Which? is calling for stronger protections for fraud victims after finding more than £700,000 is lost to bank transfer scams every day.
UK Finance figures show a total of £412.9m has been lost across 189,000 cases of Authorised Push Payment (APP) fraud since the introduction of a voluntary industry code on reimbursement in May 2019 and the end of 2020. This equates to £707,000 a day, £29,000 an hour, or £491 a minute.
It's now two years since the reimbursement code, which a number of high street banks helped to design, came into force. But the number of scams still taking place and the huge sums of money lost to fraud highlight how systemic issues with protections remain.
We're calling for better protections to ensure APP scam victims have a fair and consistent route to reimbursement.
The voluntary code is clear: if a customer isn't at fault, they should be reimbursed.
But Which?, as well as the Financial Ombudsman Service (FOS) and other consumer advocates, has repeatedly found banks are incorrectly deciding not to return their losses.
This includes cases where victims are subjected to highly sophisticated tactics used by fraudsters, or where banks haven't done an effective job of warning customers about the threat of being scammed.
Only 46% of losses have been reimbursed under the code, which means £225 million hasn't been returned to victims who are consequently left to shoulder net losses at a rate of £384,000 a day, £16,000 an hour or £267 a minute.
Official figures from the Lending Standards Board have also shown that banks signed up to the code hold victims fully or partially responsible for being scammed up to 77% of the time.
We believe this demonstrates how the existing approach to tacking bank transfer scams isn't sufficient.
The mounting evidence suggests some of the same banks that helped create the code are now choosing to interpret it to avoid reimbursing victims.
Decisions published by the FOS show that in some cases banks are setting unrealistic expectations on customers to spot and prevent fraud, or that warnings to customers about the threat of being scammed are not up to scratch.
A Bank of Scotland customer was left £27,000 out of pocket after falling victim to a sophisticated investment scam that involved making payments to a cloned company via telephone banking.
The firm denied reimbursement, but the Ombudsman upheld the customer's complaint after finding the bank missed 'three clear opportunities' to discuss the transfers before they were completed, and believed that the customer wouldn't have made the payments at all if provided with warnings.
A Bank of Scotland spokesperson told Which?: 'We review each case individually and while we expect customers to take reasonable care when making payments, we refunded Mr D in line with FOS' decision as we could have done more to spot the payments which were unusual for his account.'
The bank advises customers to check all details are genuine before investing large sums of money.
A HSBC customer was also denied full reimbursement after being scammed out of £548 when booking flights for his family through a fraudulent travel website.
The bank argued that the customer should only receive partial reimbursement, as while it acknowledged that it hadn't done enough to warn him about this type of scam, the customer should have done more checks to make sure the payee was genuine, such as checkingthe business on Companies House.
The FOS described this as 'a step many reasonable customers would not take', and decided that the firm should reimburse the customer in full.
HSBC said it can't comment on the individual case but told us protecting customers from fraud is a priority. It said it independently reviews every scam case in line with guidance set out in the CRM code and acts with empathy to ensure fair outcomes for customers.
We're calling for mandatory standards of consumer protection to be introduced to provide fairer and more consistent outcomes for people who have lost potentially life-changing sums of money.
The Payment Systems Regulator (PSR) must be able to effectively enforce these standards in order to stop firms unfairly pointing the finger at customers to avoid reimbursing their money.
The Treasury must also commit to giving the regulator whatever powers it needs to make this happen.
Greater transparency about how banks are handling cases of bank transfer fraud is needed too, so consumers can clearly see how their bank chooses to treat victims of crime and how they tackle cases of fraud.
We've contacted all major banks and building societies urging them to commit to publishing their reimbursement rates for bank transfer scams, setting them a deadline of today to respond, and will be revealing the responses shortly.
If firms decline to provide this information voluntarily then the regulator, as it has itself proposed, should force them to do so.
Gareth Shaw, Head of Money at Which? said: 'Despite huge sums being lost on a daily basis, low reimbursement rates based on inconsistent and unfair decisions by firms demonstrate how the voluntary code isn't providing the safeguards promised to victims of bank transfer scams.
'Two years on from the code's introduction, it is clear that the Payment Systems Regulator must now take decisive action to prevent the continued devastation caused by this type of fraud.
'It needs to introduce mandatory standards of consumer protection for all banks and payment providers, and require greater transparency from firms on how they are dealing with this crime.'
If you're the victim of an APP scam and your bank is signed up to the code, you can make a formal complaint asking for reimbursement.
Banks currently signed up to the code are:
TSB hasn't signed up to the code but promises to reimburse all victims of fraud under its 'Fraud Refund Guarantee', launched on 14 April 2019.
And if you've been told that your bank won't reimburse you following a scam, you can ask the Financial Ombudsman Service (FOS) to assess your complaint free of charge.