/ Money

Update: what more can be done to minimise the harm caused by bank transfer scams?

Bank transfer scams

Following our super-complaint last year, the Payment Systems Regulator (PSR) has set out its approach to tackle the problem of bank transfer scams. But will these plans go far enough?

As we pointed out last year, unlike with the protections in place for other payment methods, such as credit or debit cards, those who fall victim to a scam when transferring money from their bank account will find that they aren’t protected.

The PSR has already agreed with us that banks could to do more to protect their customers.

And in its response to our super-complaint last year, it suggested that banks need to improve the way they respond to bank transfer scams, and do more to identify fraudulent payments.

It also proposed a package of work for the industry to take forward.

This included developing common standards to collect data, an approach to responding to instances of reported scams, and proposals for better sharing of information.

Terms of Reference

Under the PSR’s proposed plans announced today, the regulator will examine how other countries approach preventing and responding to this type of scam.

It will also compare how the payments industry tackles other types of scams and fraud, such as those involving payments made by credit or debit card.

In particular, it’s looking at what more the bodies who manage the payment systems (like Faster Payments) can do to protect consumers.

It’s also considering whether banks themselves could be required to do more, if they want to use these payment systems for their customers.

We’re pleased to see the PSR’s commitment to tackling the significant consumer harm caused by bank transfer fraud.

We strongly believe banks need to do more to protect their customers.

Currently there’s little incentive on them to put in place better safeguards, and banks have failed to adequately respond to the problem to date, despite seeing their own customers losing life changing sums of money.

Next steps

We need the PSR to take action, propose new measures and look at banks’ liability when it comes to sophisticated payment scams.

Which? will be responding to the PSR’s proposed approach by the deadline of 21 March.

But, in the meantime, there is nothing stopping the banks from taking a lead and setting out how they are going to ensure that consumers aren’t left out of pocket.

Banks are due to report back to the PSR later this summer, and we expect to see clear and meaningful progress.

If they fail to deliver, then the regulator must step in and require the industry to put in place better measures and checks to prevent customers from losing money to bank transfer scams.

Update: 4 April 2017

Following its consultation, the Payment Systems Regulator (PSR) has published the final Terms of Reference for its program of work to tackle bank transfer scams.

The PSR listened to feedback from Which?, as well as others, and accepted many of our points, including ensuring that:

  • the focus is on seeing better outcomes for consumers;
  • any proposals consider the way that scammers quickly adapt their methods and are future proofed; and
  • there is a clear timetable that starts to deliver real change for consumers quickly.

We will be watching closely to ensure that the PSR sticks to its timetable and makes swift progress.

There is still a massive gap in the protection for victims of transfer scams and there is more that banks can be doing themselves.

It’s now six months since we first raised the alarm, and we’ve not seen many changes from banks in terms of how they’re preventing customers from losing money.

We’re keen to hear from you – have you noticed your bank doing anything differently to protect people from scams? What do you think of the PSR’s approach? Would you like banks to be doing more?


It will be a pain for genuine customers opening new accounts but the banks will have to implement better controls over checking the identity of the person opening the account.

Banks already have to verify identities for anti-money laundering purposes but they either take a cavalier attitude or are too easily allowing forged documents to be used. They should also be repeating identity requests at between 1 and 3 year intervals to limit the number accounts that can be sold on to 3rd parties for the purposes of the third party committing fraud when the original account holder is about to move abroad.

Three to five times each year would not be too much of an ordeal if it kept accounts safe, surely ?

J. Davis says:
5 April 2017

My bank has been posting very visible, easy to read advice about common scams and the way to spot and avoid them on the log-in page for the internet banking service.

David says:
5 April 2017

I really feel that the patforms that carry all these scam messages eg microsoft google etc ,should be made to bear liability and responsibiliy. That might reduce our exposure to the scams They have the power to act.

John Barton says:
5 April 2017

There is not much more banks can do except stop all online banking. Those fooled by the fraudsters are the problem, how many times do the banks Ned to tell people before they question spurious e mail’s.

My Bank does implement a very good safeguard on sending money via western union, as when I have genuinely sent money to a supplier via this method they will always block my account until I phone them to say all is ok and wish to proceed on this one transaction.
A most favourite way for scammers is through western union so I must praise my bank in doing all they can to protect my account.

If I the card holder knows that I will get my cash back irrespective I don’t have to think twice or trust my suspicions after all I’m going to get my money back.
The bank is not going to go through this empty handed so down comes interest rates on my saving account and up goes my mortgage rates, overdraft etc
I cant have the best of both worlds So which one do I select.—Turn down the purchase and have the money in my pocket with no problem

In the ‘good old days’ people were paid by cash, so you did not need a bank account. Banks bent over backwards to get your custom.

Now you have to have a bank account, hence the behaviour of the banks, in general.

I think there should be more information to people on how these scams are initiated and in what form should any protection be implemented. Most people get mixed up with Malware compared to Virus’s which I put down top the uneducated media for the confusion. Basically Antivirus will not deal with Malware like Spyware, Ransomware but only deals with Antivirus. So you need Anti-Malware software like Hitman pro, Malwarebytes etc to combat these threats on top of your Anti-Virus software. Making sure you keep everything up to date and do full scans every week and don’t get put off if they take some time to scan or update because you will suffer financially and datawise if you neglect doing full scans and up to date updates.

If I add a new payee both my banks contact me to check that it is correct.

John Moss says:
5 April 2017

I do most of my banking on-line & check my a/cs regularly. My bank gives regular warnings about scams etc. Personally I would never authorise any remotely dubious payment.

Banks need to employ better quality staff, or to train them adequately.
How many bank employees are qualified to provide the level of service that customers require ?
Managers should familiarize themselves with the facts surrounding a customers complaint, and answer a customers questions rather than using fobbing off tactics, by working to a pre-determined script.

The simplest solution and probably the cheapest is for banks to provide an 0800 number for anyone to be able to question if an email or any kind of request from their bank is trustworthy. That and a clear instruction to dial it on a phone which you can hear the dial tone on should be enough. The times I have nearly fallen for them is when I have struggled to find a telephone number to check directly with the bank on.

I dont understand how it is so easy for fraudsters to open fraudulent bank accounts in these days when we have money laundering rules.
However a migrant worker from India told me recently that without even approaching Lloyds they offered him a bank account without asking for all the normal proofs of identity.
I have also been told by Romanians that I know, that it is difficult for genuine people to get a UK bank account because of the proof of identity requirement, but they know of fellow Romanians who have managed to get round this problem by using fraudulent documents – I guess this means that they are using fake utility bills etc.

Robin says:
5 April 2017

I find it impossible to believe that fraudulent payments made to armchair criminals cannot be traced to the recipient by the banks or by law enforcement agencies. Someone, somewhere, collects their booty and the law should be there to apprehend them when they do.

Maureen Wilsker says:
5 April 2017

I was very pleased with the prompt, helpful action taken by the Co operative bank when I had a problem last year. They immediately refunded three separate deductions, helped me change my details and had very little inconvenience.
Recently I have had three false inland revenue resyment notices, which my accountant tells me to ignore.

JamesP says:
5 April 2017

My bank also cross-checks any new payee which I set up. However, many scams which we see reported involve the payee account being emptied as soon as a transfer reaches it, which in itself ought to raise suspicions, and could be an area where banks should intervene. After all, if they verify my new payee, such intervention would be no more invasion of privacy to the holder of the transferee account.

We have to prove to the bank who we are but they do not. I think that the bank should set up security details, including passwords etc, to identify itself to a customer. So that when it contacts a customer the customer can be sure it is the bank & not a scammer. The system is very one sided.

derek says:
5 April 2017

I did a large transfer a few days ago and my bank rang me with 1hour to confirm the transfer was correct and not under any misleading instruction from a third party. Great to see them watching what is going on. Full marks to them. Also all transfers prior to action carry a message advising to check and ignore if ask to move money by ANYBODY.

Put a maximum amount on the funds the bank can transfer without referring back to the customer. This amount could differ from customer to customer according to the amount that us usual for them. A customer with a large account it could be £5000. A customer with a small account could be £500. Any request, however made, if it is in excess of this amount should be referred back to the client. Any payment made above this amount will be th responsibility of the bank, unless they have had the OK from the customer.

5 April 2017

most banks use outdated operating systems ,simple security and old equipment . it seems all they interested in is shift liability to the customers , especially with on line banking. i suspect they are selling customers details for third party , just like the N.H.S , G.Ps, and I.S.Ps . by the way most bank cash point still using window XP .