Santander fobs off fraud victims in just 24 HOURS
...as we expose loopholes that may explain why so many of the bank’s customers are being hit
FRAUD victims who have lost their life savings are being fobbed off by Santander in as little as 24 hours, Money Mail can reveal.
Customers who have lost thousands of pounds in sophisticated scams are being sent carbon-copy letters by the bank rejecting their requests for a refund.
The documents all bear the same signature and use similar sentences to blame the customer for allowing a crook to get at their money. Some are identical apart from a few words.
Nearly all of the letters seen by Money Mail fail to explain how customers — many of whom are traumatised — can complain, or point out that they can take their cases to the financial ombudsman, which settles disputes between banks and their customers.
The City watchdog usually forces banks to spell out these rights when they dismiss customers’ gripes.
But Santander says that these rules don’t apply in these cases because customers are making ‘claims’ rather than ‘complaints’.
Our findings call into question whether Santander is carrying out full investigations into fraud cases before sending rejection letters.
We have alerted the City watchdog and provided evidence from our readers.
Two weeks ago, Money Mail raised serious concerns about fraud being committed on Santander accounts and sent a dossier of cases to the Financial Conduct Authority.
Since then we have been deluged with emails, letters and calls from victims who have wept as they’ve described how they were duped.
In another set of major developments, we can also reveal:
A lOOphOle in Santander’s text message security system for online payments means criminals can steal thousands of pounds without the customer being warned about how much cash is leaving their account.
The bank is embroiled in numerous disputes with customers who say they never saw or received vital codes that fraudsters supposedly used to raid their account.
VICTIMS as old as 88, one of whom cares for a husband with dementia, are being left without refunds even though Santander says it takes vulnerability into account.
The bank has been forced to change the alerts on its online banking payment pages to warn customers about the scams.
Around £2 million a day is being lost to banking fraudsters, latest figures show. While all banks are being targeted, Money Mail has seen a surge in complaints about the way Santander treats victims.
HOW THE CONMEN TRICK CUSTOMERS
TypICAlly, customers are coldcalled by a fraudster or sent a text message warning about fraud on their bank account and told to call a phone number.
On the phone, a confidence trickster then lures the customers into logging into their online banking or divulging information allowing them to do so.
The con artists pretend to work for reputable firms such as BT, Microsoft — and even Santander’s antifraud department.
The crook hacks into the customer’s computer or dupes them into allowing remote access to their pC.
Fraudsters then need just a single text message code to siphon off thousands of pounds in dozens of bank transfers.
To pay someone for the first time, Santander asks customers to generate a so- called One Time passcode (OTp) text message to their mobile phone. you enter this code into your online banking page to sign off the payment.
The text message gives details of the amount being transferred and the last four digits of the account number it’s going to. From then on, you don’t need a One Time passcode to pay that person.
Some customers are being tricked into handing these codes to criminals over the phone. But a loophole
means crooks can get money without customers receiving a warning text saying how much cash they’re pinching. When you log into a Santander account you can also click ‘amend payee’. This enables you to change the sort code and account number of someone you have paid before. If a criminal does this, a One Time Passcode is sent to the mobile phone registered on the account. It says ‘This OTP is to AMEND A PAYEE on a payment. Don’t share this code with anyone. Call us immediately if you didn’t request this’ and gives the eight-digit code. if the crook obtains this code they can steal money without raising suspicion. The customer may only realise days later that money has left their account — by which time it could have disappeared to accounts in the UK or abroad. Money Mail was able to transfer £1 out of a Santander account to someone who had never been paid before without the customer receiving any notification that a payment had been made.
No other major bank allows you to change the account number and sort code of an existing payee like this.
Richard Emery, a fraud expert at consultancy 4Keys, says Santander’s fraud monitoring systems are less likely to pick up this scam.
‘This is a fundamental flaw,’ he adds. ‘ Santander is leaving the stable doors open to fraudsters.’
Santander says there is the ‘same level of security’ in amending a payee as setting up a new payee’.
It says: ‘We remain confident in our security systems and processes, which undergo robust testing before being introduced to our customers.’
In February, Santander put a new warning on customers’ online accounts. They must now tick a box when setting up a new payment, confirming they understand you should ‘never allow anyone remote access to your computer following a cold call’, ‘ never give out your personal or full security details to anyone (including One Time Passcodes)’, ‘ never transfer money out of your account if asked to do so for security reasons’ and ‘never pay money to a new account without first independently validating the details’.
NO REFUNDS FOR STEALTH SCAMS
MOTHER-TO-BE Claire Pearson, 38, from Surrey, lost almost all of the £71,700 inheritance she’d received from her late father.
Claire was about to put down a deposit on a house in February when she received a text message saying her debit card had been used for a large payment she didn’t recognise.
The message appeared to come from the same number as legitimate Santander texts.
She immediately called the ‘fraud prevention’ number in the text message and was persuaded to part with security details.
but as Claire set off to buy a pram, doubts started to creep in and she called the number on the back of her bank card.
While waiting on hold, she checked her mobile banking app and saw money draining out of her account.
‘I was screaming at my phone as I watched the balance of my account fall and fall,’ says Claire. ‘It was the longest five minutes of my life — and
REJECTION LETTERS THAT ARE IDENTICAL
TERRY and Cecilia Allen lost their £3,200 holiday fund for a muchneeded break to Spain in May after their son and daughter both died of cancer.
In March, Terry, a 75- year- old retired engineer, received a text message, which appeared to be from Santander, asking him to confirm a transaction on his account for an Uber taxi in London.
The couple, who live in basingstoke, hampshire, hadn’t visited the capital, so Terry replied with an ‘N’ for no. A further text message asked him to reply with the ‘One Time Passcode’ that he’d receive.
Terry says this is the only code he divulged.
‘ When I told Santander they blamed me straight away,’ says Terry. ‘The man I spoke to in the fraud team showed no sympathy.
‘I worked hard for 46 years and put money away for little luxuries such as holidays. We’d been trying to get back on our feet, then this happens.’
The rejection letter sent to Terry, and seen by Money Mail, reads: ‘We have fully investigated your fraud claim and the circumstances surrounding the transactions.
‘The disputed payments have been authorised via our One Time Passcode service.
‘Text messages where [sic] sent to your registered mobile phone number containing a password. These passwords have been entered correctly into online banking to authorise the disputed transfers. For this reason, we cannot consider any reimbursement to your account.’
It gives no details of how Terry can complain or his right to approach the ombudsman.
Santander has recovered £800, which was paid into Terry’s account without any notification.
Debra Evans, who was featured in Money Mail two weeks ago, received the same rejection letter within 24 hours of her case being registered.
The only difference was that there was no spelling mistake and it referred to only one bank transfer.
The letter from Santander bears the same squiggled signature as all the other fraud claim rejections Money Mail has seen.
Debra 55, from Jarrow, Tyne & Wear, was scammed out of her £1,960 inheritance from her father.
Debra had told Santander that the scammer already knew her account number and details of payment dates, amounts and times.
Regarding its virtually identikit letters, Santander says: ‘We will often use approved language and will be consistent where we identify the same root cause for the same underlying issue.’
ELDERLY BLAMED FOR HONEST ERRORS
SOME of the victims who have contacted Money Mail were so traumatised, suffering stress and sleepless nights since being conned, that they have had to see a doctor.
An 88-year-old pensioner, who cares for her husband who has dementia, was tricked by a fraudster who said he was calling from bT to wipe 18,000 viruses from her computer.
The scammer gained access to her PC for more than two hours. he took £7,000 from her Santander account and £2,000 from her TSb account.
her daughter-in-law, who walked in and put the phone down, says: ‘She is computer savvy and does online banking, but the scammer kept telling her to type in digits to remove thousands of faults.’
TSb managed to block a £1,600 payment and it is still investigating the case.
by contrast, Santander has already rejected her request for compensation.
In its letter, the bank blamed the elderly customer for authorising the payments by using the text message codes.
The document bears the same signature as all the other Santander fraud rejection letters and makes no mention of the ombudsman — even though her daughter-in-law says she had complained.
The 88-year- old says her mobile had been switched off.
When it was turned on, her daughter-in-law found four One Time Passcodes and two fraud alert texts from Santander.
Santander and the victim are in dispute over whether she logged into her online banking.
She also says the criminal gave her codes to enter, while Santander claims it was the other way round.
VICTIMS MADE TO FEEL EXPOSED
DANIEL hUGhES, 19, was tricked on February 13 into revealing One Time Passcodes to a cold caller who pretended to be from Santander’s fraud department.
The criminal took £1,600, leaving Daniel without enough money for the books he needs to study at Newcastle University.
he was sent a letter, dated February 16, just 72 hours after the fraud took place, saying Santander had ‘fully investigated’ and would not refund his money.
Yet when he called the fraud department, it told him that investigations were on-going.
Daniel says: ‘I’ve had to make constant calls to Santander, which has made it hard to study.
‘They blamed me from the very beginning and their attitude was just that I should have known better.
‘but no one explained One Time Passcodes when I opened the student account.’
his letters went to his family home address, rather than his student flat, and his mother Lyndsay took them to her local Santander branch in Liverpool to be forwarded via the internal postal system to Daniel’s Newcastle branch.
One of the letters arrived opened, and another, containing his new log-in details, went missing.
Santander has given Daniel £100 for poor service
The bank says it invests significant resources each year in fighting scams, including an annual awareness campaign, leaflets in branches and a 24-hour fraud phone line.
A spokesman adds: ‘While we are sympathetic to customers who have fallen victim to scams, when they have voluntarily provided personal or security details to third parties or given a stranger remote access to their online banking, we cannot accept any responsibility for the losses.