Many victims of bank transfer fraud are being treated unfairly or inconsistently when trying to get their money back, according to the consumer advice group Which? It’s calling for the industry reimbursement scheme to be made mandatory.
The consumer campaign group found that some banks were regularly blaming customers for missing warnings or not doing enough to realise that they were being scammed, as reasons to deny people reimbursement. Some 150 consumers have been in contact with Which? since the code was introduced last year. The code is based on the principle of fully reimbursing those who have lost money to criminals through no fault of their own. However, in many examples seen by Which?, firms were unfairly rejecting decisions that met this criteria, leaving people thousands of pounds out of pocket, it says.
While Which? found some examples of good practice, it says banks are relying far too heavily on their own judgements that customers ignored warnings, or have unreasonable expectations of the steps that customers should have taken to verify that the payment was legitimate, as reasons to deny customers the chance of getting their money back. These denials occur even in instances of highly sophisticated scams where a fraudster was able to quote financial and personal details, or when criminals use manipulative tactics to pressure customers into making a transfer over days or even weeks.
For instance, a Lloyds Bank customer remains without £33,000 after falling victim to a number spoofing scam. The bank told her that it would not reimburse her because she did not take “sufficient steps” to verify that the communications were legitimate, despite not yet providing any explanation about what these steps should have been. In another, Nationwide initially only offered partial reimbursement to a customer who was scammed out of £4,000 after his builder’s email account was hacked. This was despite the bank admitting that it had failed to provide adequate warnings to the customer before the payment was made – though it did eventually provide a full refund.
Gareth Shaw, Head of Money at Which?, said: “The scams code is a landmark milestone in the fight against fraud, but our analysis has found clear issues with how banks are meeting its core objective of reimbursing blameless people who have lost money through bank transfer scams. Even as this type of crime continues to surge, the lack of fairness, consistency or transparency across the industry means that the chances of people getting their money back is often a total lottery.
“A voluntary approach to tackling bank transfer fraud has failed. Banks, regulators and government must work together to make the code mandatory and ensure that strong standards on reimbursement are introduced.”
Comment
Carl Wearn, Head of e-crime at cyber firm Mimecast, says: “It’s important that individuals remain vigilant to the growing threat of cybercriminals, who will use any deceptive means within their arsenal to leave victims out of pocket. The majority of online scams rely on some form of human error, as it is far easier to compromise a single user than a whole system. Threat actors know this well and are continuing to exploit the human factor by tailoring scams to global events such as the current coronavirus pandemic to create a sense of urgency from victims.
“Often such attacks comes in the form of impersonation attacks, whereby cybercriminals uses sophisticated social engineering tactics to dupe victims into transferring funds to what they believe to be a trusted individual or company. These emails will almost always be time-sensitive, confidential matter that requires prompt payment be made to a customer’s, businesses. partner’s or supply chain partner’s bank account.”
