The consumer champion is calling for all banks to urgently reassure their customers that they will be better protected against fraudsters by signing up to the new voluntary industry code, which comes into effect next week (28th May).
While the code represents a significant step forward in the fight against bank transfer scams, Which? believes further critical steps are required to halt this worsening crime.
Three years on from Which?’s super-complaint, losses to bank transfer fraud are spiralling out of control, with £354m lost in the last year alone – most of it stolen from personal accounts.
This figure means that every month, £29.5 million is lost to bank transfer fraud; that equates to £970,685 per day, £40,445 per hour, £674 per minute and £11 per second.
Bank transfer scams can cost people their entire savings, with average losses to personal accounts of £2,920 – and Which? regularly hears from victims whose lives have been thrown into chaos by the loss of much smaller sums.
The new code is designed to give better protection against transfer fraud and to ensure all those who have lost money through no fault of their own are swiftly reimbursed.
Ahead of its launch, Which? has written to UK Finance demanding that the industry meets five tests that will determine the Code’s success. These are critical in ensuring progress towards the overall goal of finally halting bank transfer scams.
Which?’s five key tests:
- Banks must promise to protect their customers by signing up to the Code with the regulator pledging to conduct a one-year review on its effectiveness.
- The regulator must ensure all banks introduce vital name-check security (confirmation of payee) no later than its new deadline of March 2020. The latest delay will cost people an additional £109m in losses while they wait for this important measure.
- No blameless scam victim should ever be denied reimbursement again, and full refunds should be issued swiftly.
- Banks must show they are serious about protecting consumers by immediately agreeing a long-term funding solution for no blame refunds.
- Banks must publish victim and reimbursement figures on a regular basis to allow effective monitoring in the fight against transfer fraud.
Last year, just 23 percent of losses were returned, meaning countless victims were left out of pocket by these increasingly sophisticated scams – which often involved fraudsters posing convincingly as bank staff, lawyers and other legitimate businesses.
Which? is demanding an end to the dark days of victims struggling to get their money back, with the code now requiring signed-up banks to reimburse all blameless victims.
One bank recently went above and beyond the requirements set out in the code by offering a refund guarantee to all its customers who might fall victim. Which? wants to see other banks exploring whether this potentially game-changing approach should be adopted across the industry to ensure swift and fair reimbursement to all victims.
Which? believes the adoption of this code is a key first step towards putting an end to bank transfer fraud and will closely monitor the implementation of the code.
The consumer champion will not hesitate to demand intervention from the regulator if it fails to deliver for consumers.
Gareth Shaw, Head of Money, Which?, said “For too long, victims of bank transfer fraud have lost life-changing sums and subsequently faced a gruelling battle to get their money back.
“By adopting this code, banks must offer much greater protection to consumers, while quickly and fairly reimbursing those who are unfortunate enough to fall victim. Failure to do so will require swift intervention from the regulator- as these devastating scams can’t be allowed to derail lives any longer.”
Responding to Which?’s letter regarding the launch of the Authorised Push Payment Scam Voluntary Code (the Code), Stephen Jones, CEO, UK Finance, said “Protecting customers from the threat of scams and stopping money going to criminals are amongst the finance industry’s foremost priorities. Over the last year, the industry has been working in partnership with consumer groups, including Which?, to develop the Code which helps strengthen standards for customer protection and reimbursement. The new Code delivers a commitment from all firms who sign up to it to reimburse victims of authorised push payment scams in any scenario where the customer has met the minimum standards expected of them under the Code.
“It is vital that we get the right outcome for customers by ensuring that customers making payments are not penalised for the criminal actions of others even in circumstances where the payment services provider has done everything reasonably expected of it to protect the customer under the Code. This is why the industry has committed to provide initial funding from the implementation of the Code on May 28th until the end of 2019 to reimburse customers of signatory firms even in those situations where both the customer and their payment service provider meet the required standards set out in the Code, the so called “no blame” scenario.
“This initial “no blame” funding is intended to provide the necessary time for the industry to work with the regulators and government to deliver sustainable long-term funding for this reimbursement fund by January 2020. We hope the Payment Systems Regulator will do everything in its power to support the industry to ensure a long-term solution can be introduced, including using its regulatory powers if required, to ensure a sustainable “no blame” funding solution.
“Meanwhile, the industry will continue to fight fraud on every front to protect customers and prevent this kind of crime – investing in advanced security systems and new ways to track stolen funds, preparing for the roll out of “confirmation of payee” capability across payment systems, assisting law enforcement in tackling the criminals and supporting the government in improving how intelligence is shared.”
Tom Clementson, Director of Consumer and SMB at Shieldpay, said “Each minute that banks fail to take action on fraud, consumers are losing hundreds, and in some cases thousands, of pounds of their hard-earned money. These sums are life-changing and it is simply not good enough. The industry has to do more to protect consumers. While the voluntary code which commits banks to refund blameless victims of fraud is a welcome step forward, compensating victims is simply firefighting without tackling the source of the problem.”
“Fraudsters must be stopped in their tracks and consumers protected against transferring money into accounts which are held by scammers. Increasingly sophisticated technology – like Shieldpay – which verifies the identity of both sides in a transaction and hold the money securely until both sides agree they’re happy, can eliminate the risk of fraud. Only this way can we start to make a dent in the fraudsters pockets and prevent consumers become victims.”