Why TSB has decided to refund fraud victims

I sincerely hope that companies will take precautions to make sure that they do not refund money to customers who have failed to behave responsibly or made fraudulent claims, as pointed out by NFH.

I am appalled by the delay in implementing ‘Confirmation of Payee’. That or an equivalent scheme should have been in place years ago. In my experience, most companies don’t even advise customers to make a small trial payment prior to transferring larger sums.

As far as I can see to be able to include all banks (which is presumably essential for it to be effective) in a agreed CoP system is not a straightforward job, but is well underway. If you look at the consultations that have taken place I think it is apparent that the process is not that simple. https://www.psr.org.uk/sites/default/files/media/PDF/PSR-CP-18-4-consultation-general-directions-confirmation-of-payee.pdf

It would be useful if Which? gave a factual account of exactly what is involved in getting a workable system, that works within regulations, up an running effectively and where it is currently at. Or asked the BBA or UK Finance to explain. Then we could perhaps discuss on a better basis.

The increase in fake payees leading to fraudulent transfers seems to me to be a relatively recent phenomenon that Confirmation of Payee is designed to help address. But I may be wrong.

I totally agree with alfa. I feel TSB’s “fraud refund guarantee” is a publicity stunt in an attempt to remedy the bad publicity caused by last year’s fiasco in which it became known as the “Totally S**t Bank“. The guarantee will not encourage customers to behave more responsibly or protect TSB against fraud. I prefer Barclays’ television-based campaign of educating bank customers, not only its own, of fraudsters’ modi operandi.

On a positive note, I commend TSB for generously compensating customers who were affected by last year’s fiasco. Because this was done privately between bank and customer, it did not generate the positive publicity that it deserves.

I have trouble following the logic of this introduction. I suspect NFH is correct that it is marketing to generate custom on the back of a problem. I’d like to see the focus on minimising the problem, educating customers and not providing a sticking plaster of compensation when it is not appropriate.

I believe that banks should do two things:
One, where possible, is to deal with accounts that may be used fraudulently. That may upset or inconvenience some quite legitimate account holders but worth the complaints that might arise. Where an account has early been used fraudulently then, like NFH, I believe the bank holding that account should take primary responsibility.

Two, customers have different abilities. Banks should have a responsibility to offer account facilities at different levels to minimise clients getting into too much trouble if they fall foul of a problem. Perhaps limiting a daily transfer amount without a separate form of authorisation agreed between customer and bank. Perhaps a limited list of people to whom transfers can be made without an additional authorisation if a new one is added. Perhaps a second person – family member, for example – to authorise certain types of transaction.

However we all make mistakes occasionally and if it is our mistake we should face up to it and try to remedy it but not expect a bail out as a matter of course. and some succumb to greed – an offer that is too good to be true. I don’t want to compensate for that.

If I have an accident that is not my fault I expect my insurance company to compensate me and hopefully recover the money from the insurance company of the person who caused the accident. In some cases the blame is shared and maybe that is what needs to happen when a customer has not taken good precautions to avoid fraud.

You buy insurance, at a cost to yourself, to cover this. If you don’t pay for insurance you you may well not be compensated. Are you suggesting we could take out insurance against being defrauded? We do it against theft – home and car for example. Maybe that is the answer, but you’d still have to satisfy the insurer that you took reasonable care, and that should apply to financial transactions as well.

Malcolm, I think that wavechange’s point is that the errant party should ultimately foot the bill, even if another party (e.g. sending bank or insurance company) reimburses the victim in the meantime. In this case, the errant party is the receiving bank for allowing its accounts to be used for fraud.

What I have in mind is that compensation for fraud should depend on the extent to which the customer has been at fault. I don’t see that anyone deserves compensation if they have passed on their PIN or password. I’ve suggested before that it would be useful to refer to these as ‘secret PIN’ and ‘secret password’ to emphasise that they must not be divulged. I am not suggesting that we should take out insurance, and that might lead to complacency.

I strongly believe that until Confirmation of Payee is implemented the banks should pay full compensation if money is not recovered if there is a minor error such as a single digit error in an account number or sort code. It’s disgraceful that the industry has allowed payments to be made without making use of the payee’s name.

NFH – Yes, that’s what I had in mind.

With regard to incorrect account numbers, it’s a further disgrace that the UK has failed to implement IBANs, which have two check digits to ensure that the full IBAN is correct. IBANs are compulsory for bank transfers within the Eurozone. The UK should make them compulsory too, as they prevent errors.

If a customer makes a mistake in the details they use to make an online payment that is their mistake. If I make a mistake in the amount I pay someone online, should the bank compensate me? I cannot see why the bank’s customers (they who ultimately foot the bill) should be held responsible for my carelessness. I think we can go too far down the excuses for lack of responsibility. Check the data you input before you do so.

NFH, as above I, too, consider the receiving bank has the responsibility but if my own bank cannot recover the money then I am not in favour of them compensating a careless customer automatically. The pressure should be on banks to increase security, although customers may be inconvenienced. Investigating account openers more diligently maybe.

I see nothing “disgraceful” going on. It seems to be a system that has worked well enough until relatively recently. It is now being improved in the light of events. But I’d like the facts of the simplicity or complications attached to a CoP introduction before we simply condemn the banking system out of hand. The published literature suggests to me it is not simple. I’ve asked Which? if they might obtain a factual explanation.

Yes, and I remember we had a discussion about this years ago. At the time I was familiar with check digits in other applications but not in banking. Sometimes you don’t need to innovate but to copy good practice.

malcolm r says: Today 16:34

If a customer makes a mistake in the details they use to make an online payment that is their mistake. If I make a mistake in the amount I pay someone online, should the bank compensate me?

I suppose that might depend on whether the person concerned suffers from – say, Dyscalculia, or another condition. I have some sympathy with those who argue we shouldn’t be made to pay for those who make mistakes but perhaps if banks insisted that all new payments were to be prefaced with insignificant trial amounts, to check the details were correct, that might be a good move. Certainly extremely easy to implement for new payees.

I was going to write something very similar, Ian. In the last week I reprimanded a company that required a minimum of £1000 to be deposited to open an account. Failure to provide advice to make a test payment – and make it possible – should be a significant factor in deciding whether compensation should be payable if money goes astray and cannot be recovered.

I have known computer users who are not aware that they can easily zoom-in to enlarge text on the screen.

We have recommended, on a number of occasions, people pay in £1 to a new payee and check it has been received before transferring a larger balance.

If people have a condition that makes their online banking insecure then independent standard online banking is not for them. Or they need help dealing with it. I suggested earlier that maybe banks should offer different levels of online banking to suit people’s abilities and disabilities.

Safeguards need to be put in place for those with medical conditions. Trial amounts, delayed payments, secondary authorisation are all ways of providing added security. It might sound harsh, but if customers don’t declare medical conditions should we be paying for their mistakes?

Kent Reliance by any chance wavechange?

Well remembered Alfa. Who needs Google tracking. 🙂

I’m in favour of customers having to jump through a few hoops, but it’s the companies that have to initiate this.

I didn’t remember, we are doing the same thing and their rates are/were the best (They just dropped but we got in just in time.)

I am glad to hear that Alfa, since I did not remember writing about KR. 🙂 I can thank Which? for helping me with the choice.

Nicely summarised, alfa. But shouldn’t we responsible customers of the banks feel sorry for those who have fallen for scams, and chip in to make sure they are not out of pocket? Then they needn’t be so stressed when going on line that they might get it wrong and lose out. We can’t have unhappy people, surely?

Alfa – Thanks for your efforts. Education is always worth trying but not everyone is receptive.

Many sit through speed awareness courses. I have not attended one but have often heard that they are useful and the incentive for attending is that you can avoid having your licence endorsed.

Perhaps fraud awareness courses might be useful. One possible incentive would be to require customers who had been victims to attend a fraud awareness course if they wanted to continue to remain as a customer of that company.

According to The Sun, TSB is launching fraud education workshops at selected branches.
https://www.thesun.co.uk/money/8864916/tsb-becomes-first-bank-to-promise-innocent-fraud-victims-refunds/

I copy and paste details where possible and always check the confirmation screen. I knew about sending test payments well before I transferred money online. I have never lost a penny so far.

The banks have still not implemented confirmation of payee or a similar scheme to spot minor mistakes, and as NFH has reminded us, the UK should be using IBANs.

It’s not just customers that need to behave responsibly.

CoP and IBANs could be reported on factually by Which? with assistance from the banking industry so we hear first hand what the problems, if any, are and why it takes time for them to be introduced. We would then have a sounder basis, hopefully, for discussion.

Both the first two scams on the recording sound like the fraud was committed by scammers with inside information.

With these types of fraud stories, I always feel some of the facts are missing so it is hard to understand the full story and how the first person got compromised.

The second scam was particularly nasty to a person in a very vulnerable state having recently been widowed. Someone had to know she was an easy target. In other circumstances, she might have realised it was scam. This

This second scam shows why number spoofing should be illegal. It also highlights the need for education.

If we had a joined-up police fraud squad, thorough investigations might actually catch the culprits of these scams.

For the third scam, if the guy who got caught with the computer scam had done his checking before and not after he was scammed, he would not have become a victim. If eBay had not removed the ids of previous buyers, he might also have had more information up front to help prevent him from being scammed.

alfa, the fraud to which I refer, covered between 03:43 and 07:32, was not committed with inside information, but by hacking the victim’s e-mail account.

Should the email account provider be held responsible? We always like to find someone to hold to account. This was a very well-executed fraud.

The second example involved someone in a poor mental state being asked to transfer her savings to a “safe account”. An oldish fraud that has been publicised. Could it have been carried out without “inside information”. Maybe the bank accepted responsibility as it knew one of their employees must have been involved.

Banks employ people in positions of trust. Some people are dishonest. How do we counter that?

I totally agree with educating customers to minimise (I doubt we’ll ever prevent) mistakes and fraud. I also agree about the banks placing restrictions on accounts where appropriate. I would hope that if someone has to transfer a “life changing amount” they will take particular care.

The new measures being introduced should help reduce mistakes and fraud, but fraudsters are very intelligent and will always find new ways to trick certain people.

A concern I have about automatic compensation is that these same fraudster, as well as intelligent customers, may well use the generosity of the bank to perpetrate frauds directly, with the help of their friends.

I’d like to see somewhere some balance between the responsibilities of both customer and institution. We don’t (or rarely) blame the DfT or council for a road accident, even though they provide the infrastructure and safety aids.