/ Money

Update: what more can be done to minimise the harm caused by bank transfer scams?

Bank transfer scams

Following our super-complaint last year, the Payment Systems Regulator (PSR) has set out its approach to tackle the problem of bank transfer scams. But will these plans go far enough?

As we pointed out last year, unlike with the protections in place for other payment methods, such as credit or debit cards, those who fall victim to a scam when transferring money from their bank account will find that they aren’t protected.

The PSR has already agreed with us that banks could to do more to protect their customers.

And in its response to our super-complaint last year, it suggested that banks need to improve the way they respond to bank transfer scams, and do more to identify fraudulent payments.

It also proposed a package of work for the industry to take forward.

This included developing common standards to collect data, an approach to responding to instances of reported scams, and proposals for better sharing of information.

Terms of Reference

Under the PSR’s proposed plans announced today, the regulator will examine how other countries approach preventing and responding to this type of scam.

It will also compare how the payments industry tackles other types of scams and fraud, such as those involving payments made by credit or debit card.

In particular, it’s looking at what more the bodies who manage the payment systems (like Faster Payments) can do to protect consumers.

It’s also considering whether banks themselves could be required to do more, if they want to use these payment systems for their customers.

We’re pleased to see the PSR’s commitment to tackling the significant consumer harm caused by bank transfer fraud.

We strongly believe banks need to do more to protect their customers.

Currently there’s little incentive on them to put in place better safeguards, and banks have failed to adequately respond to the problem to date, despite seeing their own customers losing life changing sums of money.

Next steps

We need the PSR to take action, propose new measures and look at banks’ liability when it comes to sophisticated payment scams.

Which? will be responding to the PSR’s proposed approach by the deadline of 21 March.

But, in the meantime, there is nothing stopping the banks from taking a lead and setting out how they are going to ensure that consumers aren’t left out of pocket.

Banks are due to report back to the PSR later this summer, and we expect to see clear and meaningful progress.

If they fail to deliver, then the regulator must step in and require the industry to put in place better measures and checks to prevent customers from losing money to bank transfer scams.

Update: 4 April 2017

Following its consultation, the Payment Systems Regulator (PSR) has published the final Terms of Reference for its program of work to tackle bank transfer scams.

The PSR listened to feedback from Which?, as well as others, and accepted many of our points, including ensuring that:

  • the focus is on seeing better outcomes for consumers;
  • any proposals consider the way that scammers quickly adapt their methods and are future proofed; and
  • there is a clear timetable that starts to deliver real change for consumers quickly.

We will be watching closely to ensure that the PSR sticks to its timetable and makes swift progress.

There is still a massive gap in the protection for victims of transfer scams and there is more that banks can be doing themselves.

It’s now six months since we first raised the alarm, and we’ve not seen many changes from banks in terms of how they’re preventing customers from losing money.

We’re keen to hear from you – have you noticed your bank doing anything differently to protect people from scams? What do you think of the PSR’s approach? Would you like banks to be doing more?


Firstly my two banks have recently taken to sending me emails. I do not trust internet communications at all having experienced scam attempts – almost daily a while ago. This is not for vulnerable members of society and they should be protected from these innovations by those of us that have a voice. Secondly we have very poor internet connectivity in this rural area and it often drops out – so cannot rely on getting messages. Thirdly our local branch has closed and this will mean a 20 minute drive to the next cash-point by car, we have only 3 buses a day and rely on friendly drivers. The people that make these decisions seem to be city experienced and rural inexperienced.


A cautionary note: it’s a really good idea to bookmark the URL for your bank and to avoid typing it in or ever following one in an email. There are a lot of criminals who make a living out of duping folk into visiting fake sites that look uncannily like the real thing. Here’s an example of some of the most worrying:


I don’t understand why anyone was allowed to register these domains, where the URL is so similar to that of the well known company. I hope they have all been taken down.


Domain registration is largely automated, and I suspect humans are barely involved. And the answer to your question is, I suspect, no. The original article is here:


Francis Beardsell says:
31 May 2017

What certainly doesn’t help, is the huge number and variations of Top Level Domains that are available something like 1,500+. IF there was a standard whereby only registered financial institutions could only get a specific domaine (e.g. .bank – similar to .edu), then the risk of fraudulent web addresses would be removed.

Eddy Weatherill says:
16 May 2017

So far, banks have sat on their hands whenever possible following BBA agenda’s because they have been able to do so – regulators have allowed banks to change at their pace whilst allowing scammers to deprive many older people of their savings and their ability to remain independent. Banks have always been quick to make changes which suited them – but not very quick when it’s for the customer’s benefit. PPI and the sale of an unsuitable but very profitable bank product is just one illustration – which took too many years for compensation payouts although regulators could have prevented PPI sales much earlier. It makes a mockery of the FCA Principles -particularly the most important Principle – that of treating customers fairly. – Eddy Weatherill Chief Executive IBAS


Bank transfer scams: the receiving bank must re-imburse the victim, since the bank has allowed a fraudulent account to be opened. In addition, a statutory fine equal to the swindled sum would concentrate the minds of the shareholders and the banks’ managements.


Just as one can recover money when purchases are made with a credit card, so banks should cover the customer risk from credit transfer and other such scams.
The banks have saved money by closing branches and pushing people to paperless transactions, and interfacing with customers online.
It is not in their interest to compensate customers from consequent frauds. But until they are made responsible, and stop putting all the emphasis for caution upon their customers, they will blithely carry on as they are.