/ Scams

Why the PSR must take action to protect APP scam victims

We’re calling on the Payment Systems Regulator (PSR) to introduce new transparency requirements on banks so that customers can see exactly how they treat and reimburse victims of APP scams.

8/07/2021: the PSR must not let victims down

Today, Rich Piggin (@rpiggin), Head of External Affairs and Campaigns at Which?, is appearing in front of the Treasury Select Committee to give evidence about the devastating impact of bank transfer scams and what action the regulator needs to take to make life better for victims. 

The chances are that in the past year you either have, or know somebody that has, received a text, call or email that turn out to be a scam attempt. While we should all be vigilant online, nobody intends to be the victim of a crime. Scam victims frequently talk of feeling scared and untrusting of others after the event, and often feel re-victimised when their bank blames them for not realising quickly enough that something wasn’t right.

These victims all too often struggle to get their money back, despite most major banks being signed up to a code that should ensure customers are reimbursed when they are not at fault. Banks are failing to implement the Code that they helped to write properly and consistently. Don’t just take our word for it – the Financial Ombudsman and the Lending Standards Board (which oversees the Code and is funded by the banks) have both criticised banks repeatedly over the years for their failures. The result is a lottery of protection for victims.

The situation is unsustainable. Encouragingly, the Payment Systems Regulator (PSR) is proposing mandatory protections be introduced. One solution they have put forward is to let the banks modify and rewrite the existing code, effectively handing them the opportunity to water down the consumer protections they disagree with and ignoring the evidence from the last two years. We firmly oppose this. Instead, the regulator should take forward its other proposal and introduce a requirement on all firms to reimburse customers who have acted appropriately.

Self-regulation has failed. We must do better. Letting banks act as judge and jury when it comes to scams has not worked. We must put in place a new system centred on helping the victims of this terrible and growing crime.

Banks and the regulator have had two years to try and make self-regulation work. All the evidence shows that this approach has failed. £700k a day is being lost to this crime, but less than half of it is reimbursed. Victims – particularly vulnerable ones – are being routinely failed by banks whose actions are undermining the Code they helped to write.

It is vital that the PSR does not hand the banks the power to modify or rewrite the existing code. Instead, it must take writing the new rules into its own hands and make it mandatory for all firms to reimburse victims when they are not at fault.

Rich will be giving evidence from 10:30am today (Thursday, 8 July).  A longer version of this update appeared as an Op Ed in Times Redbox (paywalled content)

 

Do you agree that the regulator must not give banks the power to write their own rules on scam reimbursement?
Loading ... Loading ...

15/06/2021: Update

28/04/2021: PSR must take action

When you fall victim to a crime, you expect to be believed. If someone breaks into your house, you don’t expect the police officer to point out where you should have installed CCTV. If you get mugged, you don’t expect to be asked for proof of how you put up a fight. And if you fall victim to a sophisticated and intricate scam, you don’t expect your bank to add to your feelings of guilt and distress by pinning the blame on you.

Yet that is exactly what is happening at the moment, with victims of authorised push payment scams (otherwise known as bank transfer scams) when they are tricked into unwittingly transferring money to a scammer. 

Which? News: Banks routinely blame victims of fraud

We receive information from hundreds and thousands of victims every year. The case studies we see highlight the impact on victims of this horrific crime – and how this is often exacerbated by banks who appear not to care about what has happened to one of their own customers who may have just lost a life-changing sum of money.

Blaming the victims

Recent evidence published by the Lending Standards Board (LSB) and the Financial Ombudsman (FOS) demonstrate just how poorly some banks are treating victims and the lengths they will go to to try and pin the blame on individuals rather than accept any wrongdoing on their part.

The LSB oversees a voluntary code that industry helped to write and which sets out protections for APP scam victims. The Code states that victims should be reimbursed other than in a few specific circumstances – and even then banks are expected to consider the scam in the round and how individuals may have been affected by the context of what happened and how.

Data showing just how well banks are adhering to the letter and spirit of the Code was recently provided to the LSB by signatories to the Code (which includes all the major banks plus Co-op, Metro, and Starling) and published earlier this year. 

It paints a damning picture of how banks are interpreting and implementing the Code in wildly inconsistent ways and how victims are being mistreated across the board:

🔹 Victims were held fully or partially to blame 60% of the time, and therefore often denied any reimbursement

🔹 Blame was shared between the customer and either the bank sending or receiving the money, or between the two banks themselves, in a further 17% of cases

🔹 Two banks pinned the blame on victims in nine out of every ten instances

🔹 For investment scams – which often involve the highest amounts of losses – victims were blamed 67% of the time

🔹 Romance scams, which can involve extreme emotional and psychological manipulation, had a blame rate of 61%

Final adjudication

When a victim is dissatisfied  with the outcome of a decision made by their bank they can escalate it to the Financial Ombudsman for a final adjudication. In some cases, these decisions are published.

We had a look at some recent decisions, which were all upheld in favour of the victim (as are the vast majority of APP cases), and found evidence of banks placing extreme and unjustifiable expectations on what a customer should have done to avoid being scammed. 

These included HSBC telling a victim who lost £2,000 to a HMRC scam that it was “inconceivable” that he didn’t spot the red flags because he worked in a professional industry, and Nationwide refusing reimbursement of £1,146 because the victim “didn’t listen” to warnings given – despite receiving a call from a spoofed number which made her believe she was speaking to her building society.

In a separate case, Halifax only returned half of a £60,000 loss to an investment scam victim who had “failed to make sufficient checks” before investing – before backtracking after Which? intervened to point out they had never asked the victim what checks they had actually made.

All of these and more provide further evidence for what we have been saying for years: the banks are consistently misinterpreting the Code they helped to write in order to put the blame on the victim, and the Payment Systems Regulator (PSR) is doing little to ensure they adhere to the rules.

Our calls on the PSR

We are calling on the PSR to use its upcoming consultation to introduce new transparency requirements on banks so that customers can see exactly how they treat and reimburse victims of APP scams. It must do this as quickly as possible to prevent banks making this a race to the bottom, and many more victims being denied rightful reimbursement

That same consultation will also recommend a way to make APP scam protections mandatory. We strongly believe that industry has been given sufficient time and opportunity to provide the solutions so under no circumstances must the banks be allowed to write another new code to replace the existing voluntary one as the PSR has suggested. 

We will be continuing to make this case over the coming months so that the PSR stands firm and takes action to protect victims.

What would you say to the PSR if it suggested allowing the banks to write another new code?

Comments
Barry Waddilove says:
8 July 2021

The main purpose for a bank is to hold your money securely. They have failed in that duty for decades and must be held responsible for any loss suffered by those placing their trust in the banking industry. If anything, the bankers are dodging responsibility and are complicit in the crime of theft and fraud. Banks are expected to have up-to-date security and the ability to prevent such crimes. They must be able to identify all those responsible and take action against them to stop it. If the banks are not capable, then what are they there for?

Barry – Your bank can can only take care of your money while it is under their control. As soon as you give an instruction, by whatever means, to move it somewhere else they can no longer protect it for you.

This is the harsh reality. Only if there is a fault in the banking system, or in your bank’s procedures, will they have any liability to refund you for any loss.

george tunstall says:
8 July 2021

enough of OUR MONEY is lost through scams and banks not taking there responce ability seriously

I don’t necessarily think that bank’s should be responsible for reimbursing a customer who has been scammed. They have to find the money from somewhere. However, I most definitely feel that they should be more thorough in making sure that the customer IS NOT BEING SCAMMED. Surely they could check this before the deed is done. I have several bank accounts and they usually check with me if I am sending a large sum of money to a new person, to see if this is genuine. More care should be taken by banks at the outset of the transaction.

Banks canvas openly to convince everyone to SAVE their money with them.
So, they wish to become custodians of our very well earned savings and therefore THEY assume responsibility for the safekeeping of OUR money. deposited with THEM for SAFEKEEPING on our behalf.

SIMPLES!!!!!

Yes, Bill, but if they get an instruction to transfer it that seems to come from you, what are they supposed to do? Ring you up each time? That would cost you a fortune at the banks’ fee charging rates!

Most Governing Bodies Are Not Fit For Purpose, as i have experienced, all need a good kick up the backside into a reality check, on what they are actually there for, and who they are supposed to stand up for.

David Saunders says:
8 July 2021

Absolutely agree with this observation

Ann Lister says:
8 July 2021

We trust out banks to take care of our money and carry out our transactions requests etc so we have to be able to trust them to protect us from the crime of scamming as they would protect our money against any other form of bank/investment crime.

Peter Lorimer says:
8 July 2021

For too long the banks would appear to have appeased their shareholders to the detriment of their customers. In the name of Public Service Obligation, they must act more strongly to prevent scammers and their scams. The banks need to be liable when their security measures fall short and insure themselves against liability. Not only do banks use customers deposits to invest in markets that provide them with dividends, but are also increasing charges to their customers. The banks need to be held to account and never forget who bailed them out during the financial crash twelve or so years ago.

A example of banks continually overlooking the payees name and authorising a cheque occurred recently. Being a bit hard of hearing these days I misheard the name of the company that came out to rid me of a bees nest (I still have them) and I inadvertently made the cheque out to a Pet instead of a Pest Company. The cheque was sanctioned by the bank and the money was duly debited from my account.

Only a small error, but scammers will frequently use such small errors to fool their victims, and, it would seem, their banks.

That may depend on the banks involved. When I tried to pay my £10 annual membership to **** **** Society it failed the Confirmation of Payee check but after some dire warnings from the bank I decided to take the risk and my payment reached the society’s account. I checked with our treasurer who explained that the name is THE **** **** Society. Yesterday he sent an email to all of us advising us of the official name that I’ve never heard anyone use.

This is where legislation can override banking codes. Any changes brought forward through legislation will automatically apply to all banks, essential for them to work.

I suspect any legislation would require the claimant to make their clear case for claiming compensation. A bit like product liability; we don’t expect anyone with a failed appliance to automatically be given a repair or a new one unless they can satisfy the requirements of the Consumer Rights Act 2015; they might have caused the problem themselves. A Code allows a less formal approach that is more likely to favour the claimant.

I want to see a system that is fair to both sides, that recognises where a bank has been negligent and where a claimant has been negligent. I do not want a system that presumes either side is automatically free from responsibility. That would lead to abuse of the system and promote a lack of responsibility. If my bank is to give my money to someone who claims they have been scammed I want to be sure the claimant genuinely deserves compensation and that my bank has sensibly failed in its handling of their claimant’s money.

The proposal that all banks should publish all instances of repaid money is really not thought through. If we are to have a league table then the correct way to establish it would be to publish all those claims where the bank was clearly at fault, in full or in part. Then I would know what banks to be wary of. Simply looking at those most generous would have the opposite effect; I would not want to deal with a bank that seemed an easy touch when giving away my, and other customers’, money.

The difference is, perhaps, that you physically handed your cheque to the correct company. I suppose you could argue that if the Pest Control Company had deliberately intercepted a cheque sent to the Pet Control Company then a scam is created. That is most unlikely.

The difference with online transfers is that you will send your money to the wrong person. That is now generally dealt with by Confirmation of Payee which would recognise the difference between Pest and Pet.

If I were unkind – and I am not – I could also suggest your were at fault in making the cheque out to the wrong person. Either check the name on the invoice or ask yourself whether it was likely to be Pet Control when you had pests removed.

Did the drainpipe suggestion not work?

I was emptying one of my compost heaps last week when I had a small buzzing cloud around me. I had disturbed a small bees nest. They did not attack me so I carefully transferred the nest to an adjacent large flower pot. One bee found where it was and gradually all the other bees followed and moved material around to make a new nest. They are still in residence and seem quite happy.

Malcolm you missed the point i Intended to convey, partly because you were not aware of the whole picture, and partly because of your very apparent strong bias towards any criticism of the banking industry, which clearly manifests when victims of banking scams attempt to state their case.

In my particular case, I paid the pest controller guy with a cheque in all honesty, after he verbally quoted his price for removing a swarm of bees that had invaded my property, preventing my safe exit and entrance to the rear garden. I was wearing a mask at the time when I paid him, and because he wasn’t, I kept a safe 2m distance away and misheard the correct name of his company, He failed to remove the nest, so I called him back a few days later when I explained my error and offered to hand him another cheque, which he declined, so I left it at that. It wasn’t until I received a bank statement with confirmation the payment had gone through the banking system, it became apparent the bank had failed to read the name of the payee, a topic already previously discussed at length on W/C regarding bank scams, fraud and phishing. At the end of the day, I am the one who has missed out, since the bees are still very active and no sign of them moving to greener pastures and I have paid for a service that was entirely unsuccessful.

The salient point being, banks are still honouring cheques, without reference to the name of the payee, relying only on the account number and sort code.

Beryl, if I am biased it is to see fairness to all concerned as I have repeatedly emphasised. 🙂

Malcolm, it’s fundamental, banks, first and foremost, need to put their own house in order to enable their customers to build up enough trust in a system that looks after their hard earned cash. If there were no scammers, there would be no scammer related problems. The onus is on the banks, who one assumes, are familiar with, and understand the constant updating and ever changing complex technological systems, to protect their not so savvy customers, from a system infiltrated with criminals who are using the banks as a conduit to steal from unsuspecting customers.

First update and fix a corrupt system, by liaising with the tech giants whose technological input and proficiency can put an end to this ever increasing and long standing problem so that trust is once again returned to the long suffering victims of a system infiltrated with crooks and thieves.

These Convos are presented as one-sided, where most victims are quite blameless and the banks are responsible for their actions when a scam is involved. However, a few commenters have made what I believe are relevant points and constructive proposals to improve the “system”.
I do not believe all victims are “blameless”; I believe many behave with lack of care or responsibility. That is the problem I consider needs addressing. Simply refunding is going to do little to get to the root of the problem. I have made suggestions as to how those less able to handle their financial affairs sensibly could be helped. Do you not think that worth pursuing?

Beryl wrote: “Malcolm, it’s fundamental, banks, first and foremost, need to put their own house in order to enable their customers to build up enough trust in a system that looks after their hard earned cash.” That seems like a good first priority. The need for confirmation of payee could have been recognised before online banking was made available to the public.

Blaming and shaming never solves any problems. Fixing the root of the problem is fundamental to solving it. Banks automated systems need updating to include CoP. It’s technological in origin and technology has the capability and potential to fix it. Bank codes are there to protect the banks, that is why you very rarely encounter any banking legal disputes in the public domain. Banks will go to any lengths to protect their reputation, which is one reason why they will settle out of court disputes, but not without first extensive cross-examination, investigation and questioning with their exasperated and frustrated customers.

It does seems rather serendipitous that an invasion of bees, a simple mistake on my behalf can produce sufficient incontrovertible proof that major high street banks are failing to adhere to new codes imposed upon them by the PSR. More food for thought perhaps?
.

In the case of Beryl’s cheque made out to a Pet company instead of a Pest company, my view is that the bank teller has used their common sense and paid it in to the right payee despite the error on the ‘payee’ line. After all, the cheque must have been paid in by a representative of the pest company on a paying-in slip or in a paying-in book carrying the account name, sort code and account number of the correct recipient.

Throughout the banking system, thousands of cheques get presented every day with minor errors in them. If there is no signature or a wrong signature, if there is a discrepancy between the words and figures, if the account holder name does not match the account details, or if the cheque is out of time, then normal practice would be for the cheque to be returned to the payee for rectification. In this specific case, that was not necessary because there were enough confirmatory details available for the cheque to be credited to the pest company’s bank account.

While errors are to be avoided wherever possible, if every cheque with a minor spelling mistake in the payee’s name were to be returned to the presumed payee for amendment or substitution by the payer and then reissued by them to the payee for re-presentation to their bank, the wheels of commerce would grind to a standstill. A sensible decision was made to accept the cheque and it is possible, as in many company accounts sections, that the back of the cheque had been boldly endorsed with a rubber stamp bearing the company’s name and recording the order or invoice no., the date of receipt, the page or serial no. in the paying-in slip or book, and the initials of the employee who did the day’s payments.

John – Do banks use the payees name when processing cheques or is the money simply transferred to an account that matches the account number and sort code on the paying-in slip? I don’t know the answer but the question crops up occasionally.

Which? regularly use “blame” because it is more emotive than the word I prefer, which is “responsibility”.

Most banks – those for the great majority of customers – do use Confirmation of Payee. The lesser financial institutions who were not able, it appears, to join phase 1 will now be able to join phase 2.

I, and my family, have never had a problem with the banks we use. Suggesting we cannot trust them seems an unsupported generalisation.

We could point to many of the losses reported by commenters and delve deeper into exactly what happened. We can’t of course and we only hear the victim’s story. It would be regarded as unkind and unsympathetic to suggest they have been careless, irresponsible, with their affairs but, in many cases, I suggest such a comment would be valid.

Suggestions as to how the banks could improve the help they give to customers have been made in these Convos, but have never been responded to by Which?, at least not in these pages. They could, and should, when they are pursuing this topic, dig into facts, offer suggestions, and seek to get answers from those who represent banks. Conducting a one-sided campaign is both wrong and lazy as it misleads many.

Do banks use the payees name when processing cheques or is the money simply transferred to an account that matches the account number and sort code on the cheque? I don’t know the answer but the question crops up occasionally.”.
The account number and sort code on the cheque are those of the payer, not the recipient, and says where the funds are to be drawn from. The payee uses their account number and sort code on the paying in slip or debit card to transfer those funds into their account.

According to https://www.chequeandcredit.co.uk/information-hub/faqs/cheques-and-cheque-clearing#
”Can a cheque be paid into the account of someone other than the named recipient?
No. Most cheques are crossed ‘A/C Payee’. The Cheques Act 1992 and Section 81 of the Bills of Exchange Act 1882 give statutory power to the ‘A/C Payee’ crossing when it is used. The rules mean that a cheque which bears the ‘A/C Payee’ crossing can only be paid into an account in the name of the recipient exactly as it appears on the cheque. Similarly, a cheque payable to two people (normally known as a joint account) can only be paid into an account in the name of the two people exactly as they appear on the cheque. The crossing cannot be deleted, nor can the cheque be transferred over to a third party.

The problem has always been that the payee’s name, as written on the cheque by the payer, can take many forms. I could generate around 15 names for my account that are quite legitimate – combinations of my names, initials, title, etc – and these can be used by anyone sending me a cheque as they are likely to be unaware of the precise name on the account I have with the bank. As John says, common sense has been applied and has been ever since cheques were invented.

My experience is that cheques are paid-in even when the name of the payee does not match the name of the recipient. For example if I sent you a cheque it might not matter whether I used your full name or initials and surname. I have made a small correction to my post, thanks.

What I want to know is what happens in practice rather than what is supposed to happen. I am very rarely asked to sign for post that is clearly labelled to show that a signature is required.

” cheques are paid-in even when the name of the payee does not match the name of the recipient. For example if I sent you a cheque it might not matter whether I used your full name or initials and surname.”. That is precisely the point I made. A cheque system cannot function efficiently and effectively, it seems to me, unless such variations are allowed in practice. I presume the bank would accept liability if the cheque were put into an incorrect account; the payer would find this out.

Technically the bank should have refused to accept Beryl’s cheque. The Pest Control Company might have taken the view that Beryl had deliberately mis-written the cheque to delay payment. But both she, and the company, should have checked it was made out correctly. The bank may have had sufficient knowledge of the account holder to use their common sense. Maybe they were wrong and should have set in motion a process that would have been inconvenient to both parties.

I did offer to hand over another cheque in person, but my offer was refused. Whichever way you view it, the fact remains my cheque went through the banks automated system and I possess the written proof that it did. I unintentionally and unwittingly exposed a flaw in the banks cheque processing system. ‘Shoulds and woulds’ are just mere speculation and a distortion of actually occurred.

Evidence from Which? articles on Convo demonstrates that scammers are able to change just one letter or digit to dupe the unsuspecting public into believing they are dealing with the real McCoy.

But had the cheque been misused you would soon know and your bank would have recompensed you. In this instance you made the first mistake by putting the (slightly) wrong name on the cheque so I presume you accept your part in the problem?
Did you complain to your bank?

Em says:
9 July 2021

Payment systems have always been open to abuse. The current focus on the Internet as the problem, everyone finger pointing and saying someone else should do something about it, doesn’t really help much and shows how short our collective memory is. A few examples that predate the Internet:

Cheques were negotiable instruments, just like bank notes. In fact, the original bank notes were a cheque; a promise by the bank to pay a named individual the equivalent amount of money in specie – coins minted from a precious metal.

Bank notes saved you having to carry heavy silver/gold coins about with you, with the attendant risk of theft by highwaymen and footpads. Bank notes could be endorsed (signed) to transfer the rights to another named individual. As this practice became more widespread and unworkable, they became bearer notes – whoever held the note had the right to the money lodged at the bank. At this point, the theft of bank notes became worth doing, not just the “real” silver or gold coinage.

Cheques retained the original purpose of the bank note, still payable to a named individual, but from money held in the account of the drawer, not the bank’s own holdings. Again, that money could be transferred (“paid in” to your own account) or paid out as notes or specie (“cashing a cheque”).

Cheque fraud was common. A signature was the only protection against forgery, whether of the cheque itself or by endorsement of a stolen cheque.

Preprinted cheques that could only be used with your account became standard. Before then, cheques were universal. You could go into a bank, ask for a cheque or cheque book, fill one in there and then and redeem it for cash, or take it down the road and give it to a shopkeeper in exchange for goods.

Crossed cheques became common, which could not be endorsed, as did the practice of barring all the blank areas to help prevent alterations of the payee and amounts.

Bank cards had to be introduced to guarantee payment of a cheque up to a limited amount, to help renew faith in the cheque. Lots of cheques were being “bounced” by banks, either where the drawer had insufficient funds or could later instruct the bank to stop payment. We also had the palarva of writing our name and address on each cheque, so we could be traced if the payment was refused.

Even as these cheque controls were introduced, scammers still found ways to tap into the banking system. One individual opened a bank account in the name of “H. M. Revenuei” – the misspelt website name is hardly original.

A slightly more technical scam was for some bank workers, who operated the machines to read the drawn cheque amounts and add the additional MICR (magnetic ink characters at the bottom of the cheque), to deface their own cheques. This meant they got rejected by the standard sorting equipment and came to their section, where they could enter a lower amount or different account number. Again, this is no different to a payment being intercepted over the Internet and redirected.

What’s the point of this? Scams aren’t new. Fraud has and always will be part of the banking system. The replacement of a cheque system that has operated and evolved over centuries isn’t going to happen overnight. The current increase in scams isn’t going to bring down the banking system.

Banking losses will rise to the point where new controls and systems are introduced to counteract them. I expect we will soon be required to scan the chip on our payment card and enter a pin. Handing out our card number and CVC is like going back to the old days of blank cheques with no signature.

Thanks, Em

Very interesting.

I can remember when the milkman would cash a cheque for my mother . . . at least, I think that’s all he did. He got a lighter satchel and she had some money to spend.

Exactly what could be happening everywhere except that cash without purchase would require a debit card. I imaging the milkman was pleased to get rid of cash.

Em says:
9 July 2021

This is the same system as many ATMs operate today.

A convenience store takes maybe £2,000 in cash over the course of a day’s trading. Rather than bank the cash (assuming there is a bank nearby) or save it up over a period of days with their respective security risks, the shopkeeper sorts the cleaner notes and loads them into into the store’s ATM.

A customer wanting cash presents his “cheque” in the form of a debit card, the ATM dispenses the cash and electronically credits the shopkeeper’s bank account with the sums of money withdrawn over the following day.

Apart from having to pay a fee to rent the ATM from one of the Link network providers and pay a transaction charge similar to business bank rates, it’s fairly cost neutral. The shopkeeper hopes the ATM will attract additional customers needing cash into their store and a lot of the money withdrawn will be recycled through their own business, rather than spent elsewhere.

I’m sure Which? must have explained all this before – or is it still the banks’ fault that ATMs are disappearing?

ron says:
8 July 2021

I cant see the problem with scooters all it take is to enforce use on the pavements by police.And more important every scooter must have number on front and rear,with owner responsible for any wrong doings not the rider unless caught at the time,they also must carry third party insurance.Any scooter in use in a public place convescated by the police.

Avril Sharp says:
8 July 2021

I do not think banks should necessarily be required to re-imburse people who have sent money voluntarily to another bank account if the account number is correct. At the end of the day we will all be contributing to this cost even though we are not involved. If someone knocks on my door and says my roof needs repairs and I pay them in cash but the work is not done Then i do not get my money back and I can’t see the difference if I have gone to the bank and drawn the cash. There is plenty of publicity about scams so people should be more careful with their money.

It is the customers that are being scammed by criminals. It is not the banks. If the banks currently hold up transfers in order to investigate and avoid money laundering, they can do the same for unusual transactions (as scams would be). If they then fail to detect and hold up an unusual transfer (the scam), THEN they should be held liable. There has to be a limit to where business and governments are liable for the misjudgements or mistakes of individuals for which other customers or taxpayers end up paying.

Mike Maher says:
8 July 2021

Ok, I have had similar issues. Firstly, there is the scam where you order something and get a cheap pair of sunglasses instead of what you ordered. This is probably the most frustrating one because you received something, and the value is usually below the £100 threshold so getting any response from your bank or otherwise is difficult. The other is when they tried to take money from my account as part of a Gumtree sale I was making. But my bank uses two stage authentications, and I was supposed to receive a payment, but they tried to take money out. The two-stage payment process saved me in this case, and I was able to send them a ‘touching’ WhatsApp message, laughing at them and calling them some choice names….it felt good. But seriously, the system needs to be better. Perhaps holding account process or similar where funds are only released when the item is delivered and the two-stage process, I mentioned to prevent funds being pulled from your account. Similarly, we the public need to get smarter online as well.

Gary says:
8 July 2021

Why is scamming and other forms of on-line criminality an entirely consequence-free activity? There is no enforcement; it is not worth the trouble of reporting scam attempts.

I suspect the banks would be more willing to cooperate with reimbursing victims if there was a realistic prospect of getting some of their money back from a successful prosecution.

It would need cross-border cooperation by enforcement authorities though, and our leverage has been greatly weakened by Brexit. Another Brexit dividend -for the criminals!

Peter Figg says:
8 July 2021

Why can’t the banks phone customers if a big withdrawal is about to be made and ask if it is correct.

Peter – I believe such an arrangement could be made with your bank for a standing charge or an individual fee on each occasion, but presumably you are only referring to cases where you have set up a new payee. I take it you wouldn’t want it to happen with every large utility, mortgage, rental or insurance payment you make or credit card bill you pay or other normal expenditure like a grocery bill. So where do you draw the line?

Most consumers put major purchases on a credit card in order to take advantage of the protections available under the Consumer Credit Act 1974.

An exceedingly high percentage of payments go through without any problems and with no liability for any refunds arising, but there are a number where criminality has been involved and there is a concern about the the sort of consumer protection that could be put in place to provide redress to victims.

Most of the situations being discussed in this Conversation are either (a) where the person has received a message in some form asking to divert a payment from its originally intended payee account to a new one [usually as a result of hacking into a service provider’s accounts system], or (b) where the person has ordered something on-line and the supplier, in a foreign jurisdiction, has fraudulently substituted a substandard alternative item, or (c) the person has been tricked by a fraudster into giving them access to their digital device or to their bank account details and money has been withdrawn.

If the fraud was facilitated by the bank, or was completed through a lack of banking best practice or due diligence on the part of the bank, then the bank could be liable for refunding the customer. The major problem that Which? is trying to pursue is that the bank makes the decision whether or not the bank was at fault, and it is not possible to check whether the banks are complying properly, fairly or consistently with the code of practice on such conduct and where, in consequence, responsibility should lie.

Unfortunately, like in Chinese whispers, the true message of this Conversation has become somewhat distorted with repeated misinterpretation and so entangled in other issues to do with banking that it has strayed from its original purpose.

If, when paying money into a bank account, you make an error in the account number, the banks say they have no responsibility to retrieve the money and will refuse to give you the account holders name and details. How can this be right?

Alan – I would put the question the other way round: if I make a mistake in paying in a cheque, why you should you or other customers meet the cost of putting that right?

It is our responsibility as part of the arrangements we make with our banks to perform our banking tasks correctly and accurately. Banks are obliged to send money where they are instructed to. Fraud opportunities would be rife if people could claim that a payment had been misdirected in error and the receiving account holder refused to return it [because they were part of the fraud].

People have been issuing cheques and paying them in for hundreds of years under these terms and conditions. I can’t see the sudden need to introduce uncertainty at this point unless there has been a change in people’s capacity to undertake normal banking.

The problem that Alan refers to has finally been addressed by the introduction of confirmation of payee, which now requires the major banks to make use of of the payees name. For years I was unaware that banks would ignore the payee’s name.

A significant number of people suffer from dyslexia, which can result in those affected not being able to see their own mistakes. From Wikipedia: “Dyslexia is the most common learning disability and occurs in all areas of the world.[12] It affects 3–7% of the population;[2][5] however, up to 20% of the general population may have some degree of symptoms.[13]”

I knew little about dyslexia until I started teaching. Those affected have been branded as stupid or careless by those that are unaware of the facts. Some with the condition and related problems can be very bright although they typically underperform in assessment.

We need our banks to do more to protect the interests of their customers. Do banks recognise that some of their customers are dyslexic, and what do they do to help them?

How do you suggest banks help dyslexic customers (if they declare themselves as such)?
We do see a lot of comments asking for something to be done. I would like to see more identifying a problem and proposing a solution, and for Which? to pursue solutions to help rather than just complain.

The first problem is that many people are unaware of the problem unless it is so bad that they have worked it out for themselves or they have been advised by others. I learned to recognise the signs and during my teaching career identified about 100 young adults with learning disabilities, subsequently confirmed by testing.

I am not claiming that learning disabilities are a cause of mistakes in banking transactions but suggesting that it might be worth exploring. I do know that banks have been criticised about failing to providing dyslexic customers with readable documentation, such as statements.

Although I have had a very good experience with banking it really annoys me that some people love to blame the customer when there is a possibility that their bank might be at fault.

If the customer does not recognise they are dyslexic I don’t see how the bank can and could help. I am sure they would if they knew.

I, for one, try to avoid the use of “blame” and prefer “careless”, lacking “sufficient responsibility” , “negligent” or “irresponsible” for both customer and bank, when the circumstances demand. I, again, for one am not among “some people love to blame the customer”. I want to see fairness applied and where either side has a part to play in a loss, wholly or partly, decide the outcome accordingly. What I am not in favour of is, by default, putting the responsibility onto the banks.

This is a topic that requires considered and equitable solutions. Some have already been contributed that are worth exploring. Just launching requests to the public that will produce emotive one-sided responses, maybe for publicity or to try to sway a committee, is not the way to find a resolution to this problem. It requires thoughtful discussion with all those involved who can do their best to reach some way forward. I keep hoping Which? will be seen to do that. But maybe they do not see it as their job? Maybe acting in an activist way is their chosen strategy?

I’m happy to have a discussion about dyslexia and other learning difficulties but perhaps here is not the best place.

Before looking at what banks could do, it would be worth investigation to discover if learning difficulties are a significant cause of problems such as misdirected payments. I do not like the the derogatory terms you refer to in your second paragraph. I would avoid using such terms when discussing disability. 🙁

I am quite surprised to see your accusation in this ” Before looking at what banks could do, it would be worth investigation if this could be a significant cause of the derogatory terms you have used.”. There is nothing in what I have said that is derogatory. It does not help a friendly discussion if this path is taken so I hope that part of your comment will be modified. 🙂 . I will then withdraw my response. Let us restore order.

I generally do edit comments Malcolm, but the system signed me out before I could do so. Patience is a virtue.

Wavechange says that “the problem that Alan refers to has finally been addressed by the introduction of confirmation of payee . . . “.

I am not sure that it has; in on-line banking maybe, but if I go into a bank with a wad of notes or a cheque and fill out a paying-in slip in favour of someone else but get a digit wrong there will be no Confirmation of Payee process; there never has been. The money will go to the sort code and account number stated on the form. It is my responsibility to get it 100% right. Why is it any different when making a payment on-line?

wavechange, you clearly misunderstood or misinterpreted my post. The terms I used were not derogatory, and certainly not aimed at the dyslexic. They were used in relation to those who act in that way and in no way were associated with disability.
You still have time to put things right (if you are quick) 🙂 .
I see this has attracted a thumbs down. Pity about that.

Although I don’t claim to have dyslexia, I am a victim of age related hearing loss, but in this instance, it proved to be advantageous if it led to disclosure of a flaw in banking procedures. After all is said and done there’s not a lot of difference between the auditory sound of pet and pest.

John – In the context of the Conversation I had assumed that he could be referring to online payments, but if not, confirmation of payee would obviously not be relevant.

In the context of the Conversation I had assumed that he could be referring to online payments, but if not, confirmation of payee would not be relevant.

I’m disappointed, wavechange 🙁

Mike Mc Grath says:
8 July 2021

As banks have embraced the digital, phone and now internet banking they have thrust customers into a format which many of us do not fully master. Very little fraud was possible in the former face-to-face banking environment. Banks have not seen fit to provide sufficient internal safeguards and to provide their customers with impregnable links to their money. They have instead passed the buck to the customers and cover themselves by issuing sporadic warnings about fraud implying that this covers their duty to keep their customers safe. The amount of fraud happening on a daily basis gives the lie to this scheme. Banks’ first duty is to protect their customers’ money. If it seems they are now failing in this regard, it is up to them to say how they will restore trust. The independent financial regulators must have the final say as to whether the banks have made sufficient efforts to totally eliminate digital fraud or, failing that, impose a regime on them which will fully restore confidence in the banking system.

Fergus says:
8 July 2021

A bank fraud was perpetrated on my account. The guilty party was either a bank employee or a c/card company employee. That much was clear from my conversation with the bank’s fraud section. No police investigation was launched and the bank holds all the evidence. I was not a party in any way to this fraud so the people who think customers are always partly to blame should be aware that is not the case. My c/card which was out of date and shredded by me, but was still able to be used by ‘someone’. Be in no doubt this could also happen to you.

Ambrose says:
8 July 2021

The greatest challenge in making this matter fair is “for the client who has lost the money to show clearly he or she was not at fault” .Under current arrangements banks have their own interpretation of of this and it will vary bank to bank who do presume in almost all cases the client is at fault. A code could be imposed on banks that stated the criteria for judging fault on either side. If the client has taken a course of action that breaks the code they would be at fault. If not the bank would be automatically “at fault” and would then be obliged to compensate the client. The code must be imposed on banks by an appropriate authority.

The CRM code does deal with responsibilities and I have posted what it says elsewhere. The perception I have is that Which? want all those defrauded to be automatically recompensed – at least they do not seem to talk about when responsibilities should be shared or placed on the “victim”. They talk about “blameless victims”, yet there would not be a scam if the victim did not respond to it and instigate a payment. Just where personal responsibility plays a part should be considered.

I have always been taught to be cautious when doing things online, or thinking about things that sound too good to be true. But nowadays scamming has become such a problem that my attitude has changed, and not for the better. I’m so worried about being scammed that I can spend hours trying to make sure that what I have an interest in is not a scam, and even when I can find nothing to indicate that it is, I still walk away, because it is becoming common for people now to do the checks and still get caught out. I’m 70 years of age, and I’m dreading so much about making an error, that I would rather lose an opportunity than get caught out. This means that genuine offers that could save me money in my retirement, when I need it most, I have to pass them by, because I can’t be sure it’s not a scam.

It one thing to be caught by a scam, it’s another to be so afraid of getting caught that you don’t engage. Being stuck in this cycle is horrendous, and when you were a person who used to trust people, it’s worse, you isolate yourself from others, just in case, this is no way to live. More has to be done to prevent scamming, and the ill effects of scamming, so that we can go back to normal living. With that in mind, banks should be forced to do more. In this day and age, when anyone with a bit of savings, can’t rely on a reasonable return on those savings, which would help offset the rising cost of living for those no longer at work. It is no small wonder that a lot of the elderly fall foul of the scammers when they can least afford, it.

I have done online banking for years and purchased online (almost always by credit card). I find plenty of reputable people to deal with – a check on the location, contact details, can be of help – so am not afraid of the internet. I do keep away from offers from unknown sources or that are too good to be true. Perhaps the best advice is never to transfer money to anyone unless you are certain they are authentic and trustworthy.

By allowing Banks to write their own rules, is tantamount to allowing them to remove any responsibility they have. Any bank as the legal holder of a persons money surely has the same responsibility for ensuring that persons money is safeguarded in all respects of all transactions as a solicitor has for ensuring all transactions are legal, moving money into a scammers account is an illegal transaction & as such Banks should be responsible. All Banks are in constant touch with each other & New accounts suddenly being opened and money suddenly being deposited by multiple private accounts into a private account should be viewed with suspicion and removing & closing an account recently opened should 1. be viewed as suspect, & 2. stopped from being closed until proper checks have been carried out.