Online Security: Which? files supercomplaint against banks over transfer fraud



Banks may face formal inquiry into whether they can refuse to reimburse victims conned into transferring money into fraudsters’ accounts

 

UK banks should do more to protect customers tricked into transferring money to fraudsters, according to a consumer body that has lodged a “supercomplaint” with financial regulators. The move by Which? means banks could now face a formal investigation into whether they can continue refusing to reimburse victims.

 

The organisation submitted its first supercomplaint this year in the same week that official data revealed that fraud in the UK payments industry had soared by 53% as criminals develop increasingly sophisticated tactics to steal bank customers’ cash.

 

Which? said banks should “shoulder more responsibility” when someone is conned into transferring money to another person’s account, just as they reimburse customers who lose money due to scams involving debit and credit cards or fraudulent account activity.

 

Some customers have lost considerable sums. In March this year the Guardian featured the case of Sarah and David Fisher, who were conned out of £25,000 after a fraudster posed as their builder and emailed them a fake invoice that was virtually identical to the one they were expecting.

 

The explosion in online and mobile banking means UK consumers now make more than 70m bank transfers a month, compared with just over 100m in a whole year just a decade ago. Which? claims that “protections have not kept up”.

 

Using its legal powers, the organisation has submitted a supercomplaint to the Payment Systems Regulator, the watchdog for the UK’s £75tn payment systems industry, which must now respond within 90 days.

 

There are many financial frauds that directly target customers, such as phishing emails and phone- and text-based scams. However, among the biggest growth areas are impersonation and deception scams where fraudsters hack into someone’s email account and then pose as the builder, solicitor, landscape gardener or other tradesperson that the consumer has legitimately employed. Typically, the victim receives an invoice via email, which does not rouse suspicion because they were expecting it. It looks authentic and is usually for the correct amount – however, unbeknown to the consumer, the bank account number and sort code have been changed to those of the fraudster.

 

This is what happened to the Fishers, from north-west London. Last October they received a genuine invoice for building work that was being carried out, then what appeared to be a follow-up email from the same firm with a fresh invoice attached that included “our new banking details”. The couple duly paid the requested £25,000, and while it quickly emerged they had been scammed, by the time the bank that operated the account used to accept their money was alerted, the cash had been withdrawn.

 

Almost a year after the incident, they have yet to recover a penny of their money. Sarah Fisher, a record label manager, told the Guardian this week that the police had identified the fraudster as someone living in Denmark. As a result, the case was “not being progressed” and had effectively come to a halt.

 

She added: “We took it to the financial ombudsman, who said that Barclays [which operated the account] had not behaved improperly.” However, she said their MP, Tulip Siddiq, had said the case raised important issues and intended to pursue the matter in parliament.

 

Victims conned in this way currently have no legal right to get their money back from their bank, said Which?. Banks typically refuse to refund customers on the basis that they made the payment voluntarily. However, Which? said: “Consumers can only protect themselves so far. People cannot be expected to detect complex scams pressuring them to transfer money immediately, or lookalike bills from their solicitor or builder.”

 

The organisation said banks had invested in security systems to detect and prevent fraud where they were liable to reimburse the victim, but added: “There aren’t sufficient checks if someone is tricked into transferring money directly to another person’s account.”

 

Which? said it wanted the regulators to formally investigate the scale of bank transfer fraud and how much it was costing consumers, and propose new measures and greater liability for banks to ensure consumers are better protected.

 

The Payment Systems Regulator confirmed that it had received the supercomplaint and said it would examine the evidence Which? had supplied and gather its own, “to build a clearer picture of the issue and decide a course of action”.

 

Possible outcomes might include regulatory action, a review or a referral of the complaint to another body.