10 scam-busting tips that your bank won’t tell you about
I’m regularly asked why so many scams succeed and how to stay safe. Here’s the backdoor guide to tips your bank will never tell you.
1. Internet banking is riddled with traps.
Banks’ scam tips forget to mention that their system won’t check an account name and number-match it when you make a payment.
It’s one of the loopholes which makes authorised payment fraud a success, and yet it’s entirely missing from their safety tips.
2. Even when fraud is unauthorised (you didn’t make the payment), banks may still try to blame you.
They’ll attempt it even when their systems or decisions are deficient. In a case I saw recently,
ANZ decided not to immediately block a cluster of high-risk payments. One was to a Lithuanian crypto-exchange in US dollars, plus two shopping payments in pounds. Instead, the bank released three authorisation codes via text, then called the customer and said they’d flagged some unusual payments.
But they were too late. The criminal had beaten them, by impersonating the bank’s fraud department. The scammer called the customer, who gave them a code after being told it was needed to cancel the transaction.
ANZ texts fail to tell customers not to reveal codes to “staff”. Yet they’ve held her liable and offered only a 50% goodwill payment (I’ve asked them to review that case).
3. Bank messages are weak and don’t explain the risks adequately.
In New Zealand, if you receive a bank code you didn’t request, ANZ says, “If this is not yours, please call 0800 269 296”.
In the UK, Barclays says in capital letters “DON’T SHARE THE CODE WITH ANYONE. We’ll never ask you for it – no legitimate company will. Not expecting this? Contact us."
What a world of difference.
4. Always hang up and call a bank back.
Why is this never in the scam tips? If someone phones from your bank, they might be real, but don’t risk it. Bank impersonation scams are rife.
5. Investment fraud education is a bungle.
These frauds are successful for two reasons.
A bank doesn’t check that an account number and name match (see 1), allowing money mule accounts to receive funds, undetected.
Secondly, there’s no complete register of verified accounts used by financial services providers. That means payments for investments go to rogue accounts without bank software ensuring that only legitimate brokers, custodians, platforms and registry services are paid. There are no warnings.
6. Banks give scam tips that aren’t up to date.
A recent ASB example tells us investment scammers make cold calls and will try to rush you. Current methods are the opposite.
Scammers use professional-looking websites to generate enquiries for those wanting low-risk investments, and never rush people.
The process is flawless, with staff, local phone numbers, fully branded documents and an online portal where your investment balance appears.
7. To make a big payment, go to a branch or use the call centre.
Don’t use internet banking, because banks don’t monitor payments, or the information in reference fields, to look for signs of scams.
The Banking Ombudsman has told victims of fraud there are no laws or codes to hold banks’ systems to account. It’s perverse when the entire banking model is online. Staff can’t ignore the hallmarks of a scam, but the ombudsman has failed to pivot the rule into the 21st century, to include electronic payments.
Tell staff exactly who you are paying and what the payment is for. If you’re worried, voice your concerns.
8. Be wary of the FMA scam website.
Many victims are caught out well before a warning is issued by the Financial Markets Authority. The system is also glitchy – typing “Citibank” or “Citi bank” can affect if a scam shows up.
There’s missing information, too. The warning might say “PTWealthManagement. com” is a scam, but they’ll forget to tell you the scam offer was for government bonds, SBS bank bonds and Westpac bonds. That’s quite crucial info if you’ve searched the FMA search on the investment itself.
9. Never believe the account number on a new invoice.
Malware on a home or business computer occurs, and criminals can change incoming emails, altering the account number and even noting that it’s changed recently. Ring any new payee and confirm their account number.
10. Don’t use an auto-generated password.
Even though we’ve been trained to use long, complex passwords, generated and saved by our device, they’re a breach of bank terms and conditions. If your device is compromised, leading to fraud, the password trap will make you liable. But don’t expect your bank to block these or warn you on the log-in screen. It’s only in the fine print.
Finally, some transactions that go wrong must be rectified by a bank. If you paid by card, and goods didn’t arrive from overseas, or they were faulty and you’re struggling to get your money back, don’t resign yourself to thinking you got scammed and weren’t dealing with someone legitimate. You qualify for a chargeback on your card.
Janine Starks is the author of moneytips. nz and a financial commentator with expertise in banking, personal finance and funds management. She can be contacted at moneytips.nz@gmail.com. Readers should always seek specific independent financial advice appropriate to their own circumstances.