/ Scams

Monzo spoofing scam: how we helped a victim get their money back

After an initial plodding response, Monzo refunded a fraud victim in full. Here’s how we helped, and why banks have a responsibility to protect your money.

The last thing Scott wanted to hear after being furloughed was that his bank account had been targeted by fraudsters.

He received emails, calls and texts from his bank, Monzo, all warning that his account needed to be secured.

Scott was initially sceptical, but the caller was professional, calling from the digital bank’s phone number, and insisted his money was at risk. Scott carefully checked all the details before reluctantly handing over his account information.

He was horrified to later discover that all his money – £12,000 – had vanished. The emails were convincing fakes, and the calls and texts were spoofs created by scammers.

‘I’m savvy about these things, but the set up was so slick,’ said Scott.

Contacting the bank

He contacted Monzo immediately for help and was stunned by its response. He told us that its customer services ‘filled him with fear and uncertainty’ about whether he would get his money back.

“There was no support or empathy. I was made to feel it was my fault, and that the bank probably wasn’t going to do anything about it, I didn’t expect violins, but I did expect reassurance. I thought Monzo would be on my side”

Scott heard nothing from Monzo for weeks, despite him following up his initial complaint several times. After getting nowhere and being worried that he would never get his money back, Scott turned to Which? for advice on what he could do next.

We told Scott that he should be reimbursed by Monzo because he hadn’t given permission to make the transaction. He wrote to Monzo demanding a refund. Only then did Monzo reimburse Scott for the full amount, plus compensation for the inconvenience.

In response to a call for comment on Scott’s case, Monzo said:

“It is clear cut that Scott was entitled to his money back. We never declined his request. We just took too long sorting this out. We have apologised and compensated him for this”

Protecting your money

Banks have a responsibility to protect your money and they should do everything within their power to recover losses that are due to fraud.

In this case, the transaction was unauthorised and therefore had to be refunded in accordance with the Payment Services Regulations.

These are the same regulations that cover you if your card is lost or stolen and used fraudulently.

Sometimes banks might attempt to wriggle out of reimbursing customers in these situations, but you should never be held accountable if you can prove you didn’t give permission to send the money, as was the case with Scott.

Have you struggled to get your money back after a sophisticated scam?

Comments
martinerasmus says:
17 October 2020

Scammers need their own account to which they can transfer the victim’s cash. The bank that gave the scammer an account had not done its job properly because its verification procedures were lacking, ergo that bank is at fault.

John Adams says:
17 October 2020

The advice I would give here is that if you receive these kinds of messages “from your bank”. Then contact your bank directly by the phone number or other means that they gave you to verify that there is genuinely a problem with your account.

I prefer a bank with people (humans face to face) for anything other than routine payments to people I know, otherwise its credit card only never transfers, even of it costs a bit more.

However banks are not interested in preventing fraud, neither are the police or government. Each case is one of thousands and the victims are just a number. Its amazing how anyone can seem to open an account and commit fraud. Any transfers to foreign accounts should go through special checks and anyone opening a UK account should be photo, passport and tax-checked at a branch of the bank and then address checked by letter.

Also advice should be not “take 5” to “make sure the caller is genuine”…cold callers are never genuine. The government advice and banks should run TV ads – “never respond to any email or phone call”..Ive never had a call or email from my bank ever. They either send a text to say to contact them using my name and to call the number as written on my bank details, or send a letter. The Government is protecting the cold call industry.

Scammers are not giving up lightly in their quest to steal from unsuspecting individuals whose life savings can disappear in a flash.

If this unethical trend is allowed to continue unabated, the only safe way of contacting their customers would be for banks to resort back to the days when snail mail would be the only effective way of communicating with them.

The disruption this would cause would be catastrophic for banks who would ultimately depend upon customers to phone them which, in turn, would increase their frustration, waiting in long time consuming call queues becoming even longer before being answered.

It is becoming abundantly clear we are increasingly in danger of becoming the victims off our own invention.

A safe way for banks and customers to communicate is by customers logging into their account and by secure messaging. Banks can ask a customer to do this when there is information they need to impart. A financial institution I am with emails me to alert me that there is new information about my account and I then login to read it.

John Willerton says:
18 October 2020

Some of these scams are not really that sophisticated and can be avoided by following a few simple rules.
Never, ever give any information to an unsolicited caller however persuasive they may be and whatever number they ring from. This includes any identification data and account details. This is the prime rule and will stop most scams in their tracks.
Don’t ever pay money out to an account given by a caller not known to you or by email. Ring the person you are paying to check any account numbers and on a different phone.
Banks can freeze accounts and cards, and if necessary transfer money to a safe account. They do not need you to do anything if they think it is a fraud and are quite competent at stopping frauds in progress that they spot.
Finally if you are not confident with technology then don’t use online or mobile banking.

Scott did not check all the details as thoroughly as he claims! A simple call to his bank?

I am concerned that bank customers should be helped to avoid scams and, where a bank is negligent, to refund the customer.

However, I am also concerned that we should be fair to both parties. If a bank refunds a customer it is usually other customers’ money that, indirectly, is being used unless they recover it from the receiving bank– lower interest rates on deposits, higher rates on loans and overdrafts, higher charges. So, I believe we need a responsible approach to deciding who pays and what proportion of the money lost.

Which? list these conditions for banks to observe. However, they are very general and, I believe, Which? should flesh them out so we know what the rules really mean in practice and when they are relevant. I’ve put some comments in italics.

“How are banks supposed to protect you from these scams?

A voluntary code of conduct was introduced in May last year, which would see you reimbursed by your bank if you fell victim to this type of scam, and you aren’t to blame.

Banks also have duties to protect you and should reimburse you if they’ve fallen down on any of these steps, including:

1. Educating customers about APP scams
What should count as acceptable education and how should this be transmitted to the customer?
Would a general warning on the customer’s online account, visible each time a transaction is attempted, be adequate?
Clearly a bank cannot foresee a new scam.

2. Identifying higher-risk payments and customers who are vulnerable and so have a higher risk of becoming a victim
Identifying a higher payment done online is easy but how does the bank assess the risk attached?
How does a bank know a customer is vulnerable unless they have had an assessment provided by, say, a family member?

3. Providing effective warnings to customers if the bank identifies an APP scam risk – these could be messages when you go to make a payment or set up a new payee
How is a bank expected to identify an APP scam risk

4. Talking to customers about payments and even delaying or stopping payments where there are scam concerns
Following from 3. This can only happen if there is an effective way of identifying a scam risk.

5. Acting quickly when a scam is reported to it
Agreed. But what action should be taken other than contacting the receiving bank to try to recover funds and reporting to the authorities?

6. Taking steps to stop fraudsters opening bank accounts.
This is, of course, the key to success. How does a bank identify a fraudster and deny them banking facilities? The receiving bank should repay funds, whether or not they can be recovered, if they cannot demonstrate due diligence in sanctioning the account opening.

Read more: https://www.which.co.uk/news/2020/10/post-brexit-law-change-could-help-banking-scam-victims/ – Which?

In reports by Which? of scams the presumption seems to often be that the victim is not to “blame” at all. Yet, frequently, we see they have ignored (or never taken note of) scam information, they have often initiated a payment in response to a request (often very sophisticated) and they may have given away essential information (contrary to their contract with their bank) to allow their account to be used or have simply instructed their bank to make a payment. Their bank has simply obeyed their instruction, as the are obliged to do.

So, it is not a question of “blame”, in my view, but of being responsible, to a greater or lesser degree, in making a personal transaction. And being given a bank account with facilities most appropriate to the account holder.

I’d like to see this insistence on the banks being responsible moderated so it is fair to both parties. And where a “victim” has acted irresponsibly they should accept the consequences of their actions.

Equally, if a bank behaves irresponsibly, negligently or contributes to the victim’s loss then they should provide recompense.

The danger of an almost automatic compensation scheme, however much the victim is responsible, is the probability of contrived claims, of a relaxation in some customers’ vigilance, and extra costs to responsible customers.

In the consultation on APP scams it was considered that the receiving bank should be made responsible for the repayment of scammed funds, in that they were responsible for opening the account of the fraudster. I agree with that approach in that it should make banks much more careful in the checks they make when accepting a new account holder. Clearly the receiving bank would need evidence from the sending bank that a genuine fraud had been committed.

I also believe that banks should offer accounts with different facilities to different people. For example, placing smaller limits on a withdrawal or transfer amount; limiting a daily total withdrawal; requiring a second person to authorise a transaction, or one above a pre-determined level; imposing a time delay on all transactions above a level but with the bank questioning the transaction.

We should also, perhaps, be made to earn an account with “normal” facilities by completing an assessment of our understanding of how to operate it correctly. Difficult to do unless in branch of course. Alternatively, our account could be downgraded if we use it irresponsibly or fall for a scam.