Why are banks dragging their feet on fraud prevention?
Victims of scams are yet to benefit from a range of anti-fraud measures because there are too many banks and competing schemes, industry experts have said. A string of changes to the way payments are made and rules around scam protection have been discussed for years but are yet to be enforced by regulators, despite the fact that close to £1m is being stolen from consumers every day. Figures from UK Finance, the banking trade body, reveal that fraudsters took £145m in the first six months of 2018 but just £31m was handed back to victims.
In 2016, consumer watchdog Which? submitted a “supercomplaint” to the regulator on behalf of victims, demanding better protection from criminals. But despite the industry spending months building a code setting out how victims should be reimbursed and changing how payments are processed, neither is in place.
Gareth Shaw, of Which?, said: “Two years on from our supercomplaint and banks have only done the bare minimum to tackle bank transfer fraud, dragging their heels while preventive measures and reimbursement models could have been adopted sooner.
“Banks placed too much faith in educating their customers through awareness schemes like ‘ Take Five’, instead of taking concrete action.”
Telegraph Money asked banks, regulators and the trade body UK Finance why these measures were not yet in place.
One major bank blamed the proliferation of start-ups creating complicated technology, which needs to mesh with the rest of the industry. One regulator said the sheer number of banks meant implementing industry-wide measures would take time. Disputes over who pays for refunds have also hampered progress on the “reimbursement model”.
A raft of measures aimed at helping scam victims have been promised for years. So why, asks Sam Meadows, are we still waiting?
Rules on refunds
Earlier this year, the Payment Systems Regulator set up a group of consumer advocates, banks, charities and industry bodies to draw up a set of rules on when victims should get their money back from banks.
It was finally unveiled a fortnight ago and, while voluntary, would compel banks that fail to protect vulnerable customers or give sufficient fraud warnings on highvalue payments, to pay back losses.
It should have been enforced immediately but internal arguments mean the start date has been pushed back. The dispute comes down to who pays when neither the customer nor the bank has acted negligently.
Consumer champions say that making the banks pay would incentivise them to build more robust systems, while UK Finance chief executive Stephen Jones told MPs this week that this would indemnify fraud, creating an extra incentive for criminals. He suggested introducing a charge on bank transfers to be paid into a reimbursement fund. Other options include an insurance policy and a “fine” on banks at fault.
Mr Shaw said the disputes were “concerning” and that banks needed to act swiftly to rectify the situation. He added: “Banks argue it is not fair for them to pay out if they are not at fault, but the existing situation – in which the customer suffers the financial cost when they are not at fault – is completely unacceptable.”
A spokesman for UK Finance said it had become clear that a voluntary code would not be enough and the problem must be solved by regulation.
“It is vital that we get the right outcome for customers and prevent the UK from inadvertently becoming a magnet for fraudsters,” he added.
Another crucial part of the anti-fraud puzzle is improved security on bank transfers, called “confirmation of payee”. Currently, when transferring money online, a consumer must enter the name of the payee, but this is not checked. Confirmation of payee will require banks to match up the payee’s name to that of the account holder.
This should help prevent a common ruse used by fraudsters in which they pretend to be a third party, such as a solicitor or financial adviser, and divert payment to a fraudulent account. The measure will be officially announced next week, but the regulator does not intend to enforce the rules until July next year.
The New Payment System Operator, which is leading the development, said there were numerous complications for banks. It said the sheer number of banks, and the differences in systems between them, meant implementing confirmation of payee was not easy.
UK Finance said it was critical that confirmation of payee was brought in securely, but that it was one of a number of requirements the industry was working on. “Many of these requirements are interrelated and so need careful implementation to avoid unintended consequences for consumers and users of the payments systems,” the spokesman added.
Complain to the criminal’s bank
A frequent problem for scam victims is the inability to complain to the bank that allowed a fraudster to open an account, often with fake paperwork.
Banks often refuse to help victims by saying data protection rules mean they cannot divulge any information to help take the complaint further. Mr Shaw said the inability to complain to the ombudsman often stalled victims’ attempts to get their money back.
A consultation held by City regulator the Financial Conduct Authority (FCA) seeks to let consumers complain to receiving banks, and to the ombudsman if it is not resolved. The consultation closed at the end of September and the FCA is hoping to publish a paper in the next few months with a view to enforcing it from the start of next year. The FCA said there were several legal issues to contend with, meaning the policy could not be introduced overnight.
‘Two years on and banks have only done the bare minimum to tackle transfer fraud’
Figures show that fraudsters took £ 145m from bank customers in the first six months of 2018 but just £31m was handed back to victims