/ Money, Technology

Should banks refund victims of online fraud?

Sir Bernard Hogan-Howe

The Times reports that Met Police Commissioner Sir Bernard Hogan-Howe has said victims of online fraud should no longer be refunded by banks if they fail to protect themselves.

With online fraud increasing, this is an astonishingly misjudged proposal from the Met Police Commissioner.

Sir Bernard on bank fraud

The front page of The Times reports that Sir Bernard Hogan-Howe said:

‘If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour. To be fair to the banks, if one says they’ll do it and the others don’t that’s a competitive advantage.

‘The system is not incentivising you to protect yourself. If someone said to you, “If you’ve not updated your software I will give you half back”, you would do it.’

However, the priority should be for banks to better protect their customers, rather than trying to shift blame on to the victims of fraud.

Reimburse fraud victims

Of course, it’s vital to educate consumers about how to avoid fraud, but suggesting that banks could make people more security-conscious by refusing to reimburse fraud victims risks sending the wrong signal about the banks’ own crucial role in preventing crime.

We know that scammers are using increasingly sophisticated techniques to defraud people out of their money, in many cases beyond the control of consumers.

We believe that banks should be doing more to improve their security processes and systems, share their intelligence to prevent fraudulent activity, and support their customers when they fall victim to crime.

Banks inconsistent with fraud

In September 2015, we found that banks were inconsistent when dealing with fraud. A Freedom of Information request revealed that the Financial Ombudsman Service uphold around one in four complaints relating to fraud and disputed transactions in favour of the customer, stating that in many cases banks have based their decisions ‘on a hunch’, without conducting a full investigation.

The Met has since clarified Sir Bernard’s comments, saying that he also agrees banks need to consider investing more in their security systems. However, if banks did not have to reimburse victims, what incentive would they have to protect their customers from fraud in the first place?

Should banks reimburse victims of online fraud?

Yes (97%, 28,600 Votes)

No (1%, 424 Votes)

Don't know (1%, 403 Votes)

Total Voters: 29,427

Loading ... Loading ...
robert pilsbry says:
30 March 2016

this is just another crime that the police cannot be bothered to solve they are just getting lazy mite have to stop ridding about in their cars and do some proper police work

Carol says:
30 March 2016

I worked for a bank for 30 years. Fraud was unknown when I first started working but by the end it was an every day occurrence!! I never knew of an occasion where a customer did not get refunded when a fraud had taken place on their account or cards. People must take some responsibility for their actions especially online where scans are rife & sometimes subtle. I was embarrassed that a few months ago I was scammed online. I didnt scream & shout for a refund. When its your fault you should pay the price!!

Of course you should be reimbursed! The banks commit fraud on a daily basis and we the public had to bail them out. What they aren’t telling you is there is a problem internally with bank fraud which is often covered up as they don’t want you to know about it.

Debashis De says:
31 March 2016

Its easy for “Sir” Bernard Hogan Rowe to be blase about such comments – instead of supporting Capitalist Exploiters perhaps he spend more time in opposing government cuts to services, mainly the Police. And support the front-line police, who are honest and support all peoples against the scourge of Crime – but specifically in this case financial fraud.

This comment was removed at the request of the user

Duncan – £1 vs 3d? It’s already there. I remember in the black and white days when 3d would buy you a bag of chips. Now they cost at least £1 (in the affluent south, anyway). Fish was 1/-. Now around £4 – same inflation.

On the back of the 12 sided 3 pence piece was the plant “thrift”. We could do with a bit more of that these days. Perhaps we should lobby for it to be pictured on the reverse of the new pound?

HSBC has just announced that it will charge customers £30 for every thousand they have in a Cash ISA.

Might this be an April Fools’ joke?

I am sure you could almost Bank on it Wavechange 🙂


Alan Robinson says:
1 April 2016

I vote yes with the proviso that the customer should have exercised the security procedure as recommended by the Bank

David says:
1 April 2016

Banks have adopted digital business to save money. This business should be fully functional and totally safe to the customer.

This comment was removed at the request of the user

It has today [03/04/16] been reported that a number of Santander ATM’s in Lancashire have been targeted by criminals with customer card details obtained and cash stolen. There can be no question that in a case like this the bank must compensate customers [and other banks’ customers who used the machines] for any losses. It was reported that Santander was not able to de-activate the specific machines so there is a warning not to use any Santander ATM’s in Lancashire and that the crime might not be confined to Lancashire. If cash machines’ security can be compromised by criminal activity simultaneously over a wide area that is a serious defect in the system. Not being able to shut down ATM’s after interference also seems to be a major flaw in the bank’s duty to protect customers.

It has subsequently been reported that the five cash machines involved were “shut down immediately”.

Paul Byers says:
3 April 2016

This police twit should not give such stupid comments regarding bank fraud, he should be catching the criminals! Anyway Which the best thing you could do is tell people whose Banks do not cover support against fraud, to change to Barclays who do! and even give Kaspersky to those with Internet banking which is the most vunerable. Then the banks who do not give such protection will rue this and Barclays will be delighted and could think about giving me a little bit of what they earn if people realise the sense of this as Kaspersky give a “Safe Money” program in the free antivirus giving to those who have internet banking- what more could One ask for ? Ignore that police twit and get to Barclays

This comment was removed at the request of the user

Well Barclays would be fine apart from the fact they have to pay large fines to HMRC for some dodgy creative tricks. And do leopards change their spots? Personally they would be the last bank for me to consider.


Agreed DT. I doubt if Barclays is more receptive to on-line fraud claims than the other high street banks. Weren’t they also heavily implicated in the Libor rate-rigging scandal? Were they not actually participating in an orchestrated campaign of fraud and collusion over money market rates? It might seem far removed from domestic retail banking but the repercussions have affected every household in the country because of the impact on the UK economy. The fines imposed on Barclays by the US and UK regulators alone came to over $400 million. Obviously a model financial institution to whom we should entrust our savings and salaries and enjoy generous recompense if we make a silly mistake at the on-line casino.

I am tired of hearing about on-line purchasing fraud. I lay the blame entirely at the banks door for the following reason.
A friend of mine in France has the ability to log in to his account and obtain a one time credit card number for a maximum amount. Once used it automatically expires.
Why have none of the UK banks the intelligence to copy such a system; after all, once set up it runs itself.
Perhaps charging the banks would make their eyes water enough to improve matters with schemes such as this.
A small percentage of their bonus’s and the CEO’s pay would easily pay for development – or even copy existing systems.
Of course, nothing beats “common sense” which a boss of mine once said “is in remarkably short supply” – and that is in reality the root of the problem.
You can’t overcome crass stupidity: you can only hope to circumvent it!

Harry that is very advanced. Can you find out which Bank please?

This comment was removed at the request of the user

Thanks DL that was very full and useful. One wonders if it is actually a near whole solution for the problem of stolen card details. We need someone who can confirm or deny!!! : )

Which? over to you

Well, the virtual Credit Card isn’t that new and has been around for some time, but electronic methods are superseding it already. Apple Pay, for instance, allows you to make payments without giving a retailer your credit card details. Apple Pay also avoids the biggest issue with a virtual card: that you can only use it on-line. There are other problems, too: returns can be problematic if the virtual card you used has expired; you might have to take a credit and, of course, a crooked merchant can take your payment without shipping your purchase. Even though you used a virtual card number, you’d have to dispute that charge. It’s also difficult if you want to lodge details with a company you trust, as the virtual card will only have a short ‘life’.

So it’s not foolproof.

This comment was removed at the request of the user

Interesting contributions. I am not happy with NFC payments and the security – I assume that Apple Pay does use NFC. However I am not worrying my head over the fine detail as I am sure others who have access to all the bits and bobs will be testing them for weaknesses- so that will be the black hats and the University white hats.

I like the idea of the online virtual card and wonder if EU cards differ in protection detail from the US issuers.

This comment was removed at the request of the user

The ordinary person will never be able to fully protect themselves online so if we take his advice all we are left to do is don’t buy online,

I’d certainly agree with “don’t buy online when you can exercise other, more secure options”.

PETER says:
13 April 2016

Small wonder that the abuse continues!

[This comment has bee edited to align with our Community Guidelines. Thanks, mods]

Which?’s latest campaign says “We also think that banks need to do more to protect their customers.” I think the essence of a responsible campaign should not just state a wish, but explain with suggestions how that should be achieved.

So, Which?, in what specific ways would you suggest the banks can “do more”?

The FSA says banks should give customers the benefit of the doubt when they claim to be victims of fraud – unless they can prove otherwise.
Most banks will afford a refund eventually but need time to launch a full investigation to protect themselves against fraudulent claims.

Malcolm I understood the campaigns objective was to obtain as many general practical suggestions as to what banks could do to protect their customers.

Beryl, the email I got from Which? says:
“Speaking on the programme, Which? Editor Richard Headland warned about the dangers of sophisticated online scams. Our advice is to never hand over personal or bank details to someone who contacts you out of the blue.

We also think that banks need to do more to protect their customers.

Please tell us – are you concerned that you could become a victim of online fraud? Vote Yes / No.”

Well, it seems to me we need a good deal more than helpfully suggesting we don’t hand over personal information. What I was getting at is that Which? should have the resources, expertise and contacts in the industry to put together some real proposals as to how security could be improved, in a positive way. “Could do more……” Tell us what.

If banks pay out without investigating whether the claim is justified, there are at least two consequences. First, they miss the opportunity to investigate the fraud and maybe make progress in preventing it in future. And second the banks don’t compensate the customer. You and I do – our money is paid out and I don’t want my money (recouped in higher charges) to be given away unnecessarily..

There are other consequences. When people know that they are going to be given the benefit of the doubt, they may well act less responsibly, knowing they are likely to be compensated. It may also (probably will) encourage dubious claims to be made simply to get easy money as compensation.

So, we should not make it easy for fraudsters, of course not, but neither should we make it too easy for “victims”, genuine or suspect. We have to, all of us, act responsibly. If we don’t feel we can use online banking with confidence then don’t use it at all.

Thank you for making those points Malcolm. It seems to be routinely overlooked that when banks pay regulatory fines for misselling or other service failures, and compensate customers who believe they have lost money through fraud, the money required comes from their customers either through higher banking fees and charges or through lower interest on savings and investments. It also means they are less inclined to maintain branches with lower throughputs but which are valuable community facilities. Sometimes an investigation is not economically justifiable but the banks should never give the impression that recompense will be the norm. Selective thorough investigations might be beneficial over time in preventing further fraud.

Malcolm – The point I was attempting to convey was the banks, who are custodians of your money have a duty to protect that money from fraudulent claims.

Banks employ professional investigators to ensure any claims to access your money is genuine. My late son who worked in banking was frequently faced with people entering his branch trying to obtain that money fraudulently. Members of the public also have a duty of care with their own personal finances and banks need to ensure they don’t just pay out willy nilly to every Tom, Dick or Harriette who fails to protect the cards entrusted to them by their banks.

I personally don’t have enough faith in online banking and prefer not to go there but I do buy quite a lot of goods online, always using a credit card, but as already pointed by other commenters it is impossible to guarantee your money is 100% safe with fraudsters becoming ever slicker at making a lucrative living by helping themselves to your hard earned cash.

For my part I would suggest banks should go all out and step up their efforts to catch these miscreants and do whatever is necessary to bring them to justice.

Sir B H-H has lost the plot. This is not the first time he has aired eccentric views but suggesting that victims of crime are to blame for their misfortune is not a great position for a police chief. His employment should be terminated without compensation.

Linda Arthur says:
1 May 2016

A comment which is probably not misjudged at all but deliberately encouraged by the BANKS THEMSELVES. It is large corporations and banks who dictate what happens in the world and this is just another example of reckless disregard for the well being of consumers.
An absolute disgrace but to be expected as we are becoming more and more controlled by the hidden powers behind the government.

Hogg Howes attitude illustrates a very serious trend among the police that seeks to blame victims for, what many may feel is the failure of the police to deter criminals.
It reinforces the need for far greater accountability, especially among senior police officers. Frankly, I don’t want people with this attitude anywhere the police.
Online fraud is a criminal offence . If the police are not capable of providing an effective deterrent perhaps another organisation should be given the task?

He also points to the need for all of us to behave responsibly. We cannot always expect someone else to protect us from ourselves.


” The privacy campaign group’s Safe in Police Hands? report details UK police force data breaches from June 2011 to December 2015, sourced from Freedom of Information requests.
More than 800 members of police staff accessed people’s personal information “without a policing purpose”, adding that data was “inappropriately shared” with third parties 877 times.
However, police took no disciplinary action in 55 per cent of all breaches, Big Brother Watch found, and just 11 per cent ended in a verbal or written warning.
The data led Big Brother Watch to question whether police should have access to people’s Internet Connection Records (ICRs), records of websites people visit, as proposed by the Investigatory Powers Bill.”

Not very reassuring as to the prosecution of offenders.