Reclaiming fraudulent direct debits

JeremyYoung

I've just wasted several hours reclaiming fraudulent direct debits so I will unvent my anger slightly by explaining how to do it. Basically what happened was that direct debits to O2, Vodafone, and TMTI (a phone insurance company) turned up on the bank statements of a charity account I am treasurer of (NB memo to fraudsters don't try and rip off charities their bank statements are checked rigorously). The process to undo these consisted of:

1. Phoning our bank reporting the unauthorised direct debits and getting them to cancel the direct debits (i.e. stop any further payments).

2. Phoning the providers (Vodafone, O2, TMTI) and talking to their fraud departments, they agreed they were fraudulent and cancelled the DD arrangements with little problem. Getting the money back varied. In the case of Vodafone they had already detected the fraud and refunded it; TMTi had not spotted it but immediately agreed to make the refund; O2 refused to make the refund but told me to request the bank (Barclays) made an indemnity claim.

3. Phone the bank and make the indemnity claim. (NB You can't just make the indemnity claim on the first phone call as the bank tells you to contact the provider first...).

4. Check bank statements maniacally to check refund is made is in full and no new DDs appear.

Needless to say his process involves hours on the phone, so short circuiting the automated messages and phone queues is vital. An extremely useful source for phone numbers is the website saynoto0870


Questions
I'd be interested to see how this experience compares to other peoples.
Also has anyone had success in complaining compensation - the DD process appears to be really lazy about checking validity of payment request why should we the end consumer have to do the work?
Finally should this type of fraud be reported to the police and if so how?

pvt

Hi Jeremy,

That you did all of that I don't dispute. That you needed to, I do!

There should have been no requirement for you to contact the providers. It should be quite sufficient for you to just inform your bank that you have not authorised the DD mandates, and to tell them to refund the amounts taken.

As for compo: I wholeheartedly agree you should be compensated for your time and trouble by whoever caused the problem. If you can find the person or persons who have defrauded Vodafone, O2, TMTI, etc. with your account details, then by all means try to make a claim off them.

The police will not be interested in talking to you about it. You will get all your money back from the bank, and won't have suffered a loss. It is for your bank, Vodafone, TMTI, and O2 to contact the police as they are the ones who'll suffer actual loss. And they won't because there is booggerall chance of recovery, and they'd have to expend effort (and thus cost) reporting/liaising with PC Plod - throwing good money after bad.

System

Your bank was at fault in nodding through the setting up of the fraudulent direct debits (though, under the system for electronic nodding though of new direct debit authorities, all the banks do that). It was completely wrong in telling you to contact the payees. Under banking law 101, a bank must at once refund money it has mistakenly taken from your account without authority. In case 27/4 reported by the Ombudsman (see the link below), Mr M did get compensation from his bank. Note that the bank's direct debit guarantee (not to be confused with the indemnity direct debit users have to give their bank) was not, strictly speaking, relevant.

http://www.financial-ombudsman.org.uk/publications/ombudsman-news/27/27-directdebit-guarantee.htm

Also, the phone companies were at fault in not verifying that your charity had really given the DD authorities. When the then Abbey National wrongly set up a direct debit to take money from my account instead of their customer's account with a similar number, my bank of course refunded me at once. When I demanded it, Abbey paid me £50 compensation.

JeremyYoung

PVT thanks for replying. I think it is useful to discuss this a bit as this forum gets picked up well by google and there is not a lot of good info on how to deal with this type of fraud (or have I missed a great set of links?). Your basic advice I guess is that I should have insisted on Barclays making an indemnity claim when I first phoned them and not let them persuade me to waste my time phoning the providers.
As far as compensation goes clearly there is no chance of getting at the original tealeaf nice though it would be to get something from him/her, however I was wondering whether it was possible to claim against either the bank or the providers at least one of whom clearly was hopelessly slack in detecting fraud.

JeremyYoung

YoungNick thanks for the reply, this gets to the nub of my concern in all this, that neither the bank not the provider made even the most cursory of checks (even though this is a charity account which requires two signatures for almost everything) and that the bank gave me poor advice when I phoned, wasted my time, and delayed repayment. I don't think this was accidental but reflected the procedure they have adopted to handle this type of fraud. The Financial Ombudsman site is a very useful link.

zppp

JeremyYoung wrote: »

As far as compensation goes clearly there is no chance of getting at the original tealeaf nice though it would be to get something from him/her, however I was wondering whether it was possible to claim against either the bank or the providers at least one of whom clearly was hopelessly slack in detecting fraud.

And how would you suggest that they should have detected fraud?

JeremyYoung

zppp wrote: »

And how would you suggest that they should have detected fraud?

Well a first check might be to see if the name of the person taking out the direct debit was the same as one of the authorised signatories on the account. It wasn't, I know that much from the conversation with one of the providers.

System

zppp wrote: »

And how would you suggest that they should have detected fraud?

Barclays could have an automated fraud detection system to flag up odd-seeming alleged DD authorities from a charity, and a human could then check signatory requirements.
The originators could have done any of the things they are supposed to do according to the AUDDIS rules:
http://www.bacs.co.uk/Bacs/Businesses/FAQ/Pages/AUDDIS.aspx

Q. Isn't there a risk of fraud if customers' signatures aren't checked by banks?
A. It's extremely unlikely because you have responsibility for verifying your customers' identities via methods such as credit reference checks, cross-referencing with the electoral register or your own historical customer records. Furthermore, before joining AUDDIS, you must satisfy your bank about the checking procedures you intend to adopt.

JeremyYoung

Young Nick. Interesting quote from the BACs rules. Those rules though only seem to add up to making sure the person is using a genuine identity, not that they have a right to use the bank account they are setting up the DD against. Who is responsible for checking that?

System

JeremyYoung wrote: »

Those rules ... only seem to add up to making sure the person is using a genuine identity, not that they have a right to use the bank account they are setting up the DD against. Who is responsible for checking that?

When a company (including a charity) sets up a genuine DD, it of course has to supply details of its authorised signatory/ies to the payee.
http://www.bacs.co.uk/Bacs/Businesses/DirectDebit/PayingBy/Pages/GettingStarted.aspx
The phone companies etc should have checked that they were getting what looked like a genuine company authority. And they should have wondered why a company DD was going to pay for, presumably, the mobile phone bills of a private user whose identity and private address they should have checked.
The bank is responsible for checking that the correct signature(s) are on DD authorities (and cheques). In practice, the bank assumes all's well until their customer complains. The bank is obliged to make an immediate refund of any unauthorised payments, and should also refund consequential losses.

Degenerate

YoungNick wrote: »

When a company (including a charity) sets up a genuine DD, it of course has to supply details of its authorised signatory/ies to the payee.
http://www.bacs.co.uk/Bacs/Businesses/DirectDebit/PayingBy/Pages/GettingStarted.aspx
The phone companies etc should have checked that they were getting what looked like a genuine company authority. And they should have wondered why a company DD was going to pay for, presumably, the mobile phone bills of a private user whose identity and private address they should have checked.
The bank is responsible for checking that the correct signature(s) are on DD authorities (and cheques). In practice, the bank assumes all's well until their customer complains. The bank is obliged to make an immediate refund of any unauthorised payments, and should also refund consequential losses.

One wonders whether this was deliberate fraud at all, or just a careless customer getting their account number/sort code wrong. In either case, as you say, it should have been picked up by a check on the authorised signatory.