Banks must prove their fraud warnings are up to scratch, says Which?

Banks are denying reimbursement to innocent victims of bank transfer fraud, despite many signing up to a new voluntary code, Which? claims.

The consumer group said banks must prove their fraud warnings are fit for purpose – and it has heard from several people claiming they have been denied reimbursement unfairly.

It also expressed concerns that banks are putting too much reliance on generic anti-fraud warnings which may not resonate with customers when they are transferring cash.

The concerns relate to authorised push payment (APP) fraud – which happens when people are tricked into transferring money to a criminal. People are often duped into believing they are acting on the instructions of a genuine organisation such as a bank, another type of business or the police.

Often, victims are put under pressure by fraudsters to act quickly so they do not have enough time to consider that it could be a scam.

Banks have not been obliged to refund victims in such situations, as the customer authorised the transfer – meaning victims have lost large amounts of money.

However, many banks did sign up to a voluntary code in 2019, which aims to make it easier for customers in “no blame” situations where neither they nor their bank is at fault to get their money back.

But Which? said it is seeing a “worrying trend” emerging of banks relying on fraud warnings to justify not refunding customers. It said this flies in the face of the voluntary code.

The consumer group said victims should not be arbitrarily turned down for reimbursement because they have “ignored warnings”.

Its consumer research found nearly half (49%) of people are not even aware that new fraud warnings had been introduced by banks.

Which? said it has worked with academics who said it was perfectly rational for customers to ignore generic information when conducting bank transfers.

It was also suggested that some warnings can come too late, as once people have already been targeted by scammers they typically commit to seeing the action through.

The consumer group said some banks give customers the option of hiding warnings, meaning they may not see them at all.

Which? said that while it supports fraud warnings, if a bank cannot prove its warnings are effective then the customer should not be deemed at fault.

It suggested that asking customers to tick a box to confirm they have understood the warning could prove more effective than warnings that take consent for granted – although this would still be a low bar for establishing consent.

In one case seen by Which? a woman lost nearly £33,000 after responding to a text about a “suspicious payment” which appeared to have come from Lloyds Bank.

She was persuaded by fraudsters to transfer her money to her money to a new account, in the belief that hers had been hijacked by criminals.

But Which? said that although Lloyds expressed sympathy it would not reimburse her on the grounds she did not take sufficient steps to verify the text or the person she spoke to were genuine, and that she authorised the payments despite receiving specific warnings stating that Lloyds would never ask a customer to move money to other banks.

Which? said that while the victim did notice an online warning about fraud, the criminal on the phone was able to quickly dismiss her concerns.

She said: “I saw the warning about Lloyds never asking me to move money into a safe account and flagged this over the phone. They assured me that these were not ‘safe’ accounts but ‘new’ accounts.”

Which? has advised the woman to contact the Financial Ombudsman Service.

Lloyds said it fully investigates the individual circumstances of all fraud cases, and any decision not to refund will never be taken lightly.

The bank said it has supported the voluntary code from the outset and it designs its warnings carefully.

In certain circumstances, a warning may be triggered to Lloyds’ customers on screen, before payments are made, which reads: “Fraudsters sometimes pretend to be from the bank.

“They ask people to make payments like yours. Remember, we’ll never ask you to move money into a ‘safe’ account. If someone asks you to do this, it isn’t us, even if it looks like they’re calling from one of our numbers.”

Lloyds said it is important to remember that banks or the police will never ask people to transfer money to a different account for security reasons.

If a customer has any suspicions about activity on their account or a message or cold call, they should terminate the call and call their bank on the number on the back of their bank card.

Several banks have not yet signed up to the voluntary reimbursement code.

TSB has its own fraud refund guarantee, which it launched in 2019.

Jenny Ross, Which? Money editor, said: “People are losing life-changing sums of money every day to devastating bank transfer fraud – so it’s shocking that some current account providers still haven’t signed up to offer their customers vital protections.

“All banks must prove that their online warnings are up to scratch – especially if they are denying victims reimbursement, as we’ve seen in some cases.”

A UK Finance spokesman said: “The authorised push payment (APP) scams voluntary code, developed in conjunction with consumer groups including Which?, delivers significantly increased levels of protection for customers. All firms that have signed up to the code have committed to reimbursing any customers who fall victim to an APP scam, provided they have met certain standards.

“We are keen to ensure the code is as effective as possible in preventing scams and protecting consumers and continue to work closely with the Lending Standards Board to achieve this.

“The payment service providers which have already signed up to the code represent over 85% of authorised push payments and the Lending Standards Board is actively working with a number of others in preparation for them to join.”