/ Money

Update: stopping bank transfer scams – what would meaningful action look like?

Our research has found that people are still losing life-changing sums of money to fraudsters exploiting bank transfer payments. So, how much longer should we wait for effective action from industry?

Update: 28/02/19

Several major banks have signed up to a new code that will ensure refunds for thousands of victims of bank transfer scams.

In a huge win for our campaign, seven major banks have signed the code that ensures refunds for victims of bank transfer scams, and greater protection for all their customers. The banks who have signed up are:

■ Barclays

■ Lloyds Banking Group


■ Metro Bank

■ Royal Bank of Scotland

■ Santander

■ Nationwide

These banks will begin a new reimbursement scheme for customers who have lost money through bank transfer scams on 28 May this year.

The new code requires banks, building societies and other payment services providers to put more measures in place to protect customers from bank transfer fraud – and, crucially, enables victims of this type of scam to get their losses refunded by their bank if they have done nothing wrong. But the code is only voluntary.

There’s still more work to be done. In the last two years alone £400m has been lost to bank transfer scams – and we want customers of all banks to be protected.

We’ll be turning up the pressure on the banks who haven’t signed up to the code in the coming months to demand they get on board and protect their customers.

Stop scams

Two years ago, as part of our super-complaint to the Payment Systems Regulator, we collected evidence from nearly 600 victims of fraud who told us they’d collectively lost over £5.5m to bank transfer scams.

Five months on from the PSR’s response saying that they’d found evidence that banks could be doing more, we’ve been checking to see if anything has changed.

We’ve found that people are still exposed when it comes to bank transfer scams, with many losing significant sums of money.

Despite fraudsters continuing to exploit bank transfer scams, we’ve not seen enough evidence that banks are making progress to protect their customers.

Roger and his wife lost £2,000 to a scammer posing as their gardener:

And cases like Roger’s are far from unique. In fact, our latest research reveals that one in 10 people in the UK had made a bank transfer, or knew someone that had made a payment, that later turned out to be to a fraudster. And of those people who had lost money to bank transfer scams, more than half had been victims in the last six months.

Huge sums of money are being lost to these fraudsters, and we found that nearly four in 10 didn’t get any money back at all.

So, today we’ve written to banks calling for them to clearly outline what action they are taking to safeguard consumers from bank transfer scams.

Bank scams

When it comes to banking the general expectation is that banks will look after you as their customer and your money too. But with so many continuing to lose such large sums of money to fraudsters exploiting the system, it’s clear more needs to be done.

The industry, regulator and next government need to urgently take action to tackle financial fraud. We want the next government to set out an ambitious plan to ensure that financial institutions do more to protect consumers from bank transfer scams.

We need your help to do this – please share your scams experiences with us and help keep the pressure on to deliver this change.

Tell us your scams story

Confirmation of Payee plans announced

Update, 11 December: The Payments Strategy Forum has outlined plans for a new payments system architecture in the UK.

One area that the Forum has been examining is ‘Confirmation of Payee’. Currently, when you make a payment to someone the bank will check that the account number and sort code you provide matches the ones on the account you wish to pay.

Throughout our scams campaign, we’ve heard of lots of stories where victims of scams have lost huge sums of money where they have believed they are making genuine payments for things like conveyancing fees or building work, but instead they are using bogus bank details sent to them by scammers.

The Forum has outlined that customers wishing to make a bank transfer will have to now enter the exact name on the account, as well as the other details. This would mean that when you transfer funds to another account the system would also need to confirm the name of the account you are paying matches the name you’ve provided.

If the transfer is to a person, the confirmation system will check to verify if the details are a match or not. If the transfer is a business, the confirmation system will return with the name, address and registration number of the company so that the consumer can check it.

The hope is that this confirmation system will encourage customers to verify details before transferring any money and also help to tackle one aspect of bank transfer scams.

The system will be available from December 2018, although it will be voluntary as to whether your bank offers it to you when you make a payment

We’ve been calling for confirmation of payee for some time now, so while we welcome its introduction, we believe it’s important that banks quickly act to introduce this measure to help protect their customers from scams.

Our Money expert, Gareth Shaw, said:

‘Hundreds of millions of pounds are being lost to these increasingly complex scams, so introducing confirmation of payee is a vital step towards boosting consumer protection.

‘With consumers still at risk of losing-life changing sums of money, banks must now urgently adopt these proposals.’

Update: 18/10/2018

A new ‘confirmation of payee’ service is on its way in 2019 to combat bank transfer scams.

Customers are to be warned if the name of someone they’re trying to pay does not match the account details. With losses to this type of fraud increasing drastically, it’s clear that this measure can’t come soon enough.

While we await its introduction, it’s crucial that an agreement is reached on the funding mechanism to reimburse all victims of bank transfer fraud who have been left out of pocket through no fault of their own.

Update: 25/09/2018

According to UK finance, the trade body that represents the banking industry, fraud victims have lost more than £145m this year to scams that leave them with no legal way of getting their money back. Just 20% of losses have been recovered.

In the first six months of the year, there were around 34,000 cases of ‘authorised push payment fraud’ (bank transfer scams). Losses averaged around £4,260.

Details of a reimbursement scheme are due to be published this week. Gareth, Shaw, Head of Which? Money Online said:

“It’s now two years since our super-complaint highlighted the lack of protection for victims of bank transfer scams, but these shocking figures show just how widespread the problem still is.

Banks’ efforts to date have been woefully insufficient and they have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks.

The Payment Systems Regulator has rightly committed to introducing a reimbursement scheme for victims. It’s about time that banks step up and properly compensate customers who have lost money through no fault of their own.”

Update: 28/02/2018

Win! The regulator has confirmed plans and timeframe for scams reimbursement scheme. Following its consultation on a reimbursement scheme for victims of bank transfer scams, the Payments Systems Regulator (PSR) has today confirmed that it will press ahead with plans to better protect scams victims.

It has also announced the formation of a steering group to design the code that will underpin the reimbursement scheme, setting out the members as well as the key principles and objectives of the group for the next six months. Forming this steering group alongside Which? are Age UK, Toynbee Hall, and representatives from the banking and tech industries.

The group will deliver an interim set of rules by the end of September. These will then be consulted on with a final set agreed by the end of the year.

However, from September, the Financial Ombudsman Service (FOS) will be able to use the draft code when determining new consumer complaints about authorised push payment scams.

We welcome today’s announcement as a step in the right direction. We hope that this will help to ensure the reimbursement scheme properly compensates victims who have been left out of pocket through no fault of their own.

However, the industry must also use other measures to better protect consumers at the point of transfer to stop such scams happening in the first place. These measures could include confirmation of payee, which would add an additional check before a bank transfer is made.

Do you want your bank to sign up to Confirmation of Payee to help protect you from bank transfer scams? What should the banks to do to protect their customers from losing money to bank transfers? Do you think the next government should tackle scams and financial fraud?

Terence Sean O'Brien says:
16 May 2017

Quite clearly internet banking is NOT safe and secure. I have had my facilities for internet and telephone banking disabled some time ago.

I cannot remember the times when I have been paying something in the teller has tried to persuade me to go digital.

Bob says:
16 May 2017

It’s a sign perhaps of today’s society that the common theme is to blame someone else (the banks) when things go wrong. Anyone unaware of the activities of scammers must have been living on the moon for the last decade. I’m not a fan of the banks but don’t see why they should pay for people’s ‘inattention’…………of course if they do end up paying don’t be surprised if they pass the cost on to you know who!

Totally agree. The consequences are that we pay for other people’s inattention. Otherwise ask to pay by cheque.

Mike says:
16 May 2017

The emerging problem is that fraudsters can show their incoming phone number as the number on the back of your bank card .On many occasions I have had “silent” calls and when I try to call the number back it is not recognised so perhaps we should be looking at phone service providers to ensure that we are able to identify incoming calls as coming from an identifiable number

The point is the banks are allowing fraudsters to open bogus accounts. They should thoroughly check the identity of the person who is opening the account.

Tony says:
17 May 2017

If you saw the Amazon Global website which I was directed to from eBay and given a code to login to view a Mercedes car where payment (£11,800) was to be paid with the transaction monitored by ‘Amazon Global’ you would think again before blaming fraud to a lack of attention by the buyer. The above website had been professionally made with many pages linked to Amazon. So if you clicked on Terms & Conditions for example.. you were reading from the genuine Amazon website.
As it was.. the car was displayed and described in detail with the registration number.. engine and chassis number etc. I did 2 HPI checks on the car using this information with reputable companies and paid for them both to ensure the car was genuine.. not stolen or had finance owed. Those checks both came back positive in favour of the car. Being an extremely careful person I phoned Amazon UK to check they actually supplied this service. An Amazon UK manager could not tell me(!) and transferred me to Amazon USA where staff and eventually a manager also could not tell me if the Amazon Global website I had visited was theirs! In fact it took them 3 days to check and reply back to me that it was not their website. They seemed unconcerned that this scam was involving them with the bogus website and when I told them I had documented everything.. had photos of the website and that I also had the scammers mobile phone number and could forward it all to them.. they just weren’t interested..!
Myself I would never pay by bankers draft and so I lost no money.. but I am sure many others were taken in by the professional way this scam was operated. For you to be so bloody-minded when people are being scammed everyday without help from banks or anyone else.. then I hope you gain some experience yourself and then maybe you will change your tunnel visioned attitude !

Ampox says:
17 May 2017

Absolutely. The phone company (BT) knows and displays the (often nonsensical) phone number on your machine, and when you ring back “we have not recognised the number you have dialled”. Why can they not block a call from a non-recognised number before they pass the call on?

This comment was removed at the request of the user

This comment was removed at the request of the user

Paul Holmes says:
17 May 2017

Dear BOB
Inattention, maybe. But mostly inexperience with a huge dose of trust.
I hope that you never get scammed.

I’m sure its a little more complex than that, but in principle I wholly agree that the phone tech companies must take their share of the responsibility as they are the ones “enabling” the frauds.
I wonder what evidence would be needed to charge one of them with being an accomplice in the crime ?

When the bank wrongly paid a quarter of a million into my account they claimed it back in a matter of days. If they cannot do the same for the scammer’s account then clearly they were even more negligent than the customers in that they paid into an account not checked, as legally they were bound to do, that it was not criminal or terrorist.
Also most scams require the account name and account number not to match as people recognise the name for the person they expect to pay to and rarely if ever the account number. Using account numbers is a idle hangover from the days when a mainframe computer had 64K of memory so every bit counted. There is no longer any excuse for this risky strategy.
We will never see any improvement as long as the bank does not have to pay heavy fines from the dividends and not from the general overheads.

Many places will no longer take a cheque or require a punitive payment for doing so as the banks are so obstructive in dealing with cheques now.

The only person or more likely organisation to blame are the scammers. But instead of blame or compensation what we are looking for the banks to do is participate and instigate prevention. It is usually the most vulnerable that are targeted so for some inconvenience and possible cost is it too much to ask?

STOP closing down the high street banks in our towns, so we can actually keep a personal one to one with a cashier over the counter.. Local cashiers who know the customers help look out for unusual or suspicious activities as proven already in reported cases where staff have intervened and reported unusual (fraudulent) scam.

Mrs Brown says:
16 May 2017

I I totally agree. We no longer have any bank in our village and the bank I have been using for years is closing also. The Clydesdale have been excellent at stopping fraud and reimbursing me. I don’t know if my new bank will be as helpful

Janet Phipps. says:
17 May 2017

As someone whose bank is about to close I am left unable to speak to a real person, use the internal hole in the wall, and many other services. If banks insist we all use cards for everything it is impossible to keep an eye on the fraudsters. We know how easy it is for hackers to get into our bank information (NHS?) and yet I am told by my disappearing bank that I must use my card and computer. I get at least 5 phishing offers from banks every day and only know that I don’t open them because I don’t bank on the internet.

Anonymous says:
16 May 2017

Bankers or should I say Rockerfellers and Rothchilds who run the monopoly banking system don’t care about security aslong as they are making interest on your money.

This comment was removed at the request of the user

Peter Lloyd says:
16 May 2017

The UK banks are so far behind other countries in their fraud prevention processes. In Thailand any payment made online gets authenticated ie you put in the ac no and it gives you the name of the account so it cannot go to the wrong account. In Switzerland any large payment in to an account that has a large payment out immediately triggers a suspicion alert necessitating human intervention, checks and confirmation. This simple circuit breaker would stop most of the big frauds in their tracks. When will the backward UK catch up?

Andrew says:
16 May 2017

I agree with previous comments regarding consumer protection. I’m a believer in protecting customers, hence my many many years of subscriptions to Which?, but there is a point where given the amount of information out there you have to say don’t always expect someone else to pick up the pieces as a result of your own neglect and lack of attention to what is going on in the world . Take a step back, think what you are doing and always consider the possibility that something is a scam, before you hit the enter/send key.

This comment was removed at the request of the user

Hi Duncan
Spot on and don’t forget the large amount of money the Tories get to keep the status Quo. Until a government is prepared to take on the banks head on nothing will change.
Banks commit fraud and rig markets, launder money, and facilitate tax evasion on a daily basis, but they only get a fine equivalent to 10% of the profits they have made doing it.
You or I do it and we get 15 years.

Banks do, I believe, limit cash withdrawals over the counter, partly because of fraud (and we’d squeal if that happened to us) and partly because smaller branches need sufficient cash to service all possible customers. If you do need to make a large cash withdrawal you can arrange it in advance to give the branch the opportunity to top up there reserves. There are similar safeguards for online cash transfers. When we have security it brings with it some limitations.

If a bank fails you are guaranteed up to a maximum of £85k (I believe it went up again) with the exception of temporary large deposits from a house sale, for example.So we all (if we are still rich enough after the election) need to spread any cash deposits around.

Banks don’t hang on to your cash but invest it – that is their business.

The banking crisis happened under a different government who relaxed the rules.

I’m not sure the implication of that statement is not misleading as it seems to be apportioning responsibility to a certain government. If you’re referring to the 2008 crisis, sometimes known as the global financial crisis, that crash actually started in the US sub-prime lending markets and had a huge number of causes, most of which feature excessive risk-taking and fraud within the banks themselves.

For relaxing the rules on lending, however, we need to go back much further to the Thatcher administration. “The election of Margaret Thatcher in 1979 marked the end of the post-war consensus and a new approach to economic policy, including privatisation and deregulation, reform of industrial relations, and tax changes. Competition policy was emphasised instead of industrial policy; consequent deindustrialisation and structural unemployment was more or less accepted”. Every government following that one inherited the web of financial laxity that allowed banks to become far more prosperous and powerful.

It is not misleading; the rules were relaxed. I’m simply pointing out that other governments have had a hand in the way the banking sector was run – or mis-run. We allowed credit – including mortgages – to escalate and created huge debt which also played a part.

Yes, but the turning point was years earlier, surely? You’re right about the huge debts – but the policies that actively encouraged those debts started in the late – ’70s / early ’80s – quite a time before the big crash.

All governments have the opportunity to “put right” previous administrations “wrong” decisions. The point I make is it is not a party political topic.

I agree. But it had to start somewhere, didn’t it? And your initial statement suggested the origin was around 2008, which it wasn’t. I’m not saying easing lending was wrong per se but the whole concept of Monetarism was essentially flawed, I believe.

I did not suggest anything “started” with that administration but that they had a part in it. Financial institutions have always got into trouble – for example in the South Sea Bubble, Tulips, Railwaymania. As I am not an economist (and most of them seem not to agree) but do not see economic models as particularly effective; they operate in a climate that has far too many variables. So I do not blame short term governments for getting it wrong – why would you interfere with an economy you don’t understand that seems to be doing OK? Only when some catastrophe occurs do we see the weaknesses.

You might not now be suggesting it, but your sentence The banking crisis happened under a different government who relaxed the rules. has a clear implication that the relaxation of the rules by that particular government was at the very least partly responsible for the disaster. Now, I accept that might have been partly prompted by your perception that an earlier contributor had identified the Tories (although for precisely what remains unclear) but your statement by itself carried an implication that, by itself, was inaccurate. The crisis had almost nothing whatsoever to do with the government of the day and everything to do with the US sub-prime lending policies and crooked US bankers. In other words, your statement was meaningless – at best.

But we agree on economic models. I’ve said this before, but no one I’ve ever met understands macro economics and specifically macro-international economics. I suspect economics is too close to fluid dynamics and chaos theory to be grasped by anyone.

Oh dear! I suppose I’ll have to be a lot more careful with my words 🙂 My intent was to point out that, whilst the Tories may be kind to the banks, when the banking crisis occurred it was under a Labour government. Whilst no party was solely to blame, government does supposedly figure in the regulation and control of financial institutions. As Labour had been in power for 11 years before the crisis, to say it had “nothing to do with the government of the day” seems a little forgiving. Maybe it says something about the competence and expertise of those in government?

We seem to be off topic.

I didn’t say it had “nothing to do with the government of the day” but I did point out that it started in the US, the financial dealings over which the UK government would have had absolutely no control whatsoever. And we come back to the simple fact that I seriously doubt most Economists fully comprehend macro economics, so the politicians have little chance.

Mervyn King who was critised for failing to see the global financial crises coming, blames the “disequilibrium in the world economy.” and “shared intellectual responsibility across political parties for failing to foresee problems.”
Without banking reform he forecasts another financial crisis is certain.

The BoE however denied all knowledge of Barclays LIBOR fiddle for which they were eventually fined £290m by the FSA and which eventually led to the resignation of CEO, Bob Diamond. Which begs the question, who then was actually playing the fiddle while the global economy burned?

Honestly? I suspect the big banks have become too powerful – more powerful, in fact, than Governments. They’re difficult to challenge, since it needs people with highly specialised skills to do so, and their control of the money business on which governments everywhere depend means they as good as run the world.

This comment was removed at the request of the user

If the big banks are now running the show, why do they continue to employ clowns to help them to self destruct, bringing whole world economies down with them?

Under The Public Finance Act the government is required to act in accordance with the principles of responsible fiscal management, which should mean tighter control to prevent another financial catastrophe and not necessarily bailing banks out after the event.

In answer to your question you’re making the assumption that simply because they enjoy immense power they don’t employ people who are not as besotted with the acquisition of power as they, themselves, are. But they do, and greedy people make errors – just like everyone else. And big money attracts big criminals.

As to your second point, New Zealand has a Public Finance Act, but the UK doesn’t. The EU regulators introduced stringent controls over Bank Bonuses in Dec 2010 and the UK, along with France and Germany, introduced a bank levy in June of the same year. However, whether all this will prevent the greed and criminality (because that’s what it was) that led to the first crash reoccurring is impossible to say. But the immense power wielded by the banks is exemplified in the cases of trans-national corporations, some of whom lose roughly £1bn per year, and who continue to trade and to borrow.

I was in fact referring to the big guys running the show. I have had contact with a few in my time.

Other countrys do have Public Financial Managment Systems.

“Good public financial systems are important for democratic governance, macro-economic stability, effective use of resources available and poverty reduction. .Good PFM systems can also help prevent corruption and foster aid effectiveness.”

Maybe something for the next administration to ponder on during Brexit negotiations. Anything that can prevent another financial fiasco would surely be welcome.

PS: I am off line once again – It’s getting a bit tedious now!

I agree it’s down to management. And it’s poor management that have let the banks, the countries and the world down.

Ann Godden says:
16 May 2017

Why this obsession with on-line banking, know is it quicker, but statistics show increase in fraud is directly proportional to to the banks trying to move all their customers to on-line banking!

Claire says:
17 May 2017

I have been pressurized time after time to do online banking but I refuse because I truly believe it isn’t safe. I also like going into my bank branch and getting served by a cashier and not getting money out of a machine – those are unsafe too.

I told the person trying to pressurise me that I would only do so when they checked that the account name and number matched for all transactions as few frauds would be possible if this was done. I was told by the person that they did do so. I told him this was a blatant lie and he later admitted I was right.
Bank staff are allowed to mislead customers with impunity which is a disgrace.

Banks should be made to contact the customer regarding any transaction that was made in their name for verification before any payment is made

Steve says:
16 May 2017

Nationwide are rubbish all you get as a response from their staff telling you “it is not our problem you as the customer shouldn’t have the transfer”. No we won’t give you a written reply neither we don’t need to.
Oh so helpful ….not!!!

The major banks, such as Lloyds, Halifax and Barclays, should consider repurposing the no doubt large sums they spend on tediously nonsensical television advertising (black horses, choirs and ’empowerment’) to responsible fraud prevention action.

yes banks should protect people against scams has much has possible

Steve says:
16 May 2017

Surely payments can be easily traced , people re-imbursed, and fraudsters reported and subsequently nicked.
After all, the banks have paid out the money, so they MUST know its destination … how could they not?
I can’t believe those earlier comments saying “give banks a break”. As things stand at present, the banks are colluding with the fraudsters.

Put a bomb under them

Bob Lang says:
16 May 2017

Obviously, it’s our money so we should be free to transfer it if we wish. However, each customer should be able to set an “alarm” amount, and any transfer at or above that amount should trigger human intervention at the bank.

Jeremy Burchill says:
16 May 2017

It would not be impossible for banks to cross check the name of the payee on an electronic transaction against the name of the account holder of the account into which any payment (or any payment in excesssof £xxx; or any account to which a payment is being made for the first time) is made. This would in effect replicate the liability of banks in the case of cheque payments.

The names of payees are not standardised – one of the problems. Look at the different ways you can validly make out a cheque to the same person.

Indeed, so it makes sense to halt the payment and confirm the payee.

When computers had a memory capacity of 16 K for a mainframe this was true. To hold every single valid option for the name would still not make a dent in the possible memory capacity compare to a low resolution picture of the account holder.
It actually does not even need that as any valid abbreviations etc can be worked out at the time by the computer,

The industry is looking at this as I said earlier. However, back to scammers as opposed to our errors. They seem to give you account names that mislead you into thinking they are the people you are legitimately dealing with.

If people do not want to use the Fast Payment Service via internet banking, which does what it says on the label, there is no compulsion to do so. There are various alternative ways to transfer money from one person to another involving progressive degrees of security, time and expense. I use the FPS quite frequently to pay all sorts of organisations and service providers from the window cleaner upwards and I would not want it to be slowed down and increased in cost by imposing additional checks and enquiries before the transaction is executed. There are additional verification controls before a new payee is set up and it is prudent on the first occasion to make a test payment of one penny and check its receipt by the payee to prove that the code numbers are correct.

As Malcolm reminds us, account names are not foolproof, and a fool and his money . . .

Note the payee’s code numbers carefully, enter them correctly, check them diligently, and then double check the whole mandate before hitting ‘submit’.

I always print off a copy of the mandate confirmation and attach it to the invoice or statement. If a payment then goes to the wrong account it cannot be my liability if I have used the exact codes set out in the payee’s documents.

Using the internet saves enormous amounts of time or postage. It’s worth using some of that saved time to get things right.

We are used to our computers giving us a prompt if we attempt to make a change so I’m sure we wouldn’t object to a reminder that a transfer may be suspect and to think twice. If Microsoft can do it so can the banks.

maggie says:
16 May 2017

There’s a fine line between protection and interference. I have been irritated by Santander’s security protection which has prevented me from making a transaction on a number of occasions, but at least they seem to be trying to counteract possible fraud.

No. They are trying to look as if they are doing something. There should be accepted accounts where the bank knows the holders are trusted accounts and suspect ones where there should be a a manual verification call to the depositor to see this was really wanted as a payment.
Microsoft do just this with their installation certificates.

We should be able to lock so much of our savings, it would protect our savings, I am sure this could be done easy.

To my mind, the bank responsible for enabling the scammers to open an account in the first place should be held responsible.
The checks are clearly inadequate.