Many victims of bank transfer fraud are being treated unfairly or inconsistently when trying to get their money back, a new Which? report reveals, as it presses for the industry reimbursement scheme to be made mandatory.
The consumer champion found that some banks were regularly blaming customers for missing warnings or not doing enough to realise that they were being scammed, as reasons to deny people reimbursement.
The findings are revealed in a dossier of case studies that highlight the experiences of some of the 150 consumers who have been in contact with Which? since the code was introduced last year.
The code is based on the fundamental principle of fully reimbursing those who have lost money to criminals through no fault of their own. However, in many examples scrutinised by the consumer champion, firms were unfairly rejecting decisions that met this criteria, leaving people thousands of pounds out of pocket.
While Which? found some examples of good practice, it established several areas of concern relating to the way some banks were applying the rules. It believes these faults go some way to explain the woefully low figure for reimbursement under the code, which currently stands at just 41 per cent.
It found banks are relying far too heavily on their own judgements that customers ignored warnings, or have unreasonable expectations of the steps that customers should have taken to verify that the payment was legitimate, as reasons to deny customers the chance of getting their money back.
These denials occur even in instances of highly sophisticated scams where a fraudster was able to quote financial and personal details, or when criminals use manipulative tactics to pressure customers into making a transfer over days or even weeks.
For instance, a Lloyds Bank customer remains without £33,000 after falling victim to a number spoofing scam. The bank told her that it would not reimburse her because she did not take “sufficient steps” to verify that the communications were legitimate, despite not yet providing any explanation about what these steps should have been.
In another, Nationwide initially only offered partial reimbursement to a customer who was scammed out of £4,000 after his builder’s email account was hacked. This was despite the bank admitting that it had failed to provide adequate warnings to the customer before the payment was made – though it did eventually provide a full refund.
There are also concerns about how banks manage cases where a vulnerable customer has been scammed.
Which? heard from one customer who was defrauded out of £20,000 while undergoing extensive medical treatment. Santander initially refused reimbursement, on the basis that she confirmed that she had read the fraud message and was comfortable to continue with the payment.
This is despite the code providing a greater level of protection for customers who are identified as vulnerable, who should be reimbursed regardless of their actions. Santander returned the money after Which? asked it to review the case.
Following its analysis, Which? has set recommendations for improvement ahead of a review of the code by the Lending Standards Board, which is currently responsible for it.
The consumer champion believes that if firms are relying on using a customer’s response to warnings to reject reimbursement, then it must demonstrate that these warnings are actually successful at reducing the likelihood of a fraud succeeding.
These warnings should be subject to much more rigorous testing and customer feedback. It should consider how customers could be manipulated to ignore these alerts, and what changes can be made to the design and wording of warnings to make them more effective.
It also believes that firms need to take a more realistic approach when it comes to making reimbursement decisions based on whether the customer could have done more to verify whether a payment is legitimate.
This is particularly the case when a fraudster is able to spoof legitimate communications, as these practices can fundamentally change the circumstances under which victims are making judgements about who they are transferring money to. Which?’s view is that customers should be reimbursed in the vast majority of these cases.
Which? is also calling for the scams code to be made mandatory. As well as ensuring that all payment providers offer these protections, it would also help enable the requirements to be enforced effectively.
In addition, it wants all payment service providers to submit data on the number and level of bank transfer fraud and reimbursements.
Gareth Shaw, Head of Money at Which?, said:
“The scams code is a landmark milestone in the fight against fraud, but our analysis has found clear issues with how banks are meeting its core objective of reimbursing blameless people who have lost money through bank transfer scams.
“Even as this type of crime continues to surge, the lack of fairness, consistency or transparency across the industry means that the chances of people getting their money back is often a total lottery.
“A voluntary approach to tackling bank transfer fraud has failed. Banks, regulators and government must work together to make the code mandatory and ensure that strong standards on reimbursement are introduced.”