/ Money

Update: what more can be done to minimise the harm caused by bank transfer scams?

Bank transfer scams

Following our super-complaint last year, the Payment Systems Regulator (PSR) has set out its approach to tackle the problem of bank transfer scams. But will these plans go far enough?

As we pointed out last year, unlike with the protections in place for other payment methods, such as credit or debit cards, those who fall victim to a scam when transferring money from their bank account will find that they aren’t protected.

The PSR has already agreed with us that banks could to do more to protect their customers.

And in its response to our super-complaint last year, it suggested that banks need to improve the way they respond to bank transfer scams, and do more to identify fraudulent payments.

It also proposed a package of work for the industry to take forward.

This included developing common standards to collect data, an approach to responding to instances of reported scams, and proposals for better sharing of information.

Terms of Reference

Under the PSR’s proposed plans announced today, the regulator will examine how other countries approach preventing and responding to this type of scam.

It will also compare how the payments industry tackles other types of scams and fraud, such as those involving payments made by credit or debit card.

In particular, it’s looking at what more the bodies who manage the payment systems (like Faster Payments) can do to protect consumers.

It’s also considering whether banks themselves could be required to do more, if they want to use these payment systems for their customers.

We’re pleased to see the PSR’s commitment to tackling the significant consumer harm caused by bank transfer fraud.

We strongly believe banks need to do more to protect their customers.

Currently there’s little incentive on them to put in place better safeguards, and banks have failed to adequately respond to the problem to date, despite seeing their own customers losing life changing sums of money.

Next steps

We need the PSR to take action, propose new measures and look at banks’ liability when it comes to sophisticated payment scams.

Which? will be responding to the PSR’s proposed approach by the deadline of 21 March.

But, in the meantime, there is nothing stopping the banks from taking a lead and setting out how they are going to ensure that consumers aren’t left out of pocket.

Banks are due to report back to the PSR later this summer, and we expect to see clear and meaningful progress.

If they fail to deliver, then the regulator must step in and require the industry to put in place better measures and checks to prevent customers from losing money to bank transfer scams.

Update: 4 April 2017

Following its consultation, the Payment Systems Regulator (PSR) has published the final Terms of Reference for its program of work to tackle bank transfer scams.

The PSR listened to feedback from Which?, as well as others, and accepted many of our points, including ensuring that:

  • the focus is on seeing better outcomes for consumers;
  • any proposals consider the way that scammers quickly adapt their methods and are future proofed; and
  • there is a clear timetable that starts to deliver real change for consumers quickly.

We will be watching closely to ensure that the PSR sticks to its timetable and makes swift progress.

There is still a massive gap in the protection for victims of transfer scams and there is more that banks can be doing themselves.

It’s now six months since we first raised the alarm, and we’ve not seen many changes from banks in terms of how they’re preventing customers from losing money.

We’re keen to hear from you – have you noticed your bank doing anything differently to protect people from scams? What do you think of the PSR’s approach? Would you like banks to be doing more?

JNC says:
5 April 2017

Would like the bank give the name of the bank account owner when we set up a transfer to a bank and sort code.This will help me to verify exactly who the money is really going to

david croydon says:
5 April 2017

My Croatian bank does this and has done for years.

graham says:
5 April 2017

i tried to transfer a 5 figure sum from halifax to another bank… i transferred £10 to check i got the details correct . that worked fine. then i tried to move over the larger sum halifax wouldnt let me online do it. so in frustration i tried again thinking i had made an error… i got account suspended ring fraud helpline… after 4 calls and half a day i got through… sheesh so many questions i was on the phone for 30 mins….the balance may have gone to far the other way now?
surely something as simple as when you try to transfer you get a confirmation saying you are trying to move an unusual sum to name of account and bank name,,,please confirm. Then the bank phones and emails you you with an automated confirmation saying please confirm and you have 24 hrs to contact them if you wish to stop the transfer.

Halifax / HBOS go over the top on fraud prevention.
Several times recently I have tried to move money from my Halifax account to MY Natwest account online and every time if the amount was over a few thousand the online transfer was blocked and I had to go into a HBOS branch to prove my identity ( the fact that I have been account holders in both banks for years made no difference),
With banks closing more and more high street branches, it becomes more inconvenient to prove one’s identity.

Paul Rouse says:
5 April 2017

Every Organisation now wants to push every customer online, and many penalise those that cant, or wont. It is that which gives scammers the opportunity to infiltrate.

Mary Weir says:
5 April 2017

It may seem naïve but if one bank transfers money into another bank and they discover it has been a scam, why can’t they just order the recipient bank to transfer it back and close the scammer account, giving the details to the police? Is this out of the question?

Linda says:
5 April 2017

I agree with you.

Michael says:
5 April 2017

They’ll just bounce it around other bank accounts so it’s harder to trace.

Snake says:
5 April 2017

yes there is no reason they could not do this, unless the recipient has withdrawn money already, which is quite likely. But then the bank would also have all the personal details and presumably cctv footage of the person who withdrew the money.

What Mary Weir is saying is exactly what happens with credit card fraud, I have seen orders made in court to that effect, so it is only the individual customer who is penalised in this way.

In my experience with credit card fraud, the banks rarely get the Police involved and the Police are unable to handle it if we report it to them direct – they say that the fraud has occurred outside of their area and that we should contact the Police in that area who then won’t do anything because we aren’t in their area! They encourage fraud by their apathy to the situation….

Regulations should force fraudsters / new account holders to leave large transfers in the incoming account for 24 – 48 hours, so that we have a chance to reclaim our money before the fraudsters move it on.
Apparently dormant accounts (opened by the fraudsters) would also be restricted.

Nationwide now include the following message on the account log in page:

“Protect yourself from fraud
If you receive a telephone call asking you to use your card reader or transfer your money to another account, you should hang up and ignore the request.
For more information on telephone scams and how to protect yourself from fraud, please visit our security centre.
Use this link for our Internet Bank Terms and Conditions
We use cookies on this site to deliver you a secure and efficient banking service.
Always log out of Internet banking after you have finished.”

Linda says:
5 April 2017

The bank should be able to reverse the payment when people are scammed, it’s not always that there will be funds available but as soon as there are they should be taken out immediately. Banks and other financial establishments should be working together on this.

Martin Cobham says:
5 April 2017

If the payee quoted on the payment doesn’t tally with the sort code and account number then the bank should be liable.

Barry Guyton says:
5 April 2017

My bank, Nationwide Building Society, already have a message saying only to use the “transfer money” option if you know the recipient, and not to proceed if asked to transfer money after a phone call or email, without discussing with an advisor. I would like the bank to provide me with the details of the recipient if I only had a sort code and account number, but generally I would not transfer money to the account of someone i did not know, and if asked to send funds to a different account would check with the recipient by telephone first.

The bank account the money goes to must’ve been opened fraudulently or otherwise the thief would be easy to trace and catch. Something the banks could do is to be more thorough with checks when accounts are opened to make it more difficult for the fraudsters to operate. They must be using forged documents to prove their identities so the banks are being negligent in not checking the documents properly.

Dennis says:
5 April 2017

With all the publicity this problem gets surely people should be a bit smarter now & not give any to anyone that you don’t know.
People are always complaining about Big Brother watching us until something goes wrong then they say people aren’t doing enough to protect them.

NOT allow immediate or same day transfer but have a referral point for a customer, like maybe an email to their email address or a text to their mobile phone alerting them that a transfer has been requested, the amount and the intended recipient, so the REAL customer can concur the transfer, PLUS, the banks have access, like with card usages, to fraudulent recipients details, and check to that before ANY transfer for ANY amount is allowed. Also, if first time a person is doing a transfer, make any other reasonable checks anyway to ensure recipient is okay.

I think the government has a responsibility together with other governments to look more closely into the security of Microsoft , Apple, IBM and other computer operating systems , together with telephone and ISP providers. I can not convince myself that even with anti virus software and other checks that nobody can access my PC and phone. The ability of businesses to automatically load software onto my computer to monitor my activity is not acceptable and could easily enable access to my bank accounts, especially if their system has been compromised eg. Yahoo. I want better access control with default of no auto download of apps etc.

brian young says:
5 April 2017

Put a limit on what can be removed from account with the person’s consent.

Cath Lydon says:
5 April 2017

My bank has now started sending a message that I have asked to pay money, how much and who to. Don’t think this will help with scammers though, especially as if it is an instant transfer, the money would have already gone

Banks need to recognise that they have no money: its owned by shareholders & OUR money! Its time the Banks got mugged by Government to force them to pay more regard to those who pay their bloated wages: US!

Having spent 40 years in the banking industry retiring in 1996.
I would like to see all officials fully qualified with their banking qualifications and proper checks under taken when accounts opened, even going back to requesting bankers opinions from banks where present or previous accounts were operated.

While we have moved into internet banking with the modern technology the biggest problem is that management are not trained in basic banking procedures, have limited or no qualifications and are trained purely in sales.
Look at the fiasco re selling PPI.
Need I say more.

Absolutely spot on Mr Judson. It’s too easy to open an account without through verification. My Swedish colleagues daughter was here about 20 Years ago and she had to justify all sorts of criteria including, passport,NI number,letter from her Swedish bank etc. The whole process took about a week before she was able to open an account. I am sure it’s not like that now and yet the banks appear to place the blame on the customer.

Julia Hallam says:
5 April 2017

I agree with the person below, bank should text or e-mail full details, including the name, of the person that the money is going to and not transfer the money until the sender has confirmed that they want to go ahead

This is an old chestnut for the insurance industry.: the unavoidable issue is moral hazard: if the banks are required to cover all scams, then customers will not take as much care to avoid them. Scams will go up. There will be an insurance premium one way or another (and we will all pay it). It will increase as scams increase. The average customer will find banking more expensive. The banks are not charities. No free lunch.

I will ignore any phone call from a “bank”. I also instructed family members to do the same. The difficulty is with fake emails/messages; my parents can’t tell if they are genuine or not and come from a trusting generation. Actions you take from an email are your responsibility – – give account details in any form.

Snake says:
5 April 2017

they could put a limit on withdrawals after a transfer so it cannot be done immediately.
A simple confirmation step as well, asking the user to double check that this is not a scam, have they confirmed the recipient is who they say etc. If you say yes to this and transfer anyway, then I think the blame has to rest with the user at this point, there is no cure for stupidity.