Monzo spoofing scam: how we helped a victim get their money back

Scammers need their own account to which they can transfer the victim’s cash. The bank that gave the scammer an account had not done its job properly because its verification procedures were lacking, ergo that bank is at fault.

The advice I would give here is that if you receive these kinds of messages “from your bank”. Then contact your bank directly by the phone number or other means that they gave you to verify that there is genuinely a problem with your account.

I prefer a bank with people (humans face to face) for anything other than routine payments to people I know, otherwise its credit card only never transfers, even of it costs a bit more.

However banks are not interested in preventing fraud, neither are the police or government. Each case is one of thousands and the victims are just a number. Its amazing how anyone can seem to open an account and commit fraud. Any transfers to foreign accounts should go through special checks and anyone opening a UK account should be photo, passport and tax-checked at a branch of the bank and then address checked by letter.

Also advice should be not “take 5” to “make sure the caller is genuine”…cold callers are never genuine. The government advice and banks should run TV ads – “never respond to any email or phone call”..Ive never had a call or email from my bank ever. They either send a text to say to contact them using my name and to call the number as written on my bank details, or send a letter. The Government is protecting the cold call industry.

Some of these scams are not really that sophisticated and can be avoided by following a few simple rules.
Never, ever give any information to an unsolicited caller however persuasive they may be and whatever number they ring from. This includes any identification data and account details. This is the prime rule and will stop most scams in their tracks.
Don’t ever pay money out to an account given by a caller not known to you or by email. Ring the person you are paying to check any account numbers and on a different phone.
Banks can freeze accounts and cards, and if necessary transfer money to a safe account. They do not need you to do anything if they think it is a fraud and are quite competent at stopping frauds in progress that they spot.
Finally if you are not confident with technology then don’t use online or mobile banking.

Scott did not check all the details as thoroughly as he claims! A simple call to his bank?

I am concerned that bank customers should be helped to avoid scams and, where a bank is negligent, to refund the customer.

However, I am also concerned that we should be fair to both parties. If a bank refunds a customer it is usually other customers’ money that, indirectly, is being used unless they recover it from the receiving bank– lower interest rates on deposits, higher rates on loans and overdrafts, higher charges. So, I believe we need a responsible approach to deciding who pays and what proportion of the money lost.

Which? list these conditions for banks to observe. However, they are very general and, I believe, Which? should flesh them out so we know what the rules really mean in practice and when they are relevant. I’ve put some comments in italics.

“How are banks supposed to protect you from these scams?

A voluntary code of conduct was introduced in May last year, which would see you reimbursed by your bank if you fell victim to this type of scam, and you aren’t to blame.

Banks also have duties to protect you and should reimburse you if they’ve fallen down on any of these steps, including:

1. Educating customers about APP scams
What should count as acceptable education and how should this be transmitted to the customer?
Would a general warning on the customer’s online account, visible each time a transaction is attempted, be adequate?
Clearly a bank cannot foresee a new scam.

2. Identifying higher-risk payments and customers who are vulnerable and so have a higher risk of becoming a victim
Identifying a higher payment done online is easy but how does the bank assess the risk attached?
How does a bank know a customer is vulnerable unless they have had an assessment provided by, say, a family member?

3. Providing effective warnings to customers if the bank identifies an APP scam risk – these could be messages when you go to make a payment or set up a new payee
How is a bank expected to identify an APP scam risk

4. Talking to customers about payments and even delaying or stopping payments where there are scam concerns
Following from 3. This can only happen if there is an effective way of identifying a scam risk.

5. Acting quickly when a scam is reported to it
Agreed. But what action should be taken other than contacting the receiving bank to try to recover funds and reporting to the authorities?

6. Taking steps to stop fraudsters opening bank accounts.
This is, of course, the key to success. How does a bank identify a fraudster and deny them banking facilities? The receiving bank should repay funds, whether or not they can be recovered, if they cannot demonstrate due diligence in sanctioning the account opening.

Read more: https://www.which.co.uk/news/2020/10/post-brexit-law-change-could-help-banking-scam-victims/ – Which?

In reports by Which? of scams the presumption seems to often be that the victim is not to “blame” at all. Yet, frequently, we see they have ignored (or never taken note of) scam information, they have often initiated a payment in response to a request (often very sophisticated) and they may have given away essential information (contrary to their contract with their bank) to allow their account to be used or have simply instructed their bank to make a payment. Their bank has simply obeyed their instruction, as the are obliged to do.

So, it is not a question of “blame”, in my view, but of being responsible, to a greater or lesser degree, in making a personal transaction. And being given a bank account with facilities most appropriate to the account holder.

I’d like to see this insistence on the banks being responsible moderated so it is fair to both parties. And where a “victim” has acted irresponsibly they should accept the consequences of their actions.

Equally, if a bank behaves irresponsibly, negligently or contributes to the victim’s loss then they should provide recompense.

The danger of an almost automatic compensation scheme, however much the victim is responsible, is the probability of contrived claims, of a relaxation in some customers’ vigilance, and extra costs to responsible customers.

In the consultation on APP scams it was considered that the receiving bank should be made responsible for the repayment of scammed funds, in that they were responsible for opening the account of the fraudster. I agree with that approach in that it should make banks much more careful in the checks they make when accepting a new account holder. Clearly the receiving bank would need evidence from the sending bank that a genuine fraud had been committed.

I also believe that banks should offer accounts with different facilities to different people. For example, placing smaller limits on a withdrawal or transfer amount; limiting a daily total withdrawal; requiring a second person to authorise a transaction, or one above a pre-determined level; imposing a time delay on all transactions above a level but with the bank questioning the transaction.

We should also, perhaps, be made to earn an account with “normal” facilities by completing an assessment of our understanding of how to operate it correctly. Difficult to do unless in branch of course. Alternatively, our account could be downgraded if we use it irresponsibly or fall for a scam.

How long before we get scammers, scamming other scammers with whom they are in cahoots with & dividing the “profits” ? This goes back to previous comments re banks thoroughly checking out potential customers before allowing an account to be opened.

My santander account has been hacked,rang the bank they said i allowed the scammers to get my funds.what are my rights on this.