/ Scams

Why the PSR must take action to protect APP scam victims

We’re calling on the Payment Systems Regulator (PSR) to introduce new transparency requirements on banks so that customers can see exactly how they treat and reimburse victims of APP scams.

8/07/2021: the PSR must not let victims down

Today, Rich Piggin (@rpiggin), Head of External Affairs and Campaigns at Which?, is appearing in front of the Treasury Select Committee to give evidence about the devastating impact of bank transfer scams and what action the regulator needs to take to make life better for victims. 

The chances are that in the past year you either have, or know somebody that has, received a text, call or email that turn out to be a scam attempt. While we should all be vigilant online, nobody intends to be the victim of a crime. Scam victims frequently talk of feeling scared and untrusting of others after the event, and often feel re-victimised when their bank blames them for not realising quickly enough that something wasn’t right.

These victims all too often struggle to get their money back, despite most major banks being signed up to a code that should ensure customers are reimbursed when they are not at fault. Banks are failing to implement the Code that they helped to write properly and consistently. Don’t just take our word for it – the Financial Ombudsman and the Lending Standards Board (which oversees the Code and is funded by the banks) have both criticised banks repeatedly over the years for their failures. The result is a lottery of protection for victims.

The situation is unsustainable. Encouragingly, the Payment Systems Regulator (PSR) is proposing mandatory protections be introduced. One solution they have put forward is to let the banks modify and rewrite the existing code, effectively handing them the opportunity to water down the consumer protections they disagree with and ignoring the evidence from the last two years. We firmly oppose this. Instead, the regulator should take forward its other proposal and introduce a requirement on all firms to reimburse customers who have acted appropriately.

Self-regulation has failed. We must do better. Letting banks act as judge and jury when it comes to scams has not worked. We must put in place a new system centred on helping the victims of this terrible and growing crime.

Banks and the regulator have had two years to try and make self-regulation work. All the evidence shows that this approach has failed. £700k a day is being lost to this crime, but less than half of it is reimbursed. Victims – particularly vulnerable ones – are being routinely failed by banks whose actions are undermining the Code they helped to write.

It is vital that the PSR does not hand the banks the power to modify or rewrite the existing code. Instead, it must take writing the new rules into its own hands and make it mandatory for all firms to reimburse victims when they are not at fault.

Rich will be giving evidence from 10:30am today (Thursday, 8 July).  A longer version of this update appeared as an Op Ed in Times Redbox (paywalled content)


Do you agree that the regulator must not give banks the power to write their own rules on scam reimbursement?
Loading ... Loading ...

15/06/2021: Update

28/04/2021: PSR must take action

When you fall victim to a crime, you expect to be believed. If someone breaks into your house, you don’t expect the police officer to point out where you should have installed CCTV. If you get mugged, you don’t expect to be asked for proof of how you put up a fight. And if you fall victim to a sophisticated and intricate scam, you don’t expect your bank to add to your feelings of guilt and distress by pinning the blame on you.

Yet that is exactly what is happening at the moment, with victims of authorised push payment scams (otherwise known as bank transfer scams) when they are tricked into unwittingly transferring money to a scammer. 

Which? News: Banks routinely blame victims of fraud

We receive information from hundreds and thousands of victims every year. The case studies we see highlight the impact on victims of this horrific crime – and how this is often exacerbated by banks who appear not to care about what has happened to one of their own customers who may have just lost a life-changing sum of money.

Blaming the victims

Recent evidence published by the Lending Standards Board (LSB) and the Financial Ombudsman (FOS) demonstrate just how poorly some banks are treating victims and the lengths they will go to to try and pin the blame on individuals rather than accept any wrongdoing on their part.

The LSB oversees a voluntary code that industry helped to write and which sets out protections for APP scam victims. The Code states that victims should be reimbursed other than in a few specific circumstances – and even then banks are expected to consider the scam in the round and how individuals may have been affected by the context of what happened and how.

Data showing just how well banks are adhering to the letter and spirit of the Code was recently provided to the LSB by signatories to the Code (which includes all the major banks plus Co-op, Metro, and Starling) and published earlier this year. 

It paints a damning picture of how banks are interpreting and implementing the Code in wildly inconsistent ways and how victims are being mistreated across the board:

🔹 Victims were held fully or partially to blame 60% of the time, and therefore often denied any reimbursement

🔹 Blame was shared between the customer and either the bank sending or receiving the money, or between the two banks themselves, in a further 17% of cases

🔹 Two banks pinned the blame on victims in nine out of every ten instances

🔹 For investment scams – which often involve the highest amounts of losses – victims were blamed 67% of the time

🔹 Romance scams, which can involve extreme emotional and psychological manipulation, had a blame rate of 61%

Final adjudication

When a victim is dissatisfied  with the outcome of a decision made by their bank they can escalate it to the Financial Ombudsman for a final adjudication. In some cases, these decisions are published.

We had a look at some recent decisions, which were all upheld in favour of the victim (as are the vast majority of APP cases), and found evidence of banks placing extreme and unjustifiable expectations on what a customer should have done to avoid being scammed. 

These included HSBC telling a victim who lost £2,000 to a HMRC scam that it was “inconceivable” that he didn’t spot the red flags because he worked in a professional industry, and Nationwide refusing reimbursement of £1,146 because the victim “didn’t listen” to warnings given – despite receiving a call from a spoofed number which made her believe she was speaking to her building society.

In a separate case, Halifax only returned half of a £60,000 loss to an investment scam victim who had “failed to make sufficient checks” before investing – before backtracking after Which? intervened to point out they had never asked the victim what checks they had actually made.

All of these and more provide further evidence for what we have been saying for years: the banks are consistently misinterpreting the Code they helped to write in order to put the blame on the victim, and the Payment Systems Regulator (PSR) is doing little to ensure they adhere to the rules.

Our calls on the PSR

We are calling on the PSR to use its upcoming consultation to introduce new transparency requirements on banks so that customers can see exactly how they treat and reimburse victims of APP scams. It must do this as quickly as possible to prevent banks making this a race to the bottom, and many more victims being denied rightful reimbursement

That same consultation will also recommend a way to make APP scam protections mandatory. We strongly believe that industry has been given sufficient time and opportunity to provide the solutions so under no circumstances must the banks be allowed to write another new code to replace the existing voluntary one as the PSR has suggested. 

We will be continuing to make this case over the coming months so that the PSR stands firm and takes action to protect victims.

What would you say to the PSR if it suggested allowing the banks to write another new code?

Miss Rashid says:
8 July 2021

Why cannot the banks send a warning when an account you are about the credit is not authentic. Somebody gave them an account which is being Registered by Company House. If they dont have a clue what chance will people have.

Same as the internet, who is giving a platform to abusers, trolls, Pedophiles and all the scammers

David Marper says:
8 July 2021

Banks have too much power and are not at all bothered with small investors.

G Morrow. says:
8 July 2021

My bank accounts have been frozen since March 2020, and the bank has done nothing about it, lots of emails, but nothing positive, only advice to go to The Fraud Dept. They just sit back, and let everyone else do the work, they are just not interested.

Lewis Clements says:
8 July 2021

It is quite simple, the government always favours large corporations over the general British public. They don’t care about the British people, who, to them are simply financial fodder. There to be fleeced at every opportunity. That is the reality. Large corporations have clout, we the public do not. It was ever thus, regardless of which party is in power. Can anyone name a single instance when a UK government has done something to actually help people?

Some use the argument that we bailed the banks out in 2008, now it is their turn.
Actually, not generally true:
“Participating banks
The plan was open to all UK incorporated banks and all building societies, including the following: Abbey, Barclays, Clydesdale Bank, HBOS, HSBC, Lloyds TSB, Nationwide Building Society, Royal Bank of Scotland, Standard Chartered Bank.[10]

However, of these, Abbey, Barclays, Clydesdale, HSBC, Nationwide, and Standard Chartered chose not to receive any government money,[19] leaving Lloyds and RBS as the only major recipients.

So, if you feel that strongly about the bailed out banks, then just avoid using those who were.

I was scammed twice by Chinese con merchants through Facebook. Normally for the purchase of anything business wise, I use PayPal as a way of security. On these two occasions, paypal were not options. It was the fact that the tools for sale were exactly what I required.

On both occasions I tried to claim my money back through FB, obviously they did not want to know, the excuse being they were just advertising and nothing to do with the business. I tried through Barclays to claim my money back giving them all the details of the original advert, the payment and all the correspondence I had entered into with both FB and the scammers. Because the amounts were under £100, they were not interested and blamed me for, in effect being stupid and falling for the scams.

Looking further and after warning everybody on FB not to trade with these scammers, as well as asking FB not to facilitate any of these Chinese businesses, it has appeared that many others were taken in by exactly the same scams. How much exactly the banks have made by not only facilitating fraudsters, probably runs into many £k’s of pounds sterling as well as foreign currency.

The banks must be held to account, if a customer is scammed, provided they can back everything up with hard evidence, then the banks should reimburse and then fight for their money back. After all, yes I accept everything has a cost, but the banks can afford it and have far easier access to law enforcement than the ordinary punter on the street. Instead of continuously robbing the customer, they should be doing far more to fight fraud worldwide. And most definitely in the UK, the government must do far more to ensure that the banks fight all forms of fraud against customers. So yes, the laws, not rules but laws must be considerably tightened in favour of the customer.

Many of the people who are suffering because of these scams are older and not cognisent of the way of “business” and are therefore easily convinced and confused by the scam merchants to give sensitive information. These people must be protected.

Joy Horsfield Gardner says:
8 July 2021

The first thing to remember is that all banks make money out of their customers through the service the banks provide. We, the customers, have a right to know how well our money & investments with the bank are protected. We also have the right to switch to another bank if we are not satisfied with the service we have received.
When a fraud takes place, how much time and effort does the bank (from which the customer’s money was taken), invest in tracing the recipient account, including:
1) The Registration number of the bank
2) The name of the person/persons/company in whose name the account is registered
3) The country in which the account is operated
4) The legal requirements of that country to conform to international standards of financial trading
5) Any international legal framework that can be used to identify & used to prosecute the perpetrators of the crime.

As this is a criminal act that appears to be spreading across the world, perhaps it is time for a serious international response. The International Court of Justice, The Hague, dealt with the Application of the International Convention for the Suppression of the Financing of Terrorism and of the International Convention on the Elimination of All Forms of Racial Discrimination. Would it be possible to use this Court of Justice to formulate a system for dealing with financial fraud, much of which is possibly funding greater crimes?

Banks need to take greater responsibility for this matter and be more proactive in protecting and reimbursing their customers. The scammers usually have enough initial information to convince their victims that they are who they say they are. This information has to come from somewhere and I imagine that the banks play a part (via a lack of security?) in allowing this info to be secured by the scammers.

Tony Sampson says:
8 July 2021

All large companies will do all they can to maximize their bottom line, often at the expense of the public. They must be tied down by strict rules that gives them no wriggle room.

I do not trust the banks in any way shape of form. The Banks only work for themselves and how much money they can make. They have no empathy for their customers.

8 July 2021

Banks are encouraging customers to bank on line and when their account is attacked by a fraudster the bank denies any claim. When I visit my bank the cashier tells me that it would be easier for for me to use internet banking and then refuse to compensate me if I am a victim of fraud. Absolutely disgraceful.

H Taylor says:
8 July 2021

The banks are not the only culprits in causing distress to the victim, because police and CPS are not taking seriously the complex and abusive way perpetrators abuse their victims. So the case goes on and on as we fight to prove fraud/ romance fraud is the actual real issue and not just a civil matter, as the CPS seem to think it is. The whole system is flawed completely. Mental, emotional & psychological scars remain, when the victim is silenced by the system. This treatment enables & supports the perpetrators actions over the victims. Craziness.

Banks should not make big payouts from peoples accounts.unless they verify it with the
Account holder first.

John H. says:
8 July 2021

How much salary does this regulator position pay?
There is little use in having a regulator at all if this is all he can do.

mr.mrs R Briggs says:
8 July 2021

People World Wide Need to Know That Just about All Banks are Run by The Evil Cabal/The Globalists…Rothchilds. They Actively Encourage The Banks to do as Least as Possible, which is all part of There New World Order/Great Reset..Made Worse by The Planned Demic by All The Evil Cabal Near The Top of The Pyramid, So. Everyone Needs To do The’re Research, Ignore The Mainstream Media and Realise Things Will Get Much Worse if We Don’t ALL Stand Up Against Tranny….Banks Need a Total Overhall Very Soon, With Arrests of The Criminal Families Running The World Into The Ground for Their Control & Greed…And Much Worse. God Bless All…And Don’t be Taken in by The TEL LIE VISION.

I used to work in Lloyds Bank and if you wanted to make a payment overseas you had to meet with the requirements of the Bank of England and apply a certain Exchange Control Regulation number.
A very similar situation could be used by each Bank to prevent the Scams being successful in the “enlightened times”.
I am 85 now so don’t know what Banks are getting up to.

Paul Hockie says:
8 July 2021

What I want to know is how scammers get bank/card accounts. If I want to open a new account its getting to the point where I have to give a DNA sample and enough ID to cover me from birth. I am told this is because of anti money-laundering legislation. It would seem that every time a bank transfers money to a scammer they are in breach of their responsibility to verify the receiving bank account. Of course, this would be costly so they follow the cutomary path of blaming the customer.

Paul – I think that is the key point in all this compensation discussion. It seems to be an impenetrable mystery that the banking industry is keeping well-concealed: how are criminals able to open UK bank accounts to receive plundered funds, and why is the bank that hosts those accounts not the one required to stump up in the event of a fraud?

I agree that the receiving bank that hosts the fraudster’s account should be the one to refund, if a genuine scam (is their such a thing) has been perpetrated on a totally blameless victim.
Are all these receiving banks located in the UK though?

No, Malcolm . . . and that’s another problem. It’s impossible to tell without doing extensive research.

I have always felt it should be necessary to state the bank’s name [plus, possibly, the branch address] rather than just the sort code. It could still be a lie, of course, but I don’t keep a list of sort codes relative to bank names, and my bank address is a high street in north London where I used to live when I set up my account several decades ago.

Rik Grayson says:
8 July 2021

Those most likely to be the victims of scams – namely, the vulnerable – should be protected by the PSR, and, indeed, the banks. If the banks lack a social conscience then they seem little better than the perpetrators of the scams.

Banks are in business now because the taxpayer bailed them out from the CORRUPTION OF THEIR OWN MAKING and it was NOT UNFORESEEN BUT THEY DID IGNORE ALL WARNINGS and repeated the 1929 Wall street crash, they act recklessly knowing that the state will always bail them out. I was then and now of the opinion that most should have gone bankrupt. Under Company law directors are required to safeguard the asset of the business and in that they FAILED the penalties are a custodial sentence however none of them are ever convicted or spend time in prison. Now, they have an extremely higher duty of care to the taxpayer and yet again they are abusing their customer base. It is yet another step in the banks failure of duty to their customers. EITHER ALL BANKS SHOULD BE CLOSED DOWN AND AND A NEW MODEL SET UP FOCUSED ON CUSTOMER CARE AND SERVICE AND HOLDING INDIVIDUALS FINANCIALLY TO ACCOUNT FOR THEIR LOSSES. Or they should raise their standard of duty and care, including more customer user friendly services. This sector is still an utter disgrace. Bring back Glass Steagall act, which separates low risk high street banking from HIGH RISK merchant banking and trading. Scams still arise in the banking sector because they refuse to pay to install a high quality security system which is available but the banks consider it too expensive to install and protect customer’s money. Yes, there is a clear audit trail so the scammers can be traced but of course that takes time and money and hits the banks profits – so no they CANNOT BE BOTHERED.

Vi9 – You raise a lot of points but I feel that I must challenge you on one of them. Banks have not failed to safeguard the assets of their businesses and no customers’ funds have been lost. The banks are required to pass stress-testing of their reserves and provisions and they are heavily regulated. Only two banks had to be bailed out by the state [which acquired a large shareholding in them].

Some banking activities have been ill-advised and some of their decisions in individual cases have been contested, sometimes successfully, but overall I would say the banks have not shown a pattern of irresponsibility.

One of the prevailing complaints is that the banks are not generous enough in repaying customers who have been scammed out of money by fraudsters. Never mind what Which? thinks, I wouldn’t wish to use a bank that was too easy with my money in compensating people who failed to exercise adequate caution in transferring money.

More could be done by the banks to assist people and to safeguard those who might struggle with managing their accounts, as has frequently been recommended here, but people must take greater responsibility for their own financial conduct.

If compensation becomes too easy, or semi-automatic, it will breed its own types of fraud.

There is a wide choice of banking facilities and no one has to use one. I appreciate that that is not an appealing argument but it is the reality of life.

It seems we live in different worlds Mr Ward. Anyone who knows anything about the last financial crisis knows fullwell that many banks have failed to safeguard the assets of their business often in a largescale way. Shareholders in inumerable banks have suffered large loses due to falls in share price triggered by banking misbehaviour. Or do you not count stockmarket value as a business asset ? Of course they have risked their assets in other ways and suffered large fines due to their dubious behaviour.