Victims who have lost thousands of pounds by transferring money to a fraudster since 2016 should be paid back by their bank, a damning report published by an influential committee of MPs has claimed.
More than £500m has been lost to bank transfer scams – technically known as ‘authorised push payment’ fraud – since 2017. This is where you are tricked into sending money to a criminal’s bank account.
In May 2019, a new voluntary code of conduct was introduced that could help reimburse victims of this crime, but only if their bank had signed up and you had lost money after the code was introduced. A dozen major banks are still to sign up to the code.
But a new report published by the Treasury Select Committee has called for banks to compensate victims dating back to 2016 when Which? launched a legal challenge to regulators to tackle this crime.
It has also called for the reimbursement code to be mandatory, meaning that all bank customers benefit from protection from this kind of scam, and banks who don’t introduce technology to match names and bank account details should be fined.
How does bank transfer fraud work?
In the past, scammers have posed as your bank, your solicitor or official bodies such as HMRC, using sophisticated methods of impersonation – ‘spoofing’ the genuine contact details of these organisations.
Another common method used by fraudsters involves posing as your bank and contacting you to tell your account has been ‘compromised’, and to transfer your savings to an account set up by the fraudster, which they have told you is safe.
Claiming for fraud compensation
In May 2019, a voluntary code of conduct was introduced to give customers more protection from bank transfer fraud. So far, just over half of the UK’s banks have signed up to it.
The code requires banks, building societies and other payment providers to do more to protect customers from scams or, if they fail to do so, to reimburse victims.
Banks will need to take steps to detect payments that might involve scams, provide clear warnings to customers about the risks of bank transfers, and identify potentially vulnerable customers. They must also freeze or delay payments that they think might have come about from scams.
If either the bank that sends the funds or the one that receives them fails to meet these standards, it must reimburse you for the money you have lost. If neither you nor the bank was at fault, you will still be reimbursed from a bank-funded compensation fund.
Call for retrospective compensation
The Treasury Committee found that victims who’d been scammed prior to the code’s introduction could not be reimbursed, as retrospective compensation would have been a barrier to getting banks to sign up to a voluntary agreement.
However, the report states that banks have known about this issue since 2016, when Which? launched its complaint, and that banks had failed on its duty to protect its customers by not introducing technology to prevent this type of scam.
It urged banks to reconsider refusal to reimburse earlier victims of bank transfer fraud – particularly those who were vulnerable to scams.
Who has signed up to the code?
By current estimates, around 85% of bank transfers are processed by signatories to the code. You can find out if your bank has signed up by searching the table below:
When we last contacted banks in August 2019, 12 had not yet signed up, potentially leaving millions of customers unprotected.
Of these, nine said they were working towards becoming signatories, namely:
- Bank of Ireland
- Clydesdale Bank
- Post Office Money
- Tesco Bank
- Co-operative Bank
- Virgin Money
- Yorkshire Bank
A further three – Danske Bank, First Trust Bank and N26 – told us they were still assessing what becoming a signatory involves.
TSB, meanwhile, has actually gone beyond the requirements of the code by committing to compensate any blameless customer that falls victim to a scam.
The Committee report called on the code to be compulsory for all payment services providers, but that this would need to be done through legislation. So the ball is back in the court of MPs to force firms to join the code.
- Find out more: bank transfer victims to get refunds from May 2019
New scheme to warn customers of fraud risk
The code also requires banks to introduce new technology to warn customers about fraud.
This technology is called Confirmation of Payee and it has a very simple meaning: your bank will need to tell you if the name you’ve entered for the account you’re paying matches the account holder.
Banks were originally meant to implement this technology by July 2019, but this has now been delayed. Only the six biggest banks – Barclays, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander – are required to have Confirmation of Payee in place, but by March 2020. TSB will also implement this technology.
The panel of MPs were not satisfied with the delays. It said that the Payment Systems Regulator, the watchdog that oversees the payments industry, should fine firms if they miss the deadline.
It also said that firms should consider introducing a mandatory 24-hour delay on first-time payments (when you’re sending money to someone for the first time) as a way of reducing fraud, especially when people are being pressured by scammers to transfer money urgently.
- Find out more: vital bank security check delayed until 2020