/ Money

PayUK must ensure that blameless scam victims are protected

The CEO of UK Finance and I have written to Pay.UK to urge it to back a vital scams reimbursement funding proposal. Here’s our letter to its chair, Ms Melanie Johnson.

Update 28/11/2019

PayUK has now rejected the proposal that we set out last month in the letter below.

However, the industry trade body has now announced a three month extension to the current scheme funded by the major banks. The scheme will be extended to March 2020.

This agreement is merely a stopgap that highlights the industry’s failure to secure vital long-term reimbursement for innocent victims of devastating transfer fraud.

It’s clear that a voluntary, industry-led approach to protecting scam victims is not enough.

The next government must work with the regulator to make the code and reimbursement mandatory – to finally ensure millions of people are no longer at risk of losing life-changing sums of money.

Original letter (08/10/2019)

Dear Ms Johnson,

This joint letter from Which?, the largest consumer organisation in the UK, and UK Finance, on behalf of HSBC, Santander, Barclays, Lloyds, Metro, Nationwide and RBS follows the Pay.UK Call for Information and is in support of the Faster Payment Scheme (FPS) Change Request.

Authorised Push Payment (APP) fraud is a crime which can have a devastating impact on its victims, which is why protecting consumers is a priority for us all.

The launch of the voluntary Contingent Reimbursement Model Code in May set a new standard of consumer protection from this type of fraud, with a commitment from signatory firms to reimburse victims provided the customer has met the standards expected of them under the Code.

The Code was produced by the APP Scams Steering Group, which was composed of representatives from consumer groups, the finance industry, government bodies and regulators.

‘No blame’ fund

The proposal set out in the Change Request for an FPS CRM fee will provide a long-term, sustainable funding system for the reimbursement of victims of APP scams under the voluntary Code in situations where both the customer and payment service provider (PSP) have done everything expected of them, known as a ‘no blame’ situation.

Funds gained from the FPS fee will be held centrally in a ‘no blame’ fund.

If the Pay.UK board fails to pass the Change Request, many victims of APP scams could once again risk losing their life savings to this devastating crime.

Following consultation on seven funding options, with responses received from 34 stakeholders, including many Pay.UK participants, the Steering Group agreed that the FPS model is the best method to ensure that reimbursement for blameless victims continues beyond the end of this year.

As well as providing reimbursement in a ‘no blame’ situation for customers of PSPs which are signatories to the Code, the proposed model represents the only long-term funding option that also guarantees customers will be covered if their PSP is not a signatory.

If a customer is a victim of an APP fraud and their PSP is not signed up to the Code, they will be able to take their case to the Financial Ombudsman Service which will have the power to refer the PSP to the ‘no blame’ fund to reimburse the customer.

Reducing APP scams

The proposed fee would provide a financial incentive for the firms involved in push payments to individually and collectively reduce APP scams, above and beyond the minimum requirements in the Code.

The protection that the fee offers consumers could also benefit payment providers and Pay.UK by strengthening trust among consumers in the Faster Payments Service.

The Faster Payments Service was designed for speed and convenience. Unfortunately, sensible pro-customer and pro-growth measures are being exploited by criminals.

Latest data from UK Finance shows that in the first six months on 2019, 95per cent of all APP fraud involved a customer making a Faster Payment. Therefore, it is important for Pay.UK to consider the part it can play in the fight against this growing fraud, by recognising that it has the power to take decisive action to protect end users.

The FPS Change Request, submitted to Pay.UK in June, provides a mechanism to achieve this consumer protection.

As well as being the decision of the APP Scams Steering Group, the Change Request also demonstrably fits with Pay.UK’s strategic objectives. Specifically, these include being “end user focussed” and “acting as a catalyst for change in the payments industry; addressing threats; and supporting industry-wide initiatives.

Protecting consumers

The fight against rising APP fraud has become an issue for society to tackle. Pay.UK is supporting these efforts with its work to introduce the Confirmation of Payee service.

Careful consideration of the case for the CRM FPS Fee is now needed, as Pay.UK assesses the responses to its Call for Information.

This well-thought through and widely supported option is proportionate to payment providers of different sizes, consistent with the APP Scams Steering Group proposals, and widely supported by consumer bodies and much of the financial industry.

We urge the Pay.UK board to accept this proposal, and put the protection of consumers at the heart of its decision.

Yours sincerely,

Anabel Hoult, CEO of Which?

Stephen Jones, CEO of UK Finance.


There are times when things happen that are beyond the control of the user, the banking customer. If some criminal abuses the system in order to defraud a customer in a way that they could not have foreseen and which could not have happened without the system being in place and working as it does -then the banks must take responsibility for it and not allow the customer to lose by it. It only happened because the banks were not clever enough, or thorough enough, or secure enough – and they have to face up to that and do something about it.

I do not support this letter because it is putting a sticking plaster over the end result instead of tackling the root of the problem.

There are many things that could be done right now to fight fraud and reimburse victims.

– Make receiving banks responsible for reimbursing victims and getting funds back from scammers.

– Hold in-out payments for at least 72 hours on accounts that do not have regular income and pay regular bills. This would happen very quickly if receiving banks were made responsible for reimbursing fraud.

– Get confirmation from sender for held in-out payments.

– Banks could give free internet security software to customers and insist they have it installed before allowing them to use personal tech for financial transactions.

– More public awareness. My suggestion is to invite kids to enact short scam scenarios like this to play during popular TV programmes, or Scam Savvy adverts like this for programmes sponsored by Which?

According to Which?, £434 is lost every minute to scams. That is £228,110,400 per year.

Over £228 million in just one year that will be growing every year. Unless some attempt is made to stop it. That growing £228 million should be used to stop fraud.

The banks don’t pay that money back, we do, in the form of higher interest on loans, really bad interest on our savings, extra charges for other financial activities that were once free or cheaper, closure of branches and cash points and now a proposed fee. It is the consequences of the compensation culture that is never considered when demanding reimbursement for life’s woes many of which we should be taking personal responsibility for.

In effect we are paying the scammers to steal from us and keep stealing.

What Which? should be demanding is action to stop fraud not fund it.

We need a dedicated fraud squad funded by and working with the cooperation of all the financial institutions here and abroad. A fraud agency that the public have real access to not an ineffective front desk like Action Fraud.

We need hard sentences for fraudsters and confiscation of their property to reimburse victims and banks so that these crimes do not pay.

Yvonne Duncan says:
9 October 2019

Hi Alfa,

What you say is correct – however, the way forward is to hurt the banks where it hurts most – on their bottom line. Once they feel this pain, they will develop and install appropriate safety-measures to reduce their pain. The customer will go to the ‘cheapest, leanest’ bank, i.e. the one where appropriate safeguards are in place so they do not pay out for criminality.

Is this not the way banks work?


Hello Yvonne,

I find it strange that people condemn the banks but not the real criminals committing fraud on a massive scale.

Surely you see that by reimbursing victims of fraud, you are actually funding the criminals because banks will pass the costs on so it will be the innocent customers who really pay.

You make some very good points. But…

> Hold in-out payments for at least 72 hours on accounts that do not have regular income and pay regular bills.

Campaigning to stop banks keeping interest on transfers by holding over the money for 3 days has meant we can now transfer money instantly. Personally, I have two current accounts, for different purposes, so I can better manage my finances. One does not have regular income and only pays a few, irregular bills. But sometimes I need to be able to instantly transfer money between them to avoid overdraft charges. So I, for one, would be negatively impacted by this idea.

I must agree that putting a hold on transfers defeats the purposes of the Faster Payment Service. I use it so that I can make payments faster knowing that the recipient will have immediate access to the money.

If accounts that experience frequent in-out payments with negligible ongoing balances can be identified then they can be investigated and people like Jake who legitimately uses a second account for particular purposes could easily explain that and the bank need not exercise further supervision.

I am convinced that with a bit more work the banks could quickly identify accounts that are being misused for criminal purposes. Given the number of fraudulent transactions that are reported to take place every year the banks must between them have an impressive list of account numbers already worth examining in detail. After all, everyone who has received a false e-mail requesting the diversion of funds has been given alternative bank account details to which the money should be transferred. I suspect that the banks have been misusing the concept of customer confidentiality to avoid lifting the lid on this scandal because it reflects poorly on the banks’ own performance in allowing accounts to be opened easily without adequate checks and references and closed frequently without proper scrutiny. Up to now the banks have been at little risk and have had little incentive to prevent or investigate these cases. That has to change and the balance of risk should cross over from the customers to the banks.

I don’t accept that a compensation scheme would take the pressure off the banks to manage this problem; they would still have to account for their financial conduct and the government could require all compensation to be met from bank profits with no increase in account charges whether individually or across the board. Has the government been asked to do that?

Jake, like you, I also have 2 current accounts. One stays empty most of the time and is only used for one-off transfers. But it does have history and is with the same bank as my active current account at the same address so I hope I could prove it is a valid account.

Fraudsters set up accounts for a one-time use with fake details. As soon as it is realised an account has been used for fraudulent activity, it will be closed. It is those accounts that need identifying and payments held for verification. A large payment going into a foreign account also needs to be held and verified if it appears to be a one-off. When I paid for a holiday rental direct to Germany, I was questioned at some length by my bank to make sure the payment was genuine and that was some years ago now.

Would we rather be slightly inconvenienced on our little-used accounts or let fraudsters have their ill-gotten gains leaving a trail of misery behind them?

Hi Alfa,

Thanks for your comments.

I don’t see anything wrong with the receiving (criminal’s bank) bank having to pay the victim of this crime. If the criminal’s bank had taken due diligence and not opened the account in the first place(s), the criminal would not be able to receive the victims funds.

The banks will then soon conceive of ways to block such crime. All they’re concerned with is their bottom line and the shareholders will not be pleased if the bank is porous in this way.

The banks must take responsibility for scams against innocent victims of this vicious fraud and not allow the customer to lose by it.

Peter Collier says:
9 October 2019

Well done to the WHICH group for doing what you are doing concerning scams

Institution need to accept responsibility for recovering misappropriated money and to learn from it. If institutions are regularly used for duct activities they need to be banned from trading. Something like the CAA/FAA quality and safety line must be possible.

Peter Smith says:
9 October 2019

No good we think are at spotting a scam the bank can and should more after all a have of some called experts and should be more the man in the street.

Paul Skitt says:
9 October 2019

As a Which member fully support what Which is doing. Those Banks who have re-embursed victims should be praised and given praise

Would this re-embursement funding proposal cover people who have been victims in the past few years?

Andy Pollard says:
9 October 2019

I think that there should be a two tier system, one lower rate for transactions that occur within the uk/european banking system and the second at a higher rate for the other parts of the world that most of the scammed money goes the through.

Michael wall says:
9 October 2019

Banks have our money for safe keeping and to inflate their vaults ,they are responsible for the safe keeping of the publics monies and should be so held in the replacement when they are held to account

The nessesity to have this kind of fund is essential in this era, the overarching need is for the ordinary person to have a voice

Carmen Djan says:
10 October 2019

I was also a victim of a fraudulent scam by travel agents online called Flight Travel Centre who claimed our flights had been booked and confirmed for our charity mission trip on the 31/07/18 to Freetown. We only discovered after several failed attempts to contact them due to an error made on our issued tickets that we were not listed for the flights booked when I eventually contacted the airline directly the day before our scheduled flight. When I reported this to my bank which is Barclays as I had made the flight payment by a bank transfer they assured me it would be investigated by the fraud department. It took over six weeks to get a response from Barclays to say that the fraudulent travel agents had no money in their Lloyds account to which the money had been transferred so there was nothing they could do to refund the money which I had paid for the flights. I was very disappointed with the response I got from my bank as I even had travel insurance for the trip but I was told it didn’t cover payment for a trip that was never made although it had been paid for and they had evidence of the transfer which was made.

John Francis says:
10 October 2019

Fraud is rife in the UK and the fat cat banks play a key part in receiving and paying out funds – they need to take actions to make it far harder for fraudsters to thrive and pay up when they somehow manage to defraud clients in this way

The banks have closed high street branches and they have insisted that we can now have only on-line accounts. I was never happy with these as it was pretty obvious that it would be easy to defraud customers. Now they’re wriggling out of any responsibility for these frauds which they have enabled.

Note – when they were defrauded we gave them £500 billion.

10 October 2019

I do not accept that my bank should be financially penalized if I fall for a scam. The receiving bank must pay, they are at fault for allowing the crooks to operate. If that bank does not accept liability then they should have their licence withdrawn, regardless of which country they are registered in.

Jenny says:
10 October 2019

It would be fantastic to see victims reimbursed from such a fund to recompense these scams, sadly the position banks take is – its your fault, but reimbursing victims does not tackle the root of these crimes .Just reimbursing victims allows the perpetrators to continue on with their criminal activity, and surely we should be cutting off this source of innocent victims money.
I was scammed for over £14k (via the BT scam), and there was absolutely no help from my bank, even though they could see it happening on screen as the scammers took the money in 2 x batches . Unbelievably, neither my bank nor the bank that was hosting the fraudsters bank account (where the funds were transferred to ) showed the slightest interest as to how the scammers actually had access to all these pre-prepared empty bank accounts just waiting to transfer scammed sums into.
How come no one is asking the key question – how are these bank accounts so easy to open ? how can the banks not know what is happening within their own bank ? I believed that to open a bank account required layers of security and validation of the owner, so, how come scammers can just open a myriad of accounts waiting to transfer monies directly into ? Surely, the scammers can only use the bank account once, and they have to take the chance as to whether their scam will deliver £400 or £40K .
The bank account my money was transferred to was ( Bank X) and when I asked my bank how could this happen, their response was ‘ yes, we see a lot of these types of transfers to that bank ‘ ( I’m paraphrasing here )

I do believe that much more work should be done to ensure banks do their due diligence on people opening bank accounts, and make it far more difficult for scammers to open these fraudulent bank accounts, but in all the reporting on these scams, I have never seen anyone ask this key question.

As several posters are asking the same question I will give at least one answer Jenny.
Regardless of the type of scam it boils down to what happens in the bank . The plain truth is that the scammers open FAKE ID accounts across a number of banks not always in the UK , a whole list of UK banks are involved –
etc .
As soon as the money is deposited it is moved through a number of accounts making it untraceable ALL the banks were obtuse never admitting why they didn’t realise the accounts were fake -many refused to answer .
Banks work on the principle if you give/transfer your money to somebody your account has not been hijacked –you told the bank ( by transferring the money into the scammers account ) that it was “okay ” so an electronic transfer of money takes place immediately much quicker than you personally going through the motions at your bank.

The key here is confidence in the banking system banks don’t want people to think banking is unsafe but in the end the bank lets the scammer transfer the money .
When I pay a UK company via a secure telephone line the payment is made immediately –no waiting for days this is to increase business transactions and businesses gain more profit quickly.
Be aware there are a number of different ways of scammers re-leaving you of your money the above is only ONE way.

I think payment by telephone is good provided the process is digital without human intervention, uses the keypad, and is encrypted.

I do occasionally make payments by telephone where a member of staff takes down the credit card details including the security code. I realise there are serious risks in doing that as there is no guarantee that a copy will not be kept and passed to an accomplice in crime.

The same can apply to buying by mail order and writing the details in a coupon but that is still a common method of buying and paying.

The ease with which the delivery address can be different from the card billing address adds another dimension of risk.

Jenny: just to add the accounts are often quite genuine, in fact, but are ‘sold’ to scammers, often by students who need a few hundred and see it as an easy option.

By selling the account to a scammer, the scammer can continue to use it, under the previous owner’s name, before then – as Duncan says – transferring their ill-gotten gains through a chain of associated accounts, all of which have probably been sold to them.

So the system whereby the banks make it hard to open a new account is really the financial equivalent of bolting the stable doors quite a while after all the residents have left.

Jenny says:
11 October 2019

Thank you, very interesting . ..but neither Nat west ( my bank ) nor Barclays ( receiving bank ) were interested which account was being used as the ‘clearing’ account – and so I presume, have not bothered to follow up and close the account ( nor charging the Bank account holder as being implicated in the scam / crime ) thus allowing this account to continue ‘trading’ .
I think in all of these scam crimes, banks have no incentive to tighten up controls, because, once you are a victim of a ‘push’ payment – they claim no responsibility or liability whatsoever , so no impact to them….and in the next breath, close more banks down, push more customers onto online banking and sit back and watch customers bank accounts being cleared out

Jenny says:
11 October 2019

Thanks . sadly, bank 4 was the receiving bank , and didn’t indicate any interest in either investigating or closing the account down

I cant argue with your practical /down to earth logic in your second paragraph Jenny has anybody a rebuttal to that ?

Certainly no argument with Jenny’s second paragraph. I think that is exactly how the banks have dealt with authorised push payments that have been fraudulently diverted. That 95% of bank fraud follows this route says it all. They have been under no commercial incentive to either arrest it through investigation and sanctions against criminal activity or to prevent it through checks and controls on account conduct and activity.

That is why this measure is so necessary; It will place a liability on banks. They will no doubt wriggle and twist, but in those cases where the customer has clearly done no wrong they must refund the misallocated payment.

There is the argument that the existence of a compensation fund will reduce the pressure on banks to act decisively but I think that if there is plenty of effort put into this at the beginning then the conditions which make the scam fruitful will change and the problem will diminish so that there should be less recourse to the compensation scheme. If that doesn’t work, the faster payment service will dry up through a lack of customer confidence and the banks will face higher costs in processing payments the old fashioned way with cheques and over-the-counter payments.

The problems with all compensation is
1. It can be regarded as a business expense
2. It will be recovered from the customers.
What is needed is an incentive to investigate and catch some of the perpetrators rather than just pay off the victims.

We also assume “blameless” victims. However they share some part in the process in that they start the process of payment. I accept many are unaware of the clever scams that are, and will continue to be, perpetrated so the banks should keep all their customers informed of the scams on offer and how to avoid being taken in. Banks should also pay much more attention to the integrity of their customers when opening bank accounts. However if, as Ian says, people sell “legitimate” bank accounts for criminals to use I do not see how the banks can uncover this in time for crime to be prevented.

We need money directed at preventing crime, as well as compensating customers who have suffered a bank’s negligent behaviour.

According to iNews one of the major sources of these sold accounts are foreign students, who have finished studying in the UK. There was also some speculation that Brexit may have exacerbated the issue, since many EU nationals resented the outcome of the referendum and felt no loyalty to the UK as they returned home.

Even so, the AI systems banks now have could maintain a watching brief on these accounts to flag any sudden changes in fortunes.

Alan Williams says:
11 October 2019

I support the draft letter. It can be viewed as cure rather than prevention, but it does not preclude measures to hound the criminals responsible.

Sandra says:
11 October 2019

Can Which help the 3.8million women robbed of their pensions through lack and NO information given Via DWP and government and The short space of time they were given to try and save for an additional 6 yrs that was added on to their pensions.
Backto60 members would appreciate any help you can offer.

The court has made a ruling against the claim and it is for this decision to be appealed. I’d suggest while the legal process is operating the outcome should be awaited.

11 October 2019

Of course these greedy grasping so & so’s who couldn’t care-less about anybody else but themselves be made to pay up in full !!!!
I’d also make all people with this kind of business ethic pay an additional 50% at least…..
It’s got to be STAMPED OUT it’s no use asking them nicely & saying don’t do it again –

the public trust banks to make sure that money deposited with the banks is held safely and securely. If banks fail to do his then they are failing in their duty to their customers and assisting criminals in making fraud easter. Once money is deposited with the banks it is their responsibly to ensure that that money is secure.

If a customer instructs their bank to move money to someone else’s account then the initial responsibility is with the customer; the bank obeys their instruction. One thing that needs to be done is to ensure, as far as possible, that all bank accounts are held by law-abiding people but, from previous comments, this is not always feasible. We also need to educate customers in scams, how to transfer money safely ( for example, move £1 as a trial and check it has arrived in the right person’s account as a sensible precaution) and use name as well as account number and sort code – starting in March.

If banks are negligent they should compensate. However we must remember who pays the compensation; it is the customer, ultimately. Better to track down the fraudsters than just provide automatic compensation.