New protection for individuals tricked into transferring money to fraudsters has now taken effect – but not all banks are signed up to the scheme.
Some 84,000 bank customers lost money – sometimes tens of thousands of pounds – last year after being caught out.
Only a fraction of the amounts lost was refunded by banks. Now a new code should mean more will be reimbursed.
The refund will come from a central pot in cases when neither the bank nor the customer are to blame.
How are people tricked?
Fraudsters have shifted much of their attention from trying to crack bank systems to trying to con individuals.
This may involve impersonating someone, such as a homebuyer’s solicitor or a builder, whom the individual was expecting to pay. In other cases they may be selling non-existent goods online.
Some of the more elaborate frauds see the con-artists using social media and other avenues such as data breaches to gather information about their victim, making it more likely that potential victims believe they are genuine.
In all these cases, the individual authorises the payment. Banks have often refused to refund these frauds as a result.
‘How I lost, then regained, a life-changing sum’
Alex Luke was scammed by thieves using a sophisticated con in December 2016. It took criminals less than 24 hours, using 33 fraudulent payments, to empty her account of about £180,000.
Having started a small business in 2008, she had managed to save up the money as a nest egg which she had planned to use for her and her children’s futures.
But thieves tricked her into believing they were calling from BT before persuading her to hand over sensitive security details to gain access to her account.
Although £63,000 was traced and returned to Alex in the following weeks, it still left about £118,000 unaccounted for. Her bank, Santander, refused to refund the money.
But after two years, she won her case with the Financial Ombudsman Service and the bank refunded the rest.
“It [getting the refund] has brought back some of the negative memories I’ve got, but I’m so utterly delighted and grateful. I’m a different person,” she said.
How will the new code work?
People who realise they have been caught out in these “authorised push payment” scams should report the fraud to their bank immediately as normal.
From now, payment providers – primarily banks – that are signed up to the voluntary code will have a new set of criteria to judge whether the customer should get the money back.
Previously, banks only tended to reimburse people if there was an obvious fault in the way the payment was handled by the bank. Some £354m was lost in this fraud to individuals and businesses last year, but only £83m was refunded.
Now anyone who has taken reasonable care, or has any element of vulnerability, is much more likely to receive a refund of the lost money.
The financial institutions involved will contribute to a pot, which they can draw on to refund people when neither the individual nor the bank is to blame. A long-term funding solution for this should be agreed by the start of next year.
A decision on whether someone is refunded should be taken within three weeks, or within seven weeks for complicated cases. Disputed cases that go to the Financial Ombudsman Service will take much longer to resolve.
What are the pitfalls?
Anyone who has already been a victim of such a fraud cannot ask for their case to be reconsidered under the new rules.
A victim who has been “grossly negligent” will not be reimbursed.
Significantly, not all banks are signed up to the code. Banks such as Co-op and Virgin, which were not involved in drawing up the rules, said they could only sign up in the future. The Payment Systems Regulator has also ruled that the code should be voluntary, rather than mandatory.
Moreover, one bank – TSB – has broken ranks in announcing a guarantee that it would automatically refund all “innocent” customers who have been defrauded.
Other banks have suggested that a blanket refund policy would simply encourage fraudsters to try their luck.
A separate scheme to ensure a recipient’s name is as important as the bank account number and sort code when payments are made – designed to cut out much of this kind of fraud – has also been delayed until the end of March next year.