/ Money, Scams

Victims of bank transfer scams deserve better

A woman contacts her bank by phone after discovering an issue with her bank account

Getting your money back after a bank transfer scam shouldn’t be a lottery with less than a 50:50 chance of success, says Gareth Shaw.

In recent years the marketing campaigns of financial firms have focused on projecting themselves as caring and sentimental businesses, a theme that has only become more commonplace in recent months.  

That is, unless you fall victim to a bank transfer scam. 

Nowadays, fraudsters use hideously sophisticated tactics that any of us could fall for – criminals hacking your builder or solicitor and requesting money from you at exactly the time you were expecting to make a bank transfer. Or, using readily available software, they can insert a bogus message into a series of legitimate texts from your bank.

Most banks and building societies are signed up to a voluntary code which pledges to reimburse customers who have fallen victim to this type of fraud, implemented following a Which? super-complaint in 2016, when we took action to ensure better protection for customers. 

However these supposed guardians of our money are now reportedly considering watering down the voluntary code’s standards on reimbursement, by proposing to remove entire categories of fraud. 

Hundreds of millions lost in 2020

More than £200m was lost to authorised push payment fraud in the first half of 2020, and as our research today shows, lax security measures from banks and building societies could be granting criminals the tools to carry out this type of crime. Attempting to reduce fraud protections is exactly the opposite of what banks should be doing. 

The voluntary code was initially based on the assumption that the victim should be reimbursed, and only in a limited number of circumstances should banks reject a customer. 

However, some banks are unfairly denying reimbursement. In some cases that we’ve analysed, they are putting the blame on the customer for missing often inadequate warnings on their websites. And it’s not just us that believes this is too harsh – the organisation that oversees the code, the Lending Standards Board, thinks banks and building societies aren’t following the rules they agreed to. 

This fundamentally undermines the protection offered to consumers that should ensure they get their money back.

Low rate of reimbursement 

In fact, customers of banks signed up to the code stand less than a 50-50 chance of having all of their losses returned if they are tricked into handing money over to a criminal – at one bank, the figure stands at a pitiful 1 per cent according to research from the Payment Systems Regulator. 

The Financial Ombudsman has consistently ruled against the banks when these cases go to appeal – but the banks should be getting the decisions right first time rather than subjecting their customers to suffer an ordeal that can last for months or even years to get a resolution.

The reimbursement rates for all the major banks are known to the industry and the payments watchdog, the Payment Systems Regulator, but neither will reveal them – a decision that makes it look like the banks are standing by each other, rather than with their customers.

The only bank prepared to break from the pack on fraud is TSB. It is not signed up to the voluntary code, but instead has its own guarantee to refund customers who fall victim to fraud. As a result, it’s reimbursement rate is close to 100 per cent. 

Banks shouldn’t water down standards

The voluntary code that can let a bank pick and choose which rules it wants to apply with impunity doesn’t work, and an urgent overhaul is needed. 

Far greater transparency is required. The industry must publish how much money each bank returns to customers who have fallen victim to this type of scam, so consumers can establish which banks are treating their customers fairly and consistently, and which ones abandon them – a move that would almost certainly drive up standards across the board.

The government should also work with regulators to make reimbursement for APP fraud mandatory. In the meantime, banks should continue to protect customers from all bank transfer scams.

Without taking these steps, there’ll be no end to the lottery that thousands of consumers face to get their money returned, and it’s possible that even greater odds will be stacked against them at a time when they most need support. 

This is an adapted version of an article by Gareth Shaw originally published in The Herald.

Do you agree that banks must continue to protect their customers from all types of bank transfer scam?
Loading ... Loading ...

Don’t waste your time contacting the financial ombudsman service who are funded by the corporations and companies you are complaining about. The ombudsman service is merely a government intermediary scapegoat appointed to relieve the enormous pressure of consumer complaints, which should be dealt with by the FCA. (Financial Conduct Authority.)

In the case of banks repaying customers who have been scammed, the missing step is to properly examine the level of responsibility – or irresponsibility – each party has displayed. At present the odds are heavily weighted in favour of the customer, it seems to me, who is deemed to be blameless unless they have shown a huge lack of responsible behaviour. That is probably the easy option, avoids work in examining the circumstances, so just as PPI seemed not to bother looking too hard at claims, just use our customers’ money and pay up. That doesn’t encourage responsible behaviour by customers and could well lead to fraudulent behaviour, all to the detriment of the vast majority of us.

The handling of cases of fraud by banks is far too important to be dealt with by a voluntary code, so legislation is needed to produce rules that are fair to consumers and their banks and for each case to be judged on its merits.

I would like to know what banks are doing to ensure that fraudsters are not provided with banking and card services and what surveillance is being carried to ensure that money is recovered from their accounts.

The time taken for the banks to roll out Confirmation of Payee is a good illustration of how much needed action was delayed by the industry.

For a bank to claim they are satisfied all the necessary banking ID checks compliant with regulatory banking practices and codes are carried out when opening a new account, without evidence of surveillance to this effect, it is failing to protect the financial interests of the customer who unwittingly transfers money into a fraudulent account.

As long as banks are able to continue to abide by their own appointed codes and put their own interests before that of their customers, fraudsters will continue to open new accounts using stolen IDs and false documents and take money from the banks customers without any expenditure or loss to the banks themselves.

I think before we repeatedly criticise banks about introducing CoP we need to properly understand the problems involved. From what I read, getting this done was not the straightforward task that some assume. Maybe Which? could ask someone knowledgeable to explain both sides of this @gmartin ? When we see the facts we could then launch an informed discussion |(although really, as it is now with us, it would not seem to do more than confirm, or otherwise, our preconceptions 🙂 ).

In the absence of CoP there was a simple way to check your money was going to the right person. Simply to move a token amount, check with the intended recipient it had been received, then knowing their details were correct in your banking database you could safely move the balance. I have done this from the start of my online banking. So, I believe, have many others.

I agree, as I said above, that cases must be judged on their merits. Simply refunding everyone who has fallen for a scam (or, heaven forbid, may try to take advantage of the generosity by creating their own scam) without any determination of who is responsible is wrong. It means I, you, and everyone else who uses banks, will subsidise those people with varying degrees of irresponsibility and lead to less responsible behaviour.

I also believe the banks should do more to help customers be more responsible through education, in part, but also by tailoring account facilities to match the perceived abilities of the account holder. So someone who is less confident, or whose family regard them as not well versed in dealing with finances and vulnerable to fraudsters, could have limitations placed on their online transactions – limited in daily amount, limited to preset payees, require a second authorisation, as examples.

Without surveillance, thieves will continue to get away with their crimes. I speak as an innocent victim of a car incident that cost me financially, emotionally and psychologically. Evidence is crucial to deter these criminals who, without conscience, will walk away from or disappear into virtual obscurity to enjoy the spoils of their ill begotten gains.

People are not machines and you don’t have to be uneducated to fall for a scam once you are unfortunate enough to be targeted by a ‘professional’ scammer. It only takes a moments distraction or being off guard for a second to fall victim to an online scam. While banks continue to hide behind their own codes of practice, some dating back to the early 20th century, when their premises were broken into by thieves and safes were forced open, or they were raided by gangs bearing weapons, were pressured into accepting responsibility and their customers completely exonerated from all blame.

Times have changed since those days. The advancement of technology, computing and electronic communication systems have opened up a world of opportunity for cyber criminals, enabling them to directly target banks customers instead of the banks themselves or their premises.

It’s time for the banking industry to revise their outdated protective codes in line with modern day banking practices and put their customers interests before their own defunct jurisprudent laws and legal systems.

Before around 1960, banking wasn’t really operated for the man in the street, it was largely a commercial affair for companies, shopkeepers and the professional classes who did business in guineas.

As you point out, as a service, it has not fully adapted to today’s market for retail banking and its overall priority has been to acquire as many accounts as possible, almost at any cost knowing that customer inertia is the main prize.

I don’t agree with that. I well remember in the early 1950s going into the Yorkshire Penny Bank with my Dad, whose salary was paid in and who had a cheque book to make payments and withdraw cash. My original bank account in the early 1960s was attuned to my needs as it still is, together with a mutual with whom I do my main banking; all very satisfactory.

Their service has provided me with easy-to-use online banking, again that meets all my requirements. So I think in my case the banks I use have met my needs as a private customer. Which? seem to agree.

Before 1960, most workers’ weekly wages were paid in cash and many used trustee savings banks, regional penny banks or savings banks, mutual benefit societies, the coop bank or the Post Office savings bank to hold any excess funds, since running a bank account with a high street bank was expensive because there was a charge for every deposit and withdrawal.

Professional people, and those on a monthly salary or fee-earning, usually had high street bank accounts and paid their household bills by cheque. The advantages were access to loans and overdrafts, bankers’ references, and foreign currency for those who could afford holidays abroad.

Banking reflected the class system, and to a large degree still does, but, as Beryl rightly points out, money crime has moved from raiding banks and holding-up the staff and customers to invading our private accounts by insidious means. Watching an old episode of The Sweeney shows how it used to be done. The police are still geared up for the traditional methods but have yet to come up to speed on modern theft.

Phil Gossan says:
7 January 2021

Being someone who was a victim of this scam last year, a lot of the issues are fresh in my mind still. I was fortunate to get all my money back however it took a long time and a lot of complaining to the bank. Originally they said they would do everything to get all of it back, without mentioning any liability on either myself or the banks part. They said they would keep me posted via email or text message every step of the way with information. I got 25% of it back the next day but didn’t receive any notifications, I only noticed 3 days later when I checked my online banking. Then I didn’t hear anything from the bank for over a month, in the end I contacted them to chase up. They said they were still looking into it and when I asked about getting it all back they repeated they would do everything they could, so I asked if they had insurance to cover instances like this to ensure I would get it all back one way or another and they said yet. Again, a month goes by and I hear nothing so I call them up and they said it’s being passed on to the FCA to look into. Another 6 weeks later I notice another payment, still no text or email, which makes my total about 50% reclaimed. I called them up and they said the case is now closed as they are only liable for half of it!! Which was of course news to me!! I was informed I should have been sent a letter 2 weeks ago, which I didn’t receive, explaining why. Immediately I filed a complaint which they said could take up to 6 weeks to look into but if I wanted to take it further I could contact the Financial Ombudsman, which I did supplying evidence of all conversations. 4 weeks later I contacted the bank as the letter still hadn’t arrived and I had just spotted an article on here about Online Banking fraud where people claiming to be banks had scammed hundreds of people and that there were protections in place. The bank said they had only just received my complaint, but as soon as I told the bank that and that I had contacted the Financial Ombudsman the bank said they would look into it. 24 hours later they called me to say I would be getting the rest of it back.
My feedback would be this:
Banks – be open and honest from the start to customers, explain liability to them as to not give false hope. Also, get departments talking to eachother using ONE system not relying on different departments to pass on messages.
Consumers – know your rights but be vigilant. It is the banks job to protect your money and prove that you did not protect yourself against fraud, not the other way round. But always check the person calling/email you and their credentials, if in doubt call them back using phone numbers on the official websites. Don’t ever click on links in text messages or emails, period. If a bank thinks you have been a victim of fraud you shouldn’t have to give ALL your details, they should know things about you, so don’t give out passwords, pins or security codes for cards – banks will never ask for these and will not ask you to transfer money to them.

Phil, it would be useful to know exactly how you were scammed and the part your bank played in the fraud.

As a victim of bank transfer fraud in the past (2017) with no fund recovery and no help from Lloyds business,
I was wondering has any business taken a bank to a small claim court and won the case against the bank? Are there any records of such cases at all?

A banks reputation is usually sacrosanct and for that reason they will do what they need to do to preserve that. Have you tried threatening court action G.T if you consider you have a reasonable case against them?

Surely it should be up to the bank who let a fraudster open a fraudulent account bear the cost of any reimbursement. There must be a way of better checking applications and confirming that the people are who they say they are. And by only letting people who have guarantors who could put up assets in case of the applicant being fraudulent. Awkward but in this day and age of these scamsters something extra has to be done. So if a bank can’t be bothered to do something like that then they deserve to bear any loss.

I registered with FINETERO. Com I transferred 250 pounds to them but they don’t open an account for me and they want more money. They don’t want my deposit back either. How do I get my money from the bank? Is there a possibility?

Which? urges action to stop scams ‘victim-blaming’ by banks………
Official figures show banks signed up to an industry code on bank transfer fraud hold victims fully or partially responsible for being scammed up to 77 per cent of the time. Victims were held fully responsible for 60 per cent of payments, while 17 per cent of the blame was shared between the customer and either the bank sending or receiving the money, or between the two banks themselves………..”


Well, perhaps the “victims” do have some or all responsibility for making decisions to pay money to fraudsters. Why we should expect an almost blanket assumption that no customer has any responsibility for any loss incurred when responding to a scam, and that I, and other bank’s customers, should just give them their money back without real justification, beats me. We need an approach that is fair to all parties and that recognises that a bank’s negligence is material in deciding whether compensation is made.

The examples, of customers who have lost money, given in the press release do not convince me that they are not a party to to the loss. Some seem to indicate ignoring banks warnings, ignoring publicised scams, or dabbling in matters and with people they know little or nothing about.

I am totally in favour of banks paying out when they are at fault, and in doing their real best to recover funds from the receiving bank where fraud is involved. I also think a bank is culpable, at least in part, when it opens accounts for people who turn out to be fraudsters without conducting due diligence.

What I would like to see is banks offering accounts with different levels of payment facilities by their customers depending upon their declared or perceived capabilities; limiting single amounts that can be paid, requiring authentication of any new payee, requiring a second authentication for transactions above a limit, having a day or two delay in certain transactions where the bank question the transaction and require confirmation, for example.

It seems to me that it is the basic fault of the scammer’s bank for not doing enough thorough checks on an applicant. The bank is actually an integral part of the scam even unknowingly. If they had to do the repayment of any customer’s fraudulent loss then perhaps they would have enough reason to do the appropriate checks. Unless they are not really interested by saying “We did all that was necessary to confirm their applicant’s identity.” That is just a cop out. If the bank noticed that a sum (or sums) of money was coming in and straight out again, that in itself should flag something wrong, or at least needed checking and verification. And if some foreign banks still don’t want to know, then they should simply be blacklisted. i.e no other reputable bank would trade with them. Surely a system like this shouldn’t be so hard to set up especially in the present days of all these scams. Public will begin to lose trust the banks if they think their money might vanish into the ‘cloud….’

I agree and have frequently suggested this, along with some others.