Bank transfer scam victims face refund lottery, says Which?

Fraud victims face a “lottery” over whether they will get their money back under a voluntary scams code, according to Which?

The consumer group said victims of authorised push payment (APP) fraud are being treated unfairly or inconsistently by banks and building societies when trying to get their money back – leaving some people thousands of pounds out of pocket.

A voluntary industry reimbursement scheme was set up in 2019 to make it easier for innocent victims who are tricked into transferring money directly to a fraudster to get a refund, in cases where neither they nor their bank is to blame.

Before the scheme was set up, many scam victims were losing money for good. Their bank was not obliged to refund them, as the customer had authorised the transfer.

But Which? said there are issues with the scams code, and it also wants the industry reimbursement scheme to be made mandatory.

It claimed that some banks’ narrow interpretation of the code means they are regularly blaming customers for missing warnings or not doing enough to realise that they were being scammed, as reasons to deny people reimbursement.

This is despite the sophisticated nature of many scams, where criminals pose as legitimate organisations such as banks, businesses, government organisations and the police, and manipulate and pressurise people into transferring money.

Gareth Shaw, head of money at Which?, said: “The lack of fairness, consistency or transparency across the industry means that the chances of people getting their money back is often a total lottery.

“A voluntary approach to tackling bank transfer fraud has failed. Banks, regulators and Government must work together to make the code mandatory and ensure that strong standards on reimbursement are introduced.”

Which? has compiled a dossier of cases and said its concerns go some way to explain the “woefully low” figure for reimbursement under the code, which currently stands at just 41%.

Giving examples of cases it has seen, Which? said a Lloyds Bank customer remains without £33,000 after a number spoofing scam.

Number spoofing is where a criminal manipulates an incoming phone number to make it appear to be from someone else.

Lloyds Bank said the customer did not take “sufficient steps” to verify that the communications were legitimate.

A spokeswoman for Lloyds Bank said: “We have been active supporters of the voluntary APP code since day one to help prevent fraud from happening in the first place and helping keep people’s money safe is a joint effort between the banks, the industry and all of us.

“It’s crucial to stay safe from scammers by taking steps to verify the identity of any cold caller because fraudsters can spoof the number displayed on your phone and keep the line open when you think you’ve hung up. Your bank will never ask you to move money from your account and if you are asked to do this then it’s definitely a scam.”

In another case, Nationwide Building Society initially offered partial reimbursement to a customer who was scammed out of £4,000 after his builder’s email account was hacked. It eventually provided a full refund.

Nationwide said: “On review of this case, we became aware that the member was able to amend the existing payee details and, as such, didn’t receive the tailored warning required under the CRM (contingent reimbursement model – the bank transfer scams code), so we took the decision to refund our member in full.”

There are also concerns about vulnerable customers, who should have greater protections under the code.

Which? heard from one customer who was defrauded out of £20,000 while undergoing extensive medical treatment.

Santander initially refused reimbursement, on the basis that the woman had confirmed she had read fraud messaging, but returned the money after Which? asked it to review the case.

Santander said: “In light of the new information that was shared about her medical condition, we have refunded her the full amount that was taken from her account.”

Which? believes that if banks are relying on using a customer’s response to warnings as a basis to reject reimbursement, they must show that these warnings are successful in reducing the likelihood of a fraud succeeding.

It said banks should consider how customers are manipulated to ignore alerts.

Which? said firms should be more realistic when considering whether customers could have done more to verify people’s identity – particularly when criminals spoof phone numbers.

The consumer group believes customers should be reimbursed in the vast majority of such cases.

Katy Worobec, managing director of economic crime at UK Finance, said: “We agree that a voluntary agreement alone is not enough, and new legislation is required to address issues of liability and reimbursement. With criminal gangs continuing to target customers, the Government and regulators should consider as a priority how data breaches and vulnerabilities in other sectors such as telecoms and social media are facilitating these crimes, as part of an overall strategy to protect consumers from harm.

“Importantly, the banking and payments industry continues to take action on all fronts to stop these crimes from occurring in the first place, working with law enforcement and the Government to protect customers and prevent stolen money from going to criminals.

“We also urge the public to remain vigilant against criminals seeking to take advantage of the Covid-19 outbreak, and to follow the advice of the Take Five to Stop Fraud campaign. Always stop and think before ever parting with your money or information in case it’s a scam.”

A spokeswoman for the Lending Standards Board, which is responsible for the governance of the code, said: “We launched a consultation last month that will fully assess the effectiveness of the code and its impact to date, and responses may be used to inform revisions if needed.

“We remain committed to actively working with the industry, stakeholders and consumer groups to ensure fair outcomes for consumers that fall victim to a scam.”