accept this proposal, and put the protection of consumers at the heart of its decision.

Yours sincerely,

Anabel Hoult, CEO of Which?

Stephen Jones, CEO of UK Finance.

Christopher spacey says:
15 October 2019

I was scammed out of six grand . A solicitor sent me his bank details and someone intercepted the email and changed the account details and sort code.
The solicitor insists it was not his email that had been hacked . The Tsb and fca dont want to know .
It’s unfair as I followed the solicitors instructions .
Hacked off is to say the least!!!

DerekP says:
15 October 2019

Christopher, sorry to hear you were scammed. I trust you reported this to the police and to Action Fraud.

As I assume you must have received a fraudulent email at a time when you owed money to your solicitors, it does sound likely that someone was hacked somewhere along the route of that email. That said, finding out how and where would not be simple and would require specialist skills.

On these pages, we’ve heard other stories of hacked emails being used to defraud folk out of their money. From all of this, it seems that any emails requesting large one-off payments should be seen as suspect and that recipients should always consider additional verification of their payees details before any money is sent.

SteveH says:
18 October 2019

One of the first rules you learn in cybersecurity is never divulging details of bank accounts, debit or, credit cards. Unless you know the email is completely secure and using PGP keys, and no one as copies of the keys.

I would never send anyone an email with any personal identification details contained within it. Spoofing email addresses is nothing new, it catches many people off guard. But the widest cybercrime is still done via spam and links that capture information from you.

Our government should provide FREE classes in cybersecurity, and show just how vulnerable the average person really is! Better still create a programme for viewing on Tv, so people can understand what goes on behind in the cyberworld.

A recommendation for any future bank transfers. Always send a small amount through to someone to setup the correct details i.e 1p or £1. That way you can directly contact the individual or organisation and verify it has gone through correctly, if it hasn’t you haven’t left yourself seriously out of pocket.

That is a good tip and widely communicated, Tom, but it is not so easy to do with payments to companies where confirmation of the initial payment is not readily available.

Luckily, most major creditors like banks, building societies, credit cards, utilities, stores and such like do not change their bank account details without written notice through the post [not via e-mail] so there is less risk in making Faster Payment Service transfers to them.

Where companies have changed their bank details they usually run both the old and new accounts in parallel for s period and have transfer arrangements in place if both accounts are with the same bank. The golden rule is never to act on an e-mail to change the destination of a payment; always check with the payee directly.

Its possible a key logger has been installed on your computer ,no longer do you need to get access to the computer it can be done remotely , that’s just ONE way out of a whole range of methods like spoofed websites and others, I am looking at a hackers website where they give all the info on hacking emails but don’t ask me to post it.
I have no trouble getting hacking info so even young kids could do it who are well up on computer programming .
My worry for you Christopher is that you might have a malware programme implanted on your computer I don’t even trust Linux and have blocked several programmes that use remote calling this required blocking daemons as port blocking did not stop avahi /bonjour /Samba/ RTP/etc , I lose running a printer for a start and several good programmes including remote access which also means they can contact you but you cant win both ways.
I put them into never ending repeat so I do not lose too many programmes they just hit a brick wall.

Duncan, I think you are right not to trust Linux. After all, Linux is the most popular OS for corporate data servers. So whenever we hear that yet another corporation has been hacked, like as not that means a Linux server has been hacked.

Carmel Costello says:
15 October 2019

Many thanks to all, for this important information, support and opportunity.
Great work, again.

I can tell you that there are discussions ongoing about this in the banks and there isn’t an endless pot of money… it’s likely that customers will be charged a fee for a high value online transaction from next year. So I do not support what this magazine is doing because now the problem falls on everyone, and everyone will have to pay. I don’t think your magazine has thought this through properly.

Peter Moseley says:
20 October 2019

I had a visit out of the blue one day a number of years ago by a bailiff asking for£150 that I did not owe. I did not pay. when I applied for a mortgage some time after I was refused. My solicitor advised me to pay or I could not get a mortgage. So I reluctantly paid.(I was told it would cost me 10k to clear my name) I had been taken to court without my knowledge had a CCJ made against me. English Justice!

Peter in the future read this link of the Debt Advisory Service UK-scroll down to–if you don’t think the CCJ is right and read-

Fiona E.Johnston says:
22 October 2019

Frankly this attitude of not reimbursing people caught by these scammers is showing these criminals the green light. It is really high time that the international community and the financial world got their heads around this issue, when I speak of the International community, I am talking about the United Nations to encourage more co-operation and positive action to track these vile international criminals who pray on these people beyond their on shores. It is not beyond the possibility and has been proved that scammers have used the funds stolen to support international terror groups, especially those from the Middle East. Also if arrested, more robust penalties and I am not suggesting the death penalty by any means but incommunicado with those they are involved as implied, this means no access by computers or telephone except to contact their relatives. I for one, am not sure that this government has been thinking straight by suggesting that prisoners in this country should have access to conventional phones in their cells. This will merely encourage criminals to set up bogus businesses to scam innocent victims from their cells to finance other major crimes.