/ Money

Update: stopping bank transfer scams – what would meaningful action look like?

Bank scams

Our research has found that people are still losing life-changing sums of money to fraudsters exploiting bank transfer payments. So, how much longer should we wait for effective action from industry?

Last year, as part of our super-complaint to the Payment Systems Regulator, we collected evidence from nearly 600 victims of fraud who told us they’d collectively lost over £5.5m to bank transfer scams.

Five months on from the PSR’s response saying that they’d found evidence that banks could be doing more, we’ve been checking to see if anything has changed.

Stop scams

We’ve found that people are still exposed when it comes to bank transfer scams, with many losing significant sums of money.

Despite fraudsters continuing to exploit bank transfer scams, we’ve not seen enough evidence that banks are making progress to protect their customers.

Roger and his wife lost £2,000 to a scammer posing as their gardener:

And cases like Roger’s are far from unique. In fact, our latest research reveals that one in 10 people in the UK had made a bank transfer, or knew someone that had made a payment, that later turned out to be to a fraudster. And of those people who had lost money to bank transfer scams, more than half had been victims in the last six months.


Huge sums of money are being lost to these fraudsters, and we found that nearly four in 10 didn’t get any money back at all.

So, today we’ve written to banks calling for them to clearly outline what action they are taking to safeguard consumers from bank transfer scams.

Bank scams

When it comes to banking the general expectation is that banks will look after you as their customer and your money too. But with so many continuing to lose such large sums of money to fraudsters exploiting the system, it’s clear more needs to be done.

The industry, regulator and next government need to urgently take action to tackle financial fraud. We want the next government to set out an ambitious plan to ensure that financial institutions do more to protect consumers from bank transfer scams.

We need your help to do this – please share your scams experiences with us and help keep the pressure on to deliver this change.

Tell us your scams story

Confirmation of Payee plans announced

Update, 11 December: The Payments Strategy Forum has outlined plans for a new payments system architecture in the UK.

One area that the Forum has been examining is ‘Confirmation of Payee’. Currently, when you make a payment to someone the bank will check that the account number and sort code you provide matches the ones on the account you wish to pay.

Throughout our scams campaign, we’ve heard of lots of stories where victims of scams have lost huge sums of money where they have believed they are making genuine payments for things like conveyancing fees or building work, but instead they are using bogus bank details sent to them by scammers.

The Forum has outlined that customers wishing to make a bank transfer will have to now enter the exact name on the account, as well as the other details. This would mean that when you transfer funds to another account the system would also need to confirm the name of the account you are paying matches the name you’ve provided.

If the transfer is to a person, the confirmation system will check to verify if the details are a match or not. If the transfer is a business, the confirmation system will return with the name, address and registration number of the company so that the consumer can check it.

The hope is that this confirmation system will encourage customers to verify details before transferring any money and also help to tackle one aspect of bank transfer scams.

The system will be available from December 2018, although it will be voluntary as to whether your bank offers it to you when you make a payment

We’ve been calling for confirmation of payee for some time now, so while we welcome its introduction, we believe it’s important that banks quickly act to introduce this measure to help protect their customers from scams.

Our Money expert, Gareth Shaw, said:

‘Hundreds of millions of pounds are being lost to these increasingly complex scams, so introducing confirmation of payee is a vital step towards boosting consumer protection.

‘With consumers still at risk of losing-life changing sums of money, banks must now urgently adopt these proposals.’

Do you want your bank to sign up to Confirmation of Payee to help protect you from bank transfer scams? What should the banks to do to protect their customers from losing money to bank transfers? Do you think the next government should tackle scams and financial fraud?

Comments
Guest
Steve G says:
20 December 2017

If it adds a bit of extra time, while the Banks check the payee’s details, so be it. Losses like these to individuals (as well as Companies) are a poor reflection on the security and fairness of the Banking system.

Guest
Andrew Wainwright says:
20 December 2017

This is a great idea but I am concerned that scammers may use it to find out the names on accounts by trawling through account number after account number. It would be better for the sender to input the account holders name, or at least part of it. The full account name is obviously impractical; is the first name in full or just an initial, are initials separated by full stops or not, is “Mr” or “Mrs” used. So if the bank’s system could recognise a part of the account name, this would probably provide the required level of security.

Guest

I agree with Andrew’s concerns, mainly because I have similar confidence in a bank’s priority for its customers’ security, as I have for political awareness of the realities of daily life for ordinary citizens. Anything which can provide greater, simpler involvement for individual customers in controlling the security of their own payments, rather than leaving it to the banks and then having to rely on their “independent” status should a problem occur.

Guest

As I understand it, to avoid this trawling to find details, you input the specific name of the account (you’ll need to find this out) and the bank will simply say if it is correct or not before you confirm the transaction.

I’m not clear though why the alternative would worsen security. if you have a cheque from someone this contains all necessary account details.

Guest
Robin says:
20 December 2017

There should be a sort of holding pen/account for monies being transferred so that the genuine buyer & seller can check details before money is released.
Having been the victim of money transfer fraud I asked my bank if they new where the money went & they told me it was transferred to an account in the Elephant & Castle district of London.
Action Fraud were contacted but held out little hope of getting the £5000 back.
I then created another email address & contacted the scammer as if a new customer. The same product was on offer but of course I was non committal re a purchase.
I contacted Action Fraud so that they could follow the same route to possibly trace the culprit.
On telling them what I had done to find out more I received a severe telling off & was told that what I had done was probably illegal !
Action Fraud made a case note & number & told me to call them at a future date for a report.
When I did so I was told no action would be taken.

Guest
Patrick Taylor says:
22 December 2017

It is a bit of a shock to find that Action Fraud is actually a collator of information rather than some aggressive policing action team. I symapathis wilth all who have become victims of a banking industry which has only been concerned with its own profits and simple systems. And of course shoddy account opening systems.

As an ex-banker I am aware of the chnages that the banking industry, through the BBA, agrees certain practices. I would point out that using cheques requires the recieving Bank to check it goes into the named account, and indeed one could croos the cheque for the correct bank. Adding the account number is probably Ok too. Any branch of any Bank accepting the cheque for the wrong account is liable for the value.

Good system isn’t it. Guess why banks have been keen to get rid of them . And of course they have to cheque the signature is legitimate. Doubly troublesome for the banks but doubly safe for customers.

BTW in France bouncing cheques or even a single cheque is seriously bad news with “huissiers” chasing up the bad debt for you. And the Bank of France banning you from any banking facilities for five years. Tough love works.

Guest
RParker says:
20 December 2017

Banks have to do a lot more to secure our money before they force us into a virtual money paperless society

Guest
John Hamilton says:
20 December 2017

Surely this will help protect some of the most vulnerable to scams namely the elderly this has got to be a step in the right direction, however, more needs to be done especially from the banking fraternaty who lets face it are well paid (with the of exception of the grass root employees).

Guest
joe mccallion says:
21 December 2017

it annoyed me when the bank allowed a direct debit from a year previous to be paid even though the card had run out and i had been issued a new one 4 months previously with different numbers on the card

Guest

I have just got a bitv of news from America it relates to the new “service being provided by several companies to “protect your data ( at a cost/year ) . All is not what it seems though -under =please dont buy this identity protection services a major virus protection app company which I trust and havec praised in the past has along with a professional digital checking company has found out that – Lifeblock+ Identity Works+ Identity Force -and others ioffer a protection service BUT they collect your social security number =birthdate- email address home address + phone number etc . Part of the service is a search on the Dark net for identity fraud websites holing your data BUT those websites are “bullet proof hosted ” they neither answer to threats or legal action . While you can fire up Tor go onto the Dark Web get your social security number none of those paid for security companies can do “doodle squat ” about it. Those companies and UK versions will soon be offering those services in the UK — remember what I said , even the “great ” Brian Krebbs agrees.

Guest
William McCall says:
22 December 2017

Banks are closing branches and becoming evermore part of the online world. They have actively persued the elimination of cheques and cash and all these actions give them a clear commercial advantage. These actions have consequences and they can’t behave like spectators and pretend they have no responsibility for the financial safety of their customers. In fairness the banks have reacted but very slowly and, seemingly, reluctantly.

Guest
Diane Boustred says:
22 December 2017

This requirement should be made compulsory on Banks. If my current bank did not provide this safeguard I would move all my banking requirements to another bank that did, pronto!

Guest

And that is the best way to deal with any provider with whom you are dissatisfied 🙂 . Unless anyone knows of obstacles that the new system might introduce to certain banks, my suspicion is that the “voluntary” bit is a formality to avoid legislation perhaps, and that all, or most banks, will provide the service. It is just as much in their interests as their customers.

Guest
Stuart Clements says:
23 December 2017

Having just moved house with the transfer of money and all that entails this matter is strongly in our mind. Electronic transfers are so easy but with the well known risk. We are lucky our solicitor is local and could receive cash so easily but why should we have to when some commitment by the banks could ease the worries.

Guest
Ian James says:
23 December 2017

The banks in there efforts to force us to go cashless should at least make sure they have a robust security framework before embarking on this. They have an obligation to the customer to protect them, though you woudn’t think so at times. It is the banks that are pushing the pace of change but they don’t seem to take into account the age of some of their customers or consider the difficulties the elderly have with online and cashless banking. All the safeguards and protection processes need to in place and fully tested before we go down this route – if we ever actually do go cashless.

Guest
Paulette Fay says:
23 December 2017

It gives you peace of mind when doing any cash transactions

Guest
Elizabeth Chell says:
25 December 2017

Would you sign up to it Which?

Guest
Christine Clarke says:
27 December 2017

Anything that makes bank transfers safer is good. I believe ALL banks should have to do this as a mandatory step to protect their customers.
I also think that there should be a delay in transfer time to allow payees to change their minds if they think they have made a mistake.

Guest

Not all bank customers who do on-line banking want a delay in payment transfers. I have a list of about twenty regular payees and in most cases I want to make same-day payments. These are payees whose account details do not change from one payment to the next.

If I want to delay the payment [for example, until nearer the due date for a credit card bill] I can set that option and specify the date; that is not so that I can reconsider the transfer or change my mind [which I am not sure is possible although the bank could probably stop it for a fee] but so that I can manage my account. I see no point in the banks offering their customers use of the Faster Payments Service if it is going to be subject to delays. And would the delay be one working day, two working days, or what?

For transfers to new payees, the advice that has been given many times in these Conversation holds true: make a nominal trial payment first and then transfer the balance when you have had confirmation of receipt of the trial amount.

Guest
Amma says:
1 January 2018

We bank customers have been conned into substituting secure payments for speedy transfers with all the risk for wrong transactions landing firmly at our feet of the customer. How the industry has made life so much easier for the conmen. For ages I have wondered why we have not make more of a fuss en masse about the insecurity and risk forced on us by the banking industry. Particularly, since the big bank bail
our using our taxes after years of what I can only describe as dodgy dealings.

Guest

As John says above, and many elsewhere, online payments are generally secure if you do them correctly, check you have the correct account details and have not made a mistake typing them in, and for a new payee take the simple precaution of transferring a nominal amount and checking it has been received before committing the balance.

This year banks will introduce “confirmation of payee” adding a third item to the information required. It seems the option chosen will be for you to declare the account name when preparing the payment and your bank will simply tell you whether or not this matches the other account details. You can then choose whether to continue with the payment, or not.

Guest

Considerable diligence will still be required when the third security factor of payee confirmation is introduced. Customers must check that the account description they give is exactly the same in all respects as the account name they wish to credit. Some firms have different account names to their trading names, or have dates within their titles, so all those discriminating details will need to be checked. People should not enter an account name and just click ‘confirm’ when a match is indicated, they will need to take time to review the information and verify it. The consumer hasn’t won the battle yet and cunning scammers will exploit every weakness.

Nobody has been pressurised into using the Faster Payment Service: it is entirely optional. There are several other ways to make cleared payments with different degrees of security and speed. Banker’s Drafts are still available. Secure transfers are available where a senior officer at each bank will personally supervise the transfer at each end. Normal BACS transfers and cheques can still be used but require clearance. Apart from cheques, there are direct fees for each of these methods rising in proportion to the degree of security, clearance and speed, and for a major transfer a controlled secure process might be more appropriate. For years solicitors and conveyancers have relied on BACS and there have been few problems; the fee is only around £25-30 and is probably worth it for a critical and high-value payment.

Guest

The exact (“official”) account name must, presumably, be entered by the payer and unless the payer gets this right, they will be told the name does not match, as I understand it. They should then not proceed with the transaction until they have the correct account name. It no doubt still leaves room for error (unless the bank blocks the transfer until the correct information is given, but I am not clear if this is the case) but it seems far better than the present system.

Guest

Yes, it should be a major improvement. I would hope the bank will block the transfer until the payee name given exactly matches the account name held by the bank. Where there is more than one account with a certain name the sort-code and account number will still be the determining factors.

When I lived at No. 27 in a block of flats another John Ward lived immediately below me in No. 20 and we both had accounts at the Midland Bank. In those days most bank transactions were processed and reconciled manually and occasionally there would be a mix-up in the documentation. Of course, the bank never entirely took responsibility – same first name, same surname, same building, same street address, same town, same postcode, etc, and just a slight difference in the door number. But it was all sorted out amicably. In those days the branch manager would write a polite letter to the customer and invite them in to sit on a green leather-upholstered chair and admire his maple desk and panelling. Nowadays you have to stand in a noisy banking hall and communicate in public with a person who has never seen your name before.

Guest

Our bank has a little office away from the tills with comfy chairs and a nice member of staff. If the bank is a little busy and they are free you are invited in to complete your transaction. Not all banks are the same……

Guest

Yes, my main Nationwide branch in Norwich is like that, but the local one and some other local bank branches have gone open plan. Barclays is the worst. There’s acres of space but it’s like a bear garden. They want everyone to do their business at a terminal. I mean, even the bears don’t do it there.

Guest
Kate says:
2 January 2018

I do not have enough detail on the proposal to sensibly comment and judge ‘yes’ this is great !
It does seem to put the onus onto the individual rather than the organisation. And frankly, sounds a tad simplistic. Scammers are not simple and I suspect would readily find a way of dealing with a confirmation of payee request by inventing one of their own to present to the individual online. More work and ideas required.

Guest

If the concern is about “Confirmation of Payee”, it works by the payer giving the account name to their own bank (together with account/sort numbers) who send to the payee’s bank. They check and respond to the payer’s bank who then tell the payer whether the account name is correct or not (if it is a private account). I don’t see how the scammer can intervene in this process. But you may see a way?

Guest

Mistake

Guest
Doug says:
2 January 2018

While entry/check of a third piece of information might help with cases of mistyped sort code/account numbers I don’t see how its going to help with the main aim here – bank transfer scams. The scammer has already managed to persuade me to enter their sort code and account number so they’ll just tell me the account name to use/expect and nothing will have changed – apart from more work for me, for every payment I want to make quickly and efficiently. I would suggest a better method would be similar to when credit card companies helpfully or unhelpfully stop transactions awaiting additional verification but on the scammer accounts so that no more money can be transferred in to it until verified. e.g. there are going to be patterns – lots of money going in/coming out during the day, small/zero balance at end of day but a high daily/hourly balance or volume of transactions.

Guest

There seem to be at least two types of scams. One, where an email is intercepted from someone you expect to pay, substituting a different sort code and account number. They are unlikely to open an account in an identical name to the person you expect to be paying so you will simply need to supply the name you expect to pay, and the bank will return a negative.

Where someone simply sets out to scam you – an offer you “can’t refuse” perhaps – then no doubt all the data they supply matches. But as in any other transaction you need to understand what you are doing – as in why do you decide to fall for the scam? Who is responsible for your loss then? If the bank has been negligent in setting up an account for known fraudsters then they have some blame, but otherwise I’d suggest the person themselves is responsible.

Guest

I set up a new payment transfer this evening. I could only enter eighteen characters [including one space] for the payee name – not enough in this instance. This will have to be greatly expanded when the new scheme comes into operation.

Guest
Janet Langley says:
3 January 2018

the more secure the checks the better, when I am transferring large amounts I want to make sure that it goes to the right person/business. Just hope they do not take away all the high street branches where this can be done safely!

Guest

Janet, at the risk of repeating advice given intermittently in these Convos, if you are intending to transfer a large amount online, begin by transferring £1 to the intended recipient and then check with them personally to ensure it was safely received. Then you can repeat the transaction for the balance knowing you have not made a mistake – assuming your banking app has kept the account details and you do not have to re-enter them.

Guest

Large amounts of money ?? Lucky you to have so much I have just 2 halfcrowns to rub together no more better to have halfcrowns than not have 2 halfpennies to do it with A stupid comment from me again you all will say and I agree with you

Guest
Alan says:
7 January 2018

Many years ago, banks removed blank paying in slips from counters specifically to stop this kind of fraud. Now that digital payments are the norm, it is a natural progression to verify payees when paying digitally. This will not stop fraud but will be a useful addition to making secure payments. The banks should have adopted this years ago!

Guest
Gail Williams says:
14 January 2018

Years ago, back in the 60’s when I was a bank clerk, before computerisation, Account Payee, Account number and Sort Code were all checked for exact match and if it didn’t match EXACTLY the credit or debit would be ‘bounced’.
I NEVER do a BACS transfer without putting the EXACT payee account name on the transfer. At least by doing this you have ‘some’ redress with you bank if it goes to the wrong account. I know most people don’t bother these days as it’s not strictly necessary but without the payee’s name on the transfer you don’t stand any chance of compensation.