Reimbursement lottery for bank transfer scam victims must end, says Which?

People who are tricked into transferring money to a fraudster should have similar protections to crime victims whose money is stolen from their bank account without their knowledge, according to Which?

The consumer group argued that the way banks apply a voluntary reimbursement code when people are tricked into making an authorised bank transfer to a fraudster is “riddled with chronic problems”, and victims are not getting the safeguards they need.

Which? said the Payment Systems Regulator (PSR) should be given new powers to make it mandatory for all firms to reimburse customers who have acted appropriately.

It said this would mean standards of protections would be similar to unauthorised fraud, such as when someone loses money after their identity is stolen, where there are clear expectations on when customers should get their money back.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

Fraud victims whose money has been moved from their bank account without their knowledge can generally expect to be reimbursed unless they have acted in a very negligent way.

Which? argued: “This would abolish the reimbursement lottery that leaves a victim’s chances of getting their money back dependent on where they bank.”

Which? said more than £700,000 is being lost to bank transfer scams every day, but less than half of the money lost to this type of crime is currently returned to victims, with banks routinely blaming customers for falling for what can be highly sophisticated crimes.

The consumer group said nearly three-quarters of complaints about how banks treat victims of authorised payment fraud are upheld.

Which? said that, in one instance dealt with by the Financial Ombudsman Service (FOS), a Nationwide customer was initially denied reimbursement for £53,500 after failing to spot a fraudster had changed one digit of a solicitor’s email address and tricked them into sending money to their account.

The FOS said it was not realistic for firms to expect customers to look out for such discrepancies. An “i” rather than an “l” had cost tens of thousands of pounds.

In another, a Santander customer was denied reimbursement for £2,299 after booking flights on the premise that he was booking through a travel company.

A fraudster had provided convincing fake documents, to the extent that the FOS said it was reasonable for the customer to believe he was dealing with a legitimate operator.

Which? also believes greater transparency about how firms are handling cases of bank transfer fraud is needed.

Gareth Shaw, head of money at Which?, said the PSR must “take matters into its own hands by writing the new rules, making it mandatory for all firms to reimburse victims when they are not at fault”.

A spokesman for the PSR said: “We published a number of proposals at the beginning of this year to make sure victims of APP (authorised push payment) scams are fully protected.

“One option was to make it mandatory within payment system rules that victims who have acted appropriately will be reimbursed.

“The other option we have been exploring involved developing and enhancing the current CRM (contingent reimbursement model) code which would be approved by the PSR to make sure the right outcomes were delivered to victims.

“This will require development by industry and other groups to get right. We are working with Government to address the gaps we see in our powers which will help us address the issues around a lack of mandatory protection.

“We are reviewing the feedback to the proposals we had suggested and will consult on any proposed course of action in September.”

Katy Worobec, managing director of economic crime at UK Finance, said: “Fraud has a devastating emotional impact on victims and the money stolen goes on to fund serious organised crime, so the banking industry’s primary focus is on stopping these scams happening in the first place.

“A total of £182 million has been reimbursed to thousands of customers since the authorised push payment voluntary code was introduced in May 2019.

“However, we agree that more needs to be done and we firmly believe that a regulated code, backed by legislation, is the most effective answer so that consumer protections apply consistently across the banking industry.

“At the same time, it’s vital that the Government and regulators acknowledge how vulnerabilities in other sectors such as telecoms and online platforms are facilitating these crimes and consider an overall strategy to protect consumers from fraud.”