/ Money

Update: stopping bank transfer scams – what would meaningful action look like?

Our research has found that people are still losing life-changing sums of money to fraudsters exploiting bank transfer payments. So, how much longer should we wait for effective action from industry?

Update: 28/02/19

Several major banks have signed up to a new code that will ensure refunds for thousands of victims of bank transfer scams.

In a huge win for our campaign, seven major banks have signed the code that ensures refunds for victims of bank transfer scams, and greater protection for all their customers. The banks who have signed up are:

■ Barclays

■ Lloyds Banking Group


■ Metro Bank

■ Royal Bank of Scotland

■ Santander

■ Nationwide

These banks will begin a new reimbursement scheme for customers who have lost money through bank transfer scams on 28 May this year.

The new code requires banks, building societies and other payment services providers to put more measures in place to protect customers from bank transfer fraud – and, crucially, enables victims of this type of scam to get their losses refunded by their bank if they have done nothing wrong. But the code is only voluntary.

There’s still more work to be done. In the last two years alone £400m has been lost to bank transfer scams – and we want customers of all banks to be protected.

We’ll be turning up the pressure on the banks who haven’t signed up to the code in the coming months to demand they get on board and protect their customers.

Stop scams

Two years ago, as part of our super-complaint to the Payment Systems Regulator, we collected evidence from nearly 600 victims of fraud who told us they’d collectively lost over £5.5m to bank transfer scams.

Five months on from the PSR’s response saying that they’d found evidence that banks could be doing more, we’ve been checking to see if anything has changed.

We’ve found that people are still exposed when it comes to bank transfer scams, with many losing significant sums of money.

Despite fraudsters continuing to exploit bank transfer scams, we’ve not seen enough evidence that banks are making progress to protect their customers.

Roger and his wife lost £2,000 to a scammer posing as their gardener:

And cases like Roger’s are far from unique. In fact, our latest research reveals that one in 10 people in the UK had made a bank transfer, or knew someone that had made a payment, that later turned out to be to a fraudster. And of those people who had lost money to bank transfer scams, more than half had been victims in the last six months.

Huge sums of money are being lost to these fraudsters, and we found that nearly four in 10 didn’t get any money back at all.

So, today we’ve written to banks calling for them to clearly outline what action they are taking to safeguard consumers from bank transfer scams.

Bank scams

When it comes to banking the general expectation is that banks will look after you as their customer and your money too. But with so many continuing to lose such large sums of money to fraudsters exploiting the system, it’s clear more needs to be done.

The industry, regulator and next government need to urgently take action to tackle financial fraud. We want the next government to set out an ambitious plan to ensure that financial institutions do more to protect consumers from bank transfer scams.

We need your help to do this – please share your scams experiences with us and help keep the pressure on to deliver this change.

Tell us your scams story

Confirmation of Payee plans announced

Update, 11 December: The Payments Strategy Forum has outlined plans for a new payments system architecture in the UK.

One area that the Forum has been examining is ‘Confirmation of Payee’. Currently, when you make a payment to someone the bank will check that the account number and sort code you provide matches the ones on the account you wish to pay.

Throughout our scams campaign, we’ve heard of lots of stories where victims of scams have lost huge sums of money where they have believed they are making genuine payments for things like conveyancing fees or building work, but instead they are using bogus bank details sent to them by scammers.

The Forum has outlined that customers wishing to make a bank transfer will have to now enter the exact name on the account, as well as the other details. This would mean that when you transfer funds to another account the system would also need to confirm the name of the account you are paying matches the name you’ve provided.

If the transfer is to a person, the confirmation system will check to verify if the details are a match or not. If the transfer is a business, the confirmation system will return with the name, address and registration number of the company so that the consumer can check it.

The hope is that this confirmation system will encourage customers to verify details before transferring any money and also help to tackle one aspect of bank transfer scams.

The system will be available from December 2018, although it will be voluntary as to whether your bank offers it to you when you make a payment

We’ve been calling for confirmation of payee for some time now, so while we welcome its introduction, we believe it’s important that banks quickly act to introduce this measure to help protect their customers from scams.

Our Money expert, Gareth Shaw, said:

‘Hundreds of millions of pounds are being lost to these increasingly complex scams, so introducing confirmation of payee is a vital step towards boosting consumer protection.

‘With consumers still at risk of losing-life changing sums of money, banks must now urgently adopt these proposals.’

Update: 18/10/2018

A new ‘confirmation of payee’ service is on its way in 2019 to combat bank transfer scams.

Customers are to be warned if the name of someone they’re trying to pay does not match the account details. With losses to this type of fraud increasing drastically, it’s clear that this measure can’t come soon enough.

While we await its introduction, it’s crucial that an agreement is reached on the funding mechanism to reimburse all victims of bank transfer fraud who have been left out of pocket through no fault of their own.

Update: 25/09/2018

According to UK finance, the trade body that represents the banking industry, fraud victims have lost more than £145m this year to scams that leave them with no legal way of getting their money back. Just 20% of losses have been recovered.

In the first six months of the year, there were around 34,000 cases of ‘authorised push payment fraud’ (bank transfer scams). Losses averaged around £4,260.

Details of a reimbursement scheme are due to be published this week. Gareth, Shaw, Head of Which? Money Online said:

“It’s now two years since our super-complaint highlighted the lack of protection for victims of bank transfer scams, but these shocking figures show just how widespread the problem still is.

Banks’ efforts to date have been woefully insufficient and they have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks.

The Payment Systems Regulator has rightly committed to introducing a reimbursement scheme for victims. It’s about time that banks step up and properly compensate customers who have lost money through no fault of their own.”

Update: 28/02/2018

Win! The regulator has confirmed plans and timeframe for scams reimbursement scheme. Following its consultation on a reimbursement scheme for victims of bank transfer scams, the Payments Systems Regulator (PSR) has today confirmed that it will press ahead with plans to better protect scams victims.

It has also announced the formation of a steering group to design the code that will underpin the reimbursement scheme, setting out the members as well as the key principles and objectives of the group for the next six months. Forming this steering group alongside Which? are Age UK, Toynbee Hall, and representatives from the banking and tech industries.

The group will deliver an interim set of rules by the end of September. These will then be consulted on with a final set agreed by the end of the year.

However, from September, the Financial Ombudsman Service (FOS) will be able to use the draft code when determining new consumer complaints about authorised push payment scams.

We welcome today’s announcement as a step in the right direction. We hope that this will help to ensure the reimbursement scheme properly compensates victims who have been left out of pocket through no fault of their own.

However, the industry must also use other measures to better protect consumers at the point of transfer to stop such scams happening in the first place. These measures could include confirmation of payee, which would add an additional check before a bank transfer is made.

Do you want your bank to sign up to Confirmation of Payee to help protect you from bank transfer scams? What should the banks to do to protect their customers from losing money to bank transfers? Do you think the next government should tackle scams and financial fraud?

David says:
16 May 2017

Any bank holding an account for the scammer should reimburse the scammed 4 times the sum lost and be fined by the state 10 times the sum lost.

Banks should spend money on ensuring the security of our money – I worked in IT back in 2009 (for 3 years) in a large public service organisation and left this employee because I was totally disappointed in the issues regarding security of the I.T functions, funding always was an issue, staff not adhering to given guidelines…..the list is endless..

Have a system whereby if a bank account is ‘cleared out ‘ ( and it’s customer isn’t in the habit of doing so ) that this fact is communicated to the branch before the debit is processed so that a ‘phone call to that customer is made .

David Howarth says:
16 May 2017

My building society, Norwich & Peterborough, has been excellent in supplying customers with information leaflets, such as ‘Money Fraud and identity theft’, ‘Phishing Fraud’, ‘Protect yourself from fraud scams’, ‘Protecting you and your accounts’, and ‘Avoid being an easy target.’

Unfortunately they were taken over by Yorkshire Building society in 2013, and the Yorkshire are now CLOSING all N & P braches, AND closing 103,000 current accounts, leaving account holders to find other banks or building societies to move to! Yorkshire don’t do current accounts!
Other banks would do well to follow the fine example set by Norwich and Peterborough.

Mike says:
16 May 2017

I know it’s in the great scheme of things in the banks’ planning to eliminate cash, but I think the banks should at least rescind all contactless cards. After all , can we really not wait 5 seconds to enter a PIN, or are we so strapped for time!!That would surely eliminate a lot of card fraud. Anyone who uses a contactless card deserves all they get! I send mine back to the bank every time they try to palm one off on me.

Banks should have two way security. They should have a password that they can share with customers. For example one letter each. Customers should be able to ask them questions as well as the caller holding a
L the ace cards. Or what about something simple like being able to ring their local branch and speak to a named person – these things did not happy when local banks looked after customers

When I get a call from 1st Direct I ask for letters from my “special questions”

john moore says:
16 May 2017

Banks should make it much more difficult for scammers to open bank accounts.—-

Banks behave without conscience. The problem lies with successive governments subordinating themselves to the bank cartels that really own this country. The only way to force a bank to be more responsible for our money is for them to be subject to ‘criminal neglect’ laws. If the Law does not adequately cover this, then pass more laws that will ensure it is covered.

Andrew Bassett says:
16 May 2017

Many of these accounts will have been opened with false identities etc. In that case the banks are in breach of their own standards and should be made liable for any losses whether it is one of their own customers or from another bank. As soon as they become liable (or even at risk) the scams will drop and the banks will find ways of recovering the money

We do not let people drive cars who have not passed a test. The government is involved in the driving test process. Even those who have passed the test find themselves caught up in situations. That is where insurance comes in. People pay premiums. They make a claim which they have to support with evidence. Banking should be the same: test, insurance, claim, evidence and settlement. Let bank account holders get insurance and make claims – not directly on the banks but on the insurance companies. The government should force this by making it a requirement of operating as a retail bank to participate in an insurance scheme. The banks need to share in the pain of scams. Otherwise they will stop trying. But they should not have to support negligent account holders. The government may want to help the people who cannot pass the test.

David Gray says:
16 May 2017

some well-known credit card providers appear to have security systems in place that block transactions that do not match the useage profile of the card holder, For example, if I use a credit card abroad without notifying the card company, it will disallow the transaction unless I inform the card company of my intentions to make a big purchase /use abroad.
There is no reason why banks cannot use a similar method of oversight of private accounts. Having said that, those who fall for the scams need to exercise more commonsense and vigilance. If their faculties are impared in the ‘financial environment’ they need to get family and trusted 3rd parties to advise them.
If the banks paid as much attention to this type of fraud as they do to people trying to open new accounts, they would be going a long way to keeping this type of theft to a minimum.
‘Duty of Care’ comes to mind.

Banks should put a name to the account number to which money is to be transferred .

Banks should take greater care in monitoring accounts so that any noted irregularities can be quickly recognised and acted upon.

You are going after the banks to do more. Great. But the banks are not the root cause of the problem . The problem sits between account holders and scammers. The banks create the environment and share some responsibility. But not all of it. Your campaign should look at the big picture. Nobody should have to carry the whole guilt.

david lord says:
16 May 2017

Money never just disappears, it has to end up in an account somewhere. The banks use the excuse that fraudsters use overseas accounts. If certain countries don’t have proper control over criminals operating accounts, then why do our banks do business with them? If I was personally involved in allowing criminals to move money to unsafe accounts I would be prosecuted and face a lengthy prison term. I couldn’t use the excuse that they were based abroad. Why aren’t the banks held to the same (or higher) standards

Every Bank should write to their customer making large type notice warning them not to accept any call from a Bank. The should also have frequent advertisements on TV Radio and in the press stating the same facts.

They should also agree to delay any transaction larger than £50.00 contact their customer requesting proof who the are asking for conformation that the transact is a valid one questioning the customer in detail. If they were to take more information from customers with a password & 2 personal questions such as 1st dogs name & breed and for example grandmothers name.

Tony Rey says:
16 May 2017

Banks must do more to protect Customers. For example they could introduce a unique password/pass phase for all customers so that if contacted they would know whether it was a genuine contact from the bank or a scammer

Surely the money that is paid to any on-line criminal could be traced through an effective international banking system. This could be set up if governments and banks really wanted to stop this criminal activity.

If our money is good enough to help the banks making profits, it should be good enough to be protected. Customers need to be protected, no excuses

David Lrewis says:
16 May 2017

How do I know that this Which? E Mail is not a scam itself? And by clicking a link on it, I won’t download a virus or something similar.

I have two programs which I hope would defend me but it is slightly worrying.

This comment was removed at the request of the user

Hi David, you raise a good point and it’s always safer to be cautious with emails from unknown senders. To add to Duncan’s advice, you might find our guide on how to spot a scam a useful read too http://www.which.co.uk/consumer-rights/advice/how-to-spot-a-scam