More than £1 billion is estimated to have been lost to bank transfer scams in just three years, according to Which?
The consumer group is calling for vital fraud protections when people are tricked into transferring money to a fraudster, to be made mandatory.
Which? analysed bank transfer fraud statistics since the start of 2017. The projected total lost since then, based on current trends, now stands at about £1.1 billion, according to the research.
A voluntary code to refund victims of authorised push payment (APP) scams was introduced in May 2019, but not all banks have signed up to it.
The code makes it easier for people tricked into authorising a bank transfer to a fraudster to get a refund, in situations where neither they, nor their bank, is to blame.
TSB has its own fraud refund guarantee, which means that if a customer is clearly the innocent victim of fraud on their TSB account, it will refund the money lost.
The bank released new figures, showing that since it launched its guarantee, TSB has reimbursed more than 99% of its APP cases where a customer claimed they had been tricked into sending a payment to a fraudulent account.
TSB said it had weeded out bogus claims, where claimants had been found to be complicit, while genuine fraud losses had been returned to victims.
Which? said the industry’s voluntary code should be made mandatory, alongside the introduction of “confirmation of payee” services that would enable people to check the name of the person they are paying.
Confirmation of payee ensures that a check is made on whether or not the name a customer enters when making a payment matches the account details it is being sent to.
It helps to stop fraudsters from posing as trusted organisations such as a bank or solicitor, and tricking people into making payments to them – but some banks could not confirm to Which? when they would implement it.
Which? estimates that about £320 million of losses to customers could have been prevented if confirmation of payee had been introduced at the start of 2017.
It is encouraging consumers to put pressure on their banks to sign up to both the code and confirmation of payee.
Gareth Shaw, head of money at Which? said: “It is vital for all banks to commit to basic name-check security, and the whole industry should sign up and follow through on the protections offered by the scams code.
“If the banks fall short of making these commitments themselves, these initiatives must be made mandatory by the Government.”
Chief executive of UK Finance Stephen Jones said: “The banking and payments industry is wholly committed to defending its customers from authorised push payment fraud and stopping stolen money going to criminals.
“The APP code, developed on a voluntary basis by the larger firms together with consumer groups, has established stronger customer protection standards and meant more victims are receiving compensation.
“However, a voluntary agreement alone is not enough and we share the view expressed by Which? that issues of liability and reimbursement would best be addressed by new legislation.
“Both the Government and regulators must also urgently consider how customer data breaches and vulnerabilities in other sectors such as telecoms and social media are facilitating fraud, as part of a holistic strategy to protect consumers from harm.
“While not currently mandatory under the code, confirmation of payee is a major technical change to digital payments and another important tool in the fight against fraud.
“It is one of a range of measures used by the industry to help combat fraud, which include investing millions in sophisticated security technology, working with law enforcement to prosecute the criminals responsible and raising awareness of scams through the take five to stop fraud campaign.”