We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is it normal for Santander to delay every faster payment sent?
Options
Comments
-
Your employer's lawyers are (quite correctly) adamant (on a daily basis) that the bank has absolutely no responsibility in respect of customers getting themselves scammed.
If they wanted to do something, they could block the accounts of scammers. Do you know how hard it is to get Visa to block the merchant accounts of known scammers? So long as they're collecting their fees, they don't give a toss. They make most of their profit from pornography. How much of that is illegal?
You quoted me, but you didn't actually respond to the point I was making at all, rather, you just repeated a previous accusation about it all being about profit.
Are you saying I shouldn't take care with my customers payments and simply act on their instructions without further questioning when either themselves, the law, or the bank could be at risk of a security or legal breach?
If you'd care to respond to what I actually said, and give a reasonable argument as to how I am being ridiculous, I will accept it, as it stands, meh.
As to blocking accounts of potential scammers - I do it regularly (within reason, i.e. where there is reasonable suspicion of wrongdoing). You seem to want it both ways however, when banks investigate, you complain, when they stand by and do nothing, you complain.It's a joke. They set up a system that depends on only trustworthy businesses being allowed to originate DDs, and relies on those firms to check IDs. But the ID checks are laughable. And then they undermine the whole thing by allowing third-party payment brokers to be proxy originators, so the real originator doesn't have to register.
Agreed, a loophole that I hope will be closed at some point, although it will mean many legitimate small to medium enterprises will be closed off, leading to further complaints and accusations of the bank failing to help people.Anybody who sets up DDs knows how often customers give wrong bank details. And sometimes DDs are set up on the wrong account and payments are collected. A properly designed system would make it essentially impossible to do this by accident. (This would also remove the need to make test payments when setting up new payees.).
That's why the Direct Debit Indemnity Scheme is in place, immediate refunds whilst the bank investigates at its own cost, it's not perfect, but it works well enough for millions of people.
As to your comment further down the thread about 'reasonable suspicion,' if a bank has, from its own vast experience, encountered a higher degree of money laundering due to a particular type or volume of transaction, is it not reasonable to act on and investigate it if it encounters it again, even if ultimately it turns out to be perfectly legitimate? In my experience legitimate customers are compensated for the inconvenience (more than you'd get from a police investigation) and criminals are caught rather than ignored.
Kind regards,
Cal0 -
In the light of the gigantic scandals some of our banks have been responsible for, it is hard to swallow that bank employees should be the ones who judge over what we as customers are doing.
Of course they can easily hide behind all sorts of duties they have (many of which they seem to have assumed without being asked by any law), or having "reasonable suspicions" that money laundering might be involved, and they never have to even provide any details to their customers. They do not even have to make sure that those whose accounts they lock have enough money to buy food and pay their essentials (like mortgage, travel to work etc).
Something will have to give before long, the arrogance of some bankers is just not tolerable.0 -
Archi Bald,
The banks simply cannot win in this argument. It's illegal for a banker to reveal that a customer is under suspicion of money laundering/illicit activity, so they CAN'T tell the customer anything (but they do have to accept being a punching bag because of it, which I assure you is not a fun experience). And if the customer DOES turn out to be a criminal then releasing funds to them even though you're suspicious is hard to justify to a court.
I do understand that many perfectly innocent people are caught out in this, and it's truly horrible for them (indeed my own grandparents had this exact thing happen) but it's not all in the banks hands, I'd say trust me, but I think I'd be pushing my luck some-what there.
Another thing to mention - The 'scandals' and so on are mostly the fault of high level management (people who probably don't actually have a clue about normal retail banking unless they came up through the ranks), NOT the people the public interact with - Many/most of those people truly want to do what's best for their customers and they have to do that within the laws and procedures they signed up to when they joined the bank. Those people are also often very experienced, it's not uncommon for people to work for the same bank for 30+ years, even in today's world. If you're suggesting that that experience is worthless then frankly I would be offended and somewhat question your judgment.
Even staff who have only been around for a short period of time will most likely have more knowledge of how it all works than the majority of customers they see (I wont pretend to know everything, and I quite often learn more from my clients than I can tell them), therefore their 'judgments' should not be disregarded just because someone thinks they know better.
I know this is a dispute I cannot win as everyone has their own opinions, but hopefully it gives you a more informed perspective.
Kind regards and enjoy the sunshine,
Cal 0 -
I'm saying that the banks, for their own reasons, (a) fail to make any number of simple improvements to their security (b) fail to act on definite information and (c) fail to prosecute known fraudsters.Are you saying I shouldn't take care with my customers payments and simply act on their instructions without further questioning when either themselves, the law, or the bank could be at risk of a security or legal breach?
Then to hide their shame at their failings, they take excessive action on the flimsiest of pretexts.
So yes, they're wrong both ways.
But if you do it in such a way that the customer proves his identity to the bank, it doesn't matter who the intermediaries are. It's not rocket science.Agreed, a loophole that I hope will be closed at some point, although it will mean many legitimate small to medium enterprises will be closed off,
Don't get me started.That's why the Direct Debit Indemnity Scheme
No, that would be a fishing expedition. It's a good way of catching more criminals, but it's also prone to be an infringement of innocent people's rights. The banks are not authorised, let alone required, to go on fishing expeditions. Just because it works is not sufficient.As to your comment further down the thread about 'reasonable suspicion,' if a bank has, from its own vast experience, encountered a higher degree of money laundering due to a particular type or volume of transaction, is it not reasonable to act on and investigate it if it encounters it again
The police could catch more criminals by doing random house searches in notorious areas, but (officially) we don't let them, even in notorious areas. In fact they shouldn't even search the houses of people with known form just on the off-chance."It will take, five, 10, 15 years to get back to where we need to be. But it's no longer the individual banks that are in the wrong, it's the banking industry as a whole." - Steven Cooper, head of personal and business banking at Barclays, talking to Martin Lewis0 -
I'm saying that the banks, for their own reasons, (a) fail to make any number of simple improvements to their security (b) fail to act on definite information and (c) fail to prosecute known fraudsters.
Then to hide their shame at their failings, they take excessive action on the flimsiest of pretexts.
So yes, they're wrong both ways.
a) What do you define as simple? I have come to believe you have a very general understanding of everything and nothing, but very little understanding of the true details.
b) Examples required, without some kind of definition or explanation of what you're talking about it's just another generalisation.
c) It's the banks job to pass suspicions to the police or the Serious Fraud Office, it's not the banks job to decide whether or not to prosecute.No, that would be a fishing expedition. It's a good way of catching more criminals, but it's also prone to be an infringement of innocent people's rights. The banks are not authorised, let alone required, to go on fishing expeditions. Just because it works is not sufficient.
The police could catch more criminals by doing random house searches in notorious areas, but (officially) we don't let them, even in notorious areas. In fact they shouldn't even search the houses of people with known form just on the off-chance.
Presumably then, credit searches should also entirely disregard past experiences and statistics in their decisions, basing decisions purely on the fact customers have either said "Yes I'll pay you back" or "no I'm gonna rip you off Gov'!"
Everyone is different, and numbers can lie, but only a damned fool would ignore them, especially with such a massive sample of examples to base a decision on. Besides which - I said investigate, that means look into, it doesn't mean 'screw the poor ~gger over'
Whilst I would love to live in a rosy world where your 'suggestions' would work, I don't.
By the way - I don't consider stopping criminals and terrorists from being able to ply their trade a 'flimsy excuse'
Kind regards,
Cal0 -
Anybody could steal my ID with no trouble at all, because my mail is dippable. All banks rely on sending me mail, and none of them has ever asked me if I think this is secure.a) What do you define as simple?
When opening new accounts, I never get asked for documents, because I pass the "online checks" - which do nothing to prove that I'm me and not somebody else pretending to be me. So sending stuff to my address is the only real check they make, and as I say, that doesn't prove much either.
Online banking website design is often poor - e.g. there are sites where you can get back into a logged-in account after you think you've left it.
Some sites display a customised message or picture before you type your password, as an anti-phishing precaution. Others can't be bothered.
Some sites ask for 2 or 3 characters from your password. Others make you type the whole thing, so giving it away to keyloggers.
Some banks do an extra check when setting up a new payee - phone call or text or card reader. Others can't be bothered. (Some will do a check and then block an immediate payment in spite of the check. And then phone you on the same mobile they've just sent the text to, because if somebody had nicked it then, you'll have got it back by now.)
Some banks make you activate new cards sent out by post. But some don't.
When shopping by phone or online, you hand over all the card details the ID thief needs. You don't know if the retailer's staff are honest or if their computer is secure. These things can be arranged without giving any bank details to the retailer, e.g. via WorldPay. And certainly if the retailer is using VbV/SecureCode there's no reason why the they should have to take the expiry date and CVV as well as the card number, because the customer will authenticate to the bank.
etc etc etc. Personally I'd like to see a system where incoming payments from unexpected sources have to be accepted by the recipient before being credited to an account.
Firm mentioned on here recently, claims to be FCA registered, but isn't. That's clearly criminal - obtaining money by deception. There's an official warning notice on the FCA site. There are other official lists of firms known to be involved in boiler-room and land-banking scams etc. But you can pay these firms money, their banking isn't blocked. The bank isn't the victim, so it doesn't care.b) Examples required
Of course, if I commited fraud against a bank - say ID theft or cheque fraud - I'd be blacklisted. But I still wouldn't be prosecuted. That wouldn't be the police's decision, it would be the bank declining to press charges. They never do press charges, because they don't want to admit how easy or widespread these things are.
Completely different. I didn't say you should ignore the customer's record. By all means suspect a transaction if the customer is already under suspicion. But we're talking about blocking customers who've done nothing to get suspected of anything.Presumably then, credit searches should also entirely disregard past experiences
That's like refusing me credit because I've got an Aqua card, and some of their other customers have poor credit.
You don't know they're criminals and terrorists. All you know is, oh look, he sent £1 to another account, oo-er.By the way - I don't consider stopping criminals and terrorists from being able to ply their trade a 'flimsy excuse'"It will take, five, 10, 15 years to get back to where we need to be. But it's no longer the individual banks that are in the wrong, it's the banking industry as a whole." - Steven Cooper, head of personal and business banking at Barclays, talking to Martin Lewis0 -
Thank you for the detailed reply, and I apologise for not responding to it earlier. I did read it a couple of days ago on my phone but decided a comprehensive, point by point, response was deserved, which I haven't had time to write until now.Anybody could steal my ID with no trouble at all, because my mail is dippable. All banks rely on sending me mail, and none of them has ever asked me if I think this is secure.
No, it isn't, but then what is? E-mail? Face to face? Both of them are vulnerable in one way or another (ironically, when it comes to face to face, 'pushy' people who have clear set agendas and pre-decided viewpoints such as potentially yourself are the most worrying problem, as staff members are just humans and don't want to offend someone, and can therefore sometimes be engineered into giving information to the wrong people).When opening new accounts, I never get asked for documents, because I pass the "online checks" - which do nothing to prove that I'm me and not somebody else pretending to be me. So sending stuff to my address is the only real check they make, and as I say, that doesn't prove much either.
Couldn't agree more, I absolutely despise the idea of being able to open accounts without presenting yourself to a qualified staff member, for the fraud reasons you mention and also for anti money-laundering reasons. Electronic identification without any human interaction just doesn't sit well with me.
Some sites display a customised message or picture before you type your password, as an anti-phishing precaution. Others can't be bothered.Some sites ask for 2 or 3 characters from your password. Others make you type the whole thing, so giving it away to keyloggers.
I'm in no position to comment on the various security checks different institutions make, on the one hand I think it's the customers responsbility to make sure their systems are secure, on the other hand I understand banks actively encourage customers to use online banking without necessarily ensuring they have the technical knowledge to do so. For that reason I agree it isn't brilliant, but I would also state that most institutions now have additional security features that minimise or eliminate the threat of keyloggers.Some banks do an extra check when setting up a new payee - phone call or text or card reader. Others can't be bothered. (Some will do a check and then block an immediate payment in spite of the check. And then phone you on the same mobile they've just sent the text to, because if somebody had nicked it then, you'll have got it back by now.)
Some banks make you activate new cards sent out by post. But some don't.
When shopping by phone or online, you hand over all the card details the ID thief needs. You don't know if the retailer's staff are honest or if their computer is secure. These things can be arranged without giving any bank details to the retailer, e.g. via WorldPay. And certainly if the retailer is using VbV/SecureCode there's no reason why the they should have to take the expiry date and CVV as well as the card number, because the customer will authenticate to the bank.
Again, I wont comment on individual procedures as to setting up and using new payees, the level of acceptable risk is up to each institution to decide upon as a purely commercial decision, something I suspect the FOS would agree with me on.
VBV and Mastercard Securecode are simply an additional check, not a replacement for other checks. The expiry date and CVV are unique to each card, therefore they prevent old cards (with potentially the same card number) being used to make transactions. This protects the consumer. Chargebacks are also available if a company turns out to be sketchy. I'm not sure what your argument is here.etc etc etc. Personally I'd like to see a system where incoming payments from unexpected sources have to be accepted by the recipient before being credited to an account.
By my own (limited) knowledge, I can see 2 major issues with this, and many minor ones, although I'll only comment on the majors.
1: It would require a massive investment in IT systems by EVERY financial institution and would provide very little gain other than potentially stopping a few frauds (remember these are businesses - some fraud loss has to be accepted as the costs to prevent them out-weigh the losses).
2: It would cause an increase in hassle for customers and lead to people having to jump through even more hoops just to move a little bit of money between friends, such as myself who sent some funds to a mate last night to help him book a hotel. Again, the financial investment required to allow systems to message the account holder first (by text, e-mail etc) would be high, and if the potential levels of fraud are low it's difficult to justify from a business perspective.
You also have to define 'unexpected sources.' Banks internal procedures should already identify extreme out of character transactions, particularly for larger amounts. What more do you expect them to do?Firm mentioned on here recently, claims to be FCA registered, but isn't. That's clearly criminal - obtaining money by deception. There's an official warning notice on the FCA site. There are other official lists of firms known to be involved in boiler-room and land-banking scams etc. But you can pay these firms money, their banking isn't blocked. The bank isn't the victim, so it doesn't care.
Of course, if I commited fraud against a bank - say ID theft or cheque fraud - I'd be blacklisted. But I still wouldn't be prosecuted. That wouldn't be the police's decision, it would be the bank declining to press charges. They never do press charges, because they don't want to admit how easy or widespread these things are.
Again, it comes down to money (and again - banks are businesses, not charities or public services). If the fraud is minor it's simply not cost-worthy to press charges. Would you expect a small business to go through the legal system when its losses were tiny in comparison to the costs? If so, why, and how does it benefit the business?
Also - I believe (and I may be wrong here, I have to absorb a lot of information every day and can sometimes get confused) you were the one who said about innocent until proven guilty when it comes to investigating potential fraud/money laundering by clients. Government supported accusations are one thing, but most 'frauds' are presented to banks by discontented consumers who should be taking their complaints to the relevant trade bodies (such as the FOS, Trading Standards etc) rather than the bank. The bank should not be acting on pure hearsay by your own reasoning. These checks and balances are in place, even if they're not perfect. You can't just shut off a business because someone has said it's dodgy.Completely different. I didn't say you should ignore the customer's record. By all means suspect a transaction if the customer is already under suspicion. But we're talking about blocking customers who've done nothing to get suspected of anything.
That's like refusing me credit because I've got an Aqua card, and some of their other customers have poor credit.
You don't know they're criminals and terrorists. All you know is, oh look, he sent £1 to another account, oo-er.
I moved away from the £1 transfer debate some time ago, and admit I overreacted in it in how I thought it should be treated. As to the comment about Aqua - Actually, cards are usually fine, but lets say there's a history of pay-day loans - they're a strong indication of financial irresponsibility, both statistically and in reality (although it isn't always the case), should they be treated in the same way as any other credit or not? I'm open to comment on that, because I honestly don't know. Many PDLs are used legitimately and for good reason.
Kind regards,
Cal0 -
My point was that some people's mail is more dippable than others', because it's delivered where somebody can just pick it up and walk off with it. The banks are well aware of the problem but are refusing to recognise it.No, it isn't, but then what is?
My point was that for CNP transactions you don't need to have the card, you only need the details on the card. But those details are no secret because the cardholder has to keep giving them to retailers, whose security may not be trustworthy. There are ways of paying for things without giving the card details to retailers.VBV and Mastercard Securecode are simply an additional check, not a replacement for other checks. The expiry date and CVV are unique to each card, therefore they prevent old cards (with potentially the same card number) being used to make transactions. This protects the consumer. Chargebacks are also available if a company turns out to be sketchy. I'm not sure what your argument is here.
Huh? Doesn't seem to take much to get a personal customer's banking suspended or account closed. The usual excuse is "unacceptable risk to the bank". In other words, some idiot computer program has flagged you up and the staff are too scared to give you an OK.You can't just shut off a business because someone has said it's dodgy.
Actually it doesn't take much to close a business account either, if it's to protect the bank. But if it's only to protect customers, who cares.
The point I was trying to make was that fraud and ML checks don't look at a customer's record at all, so can't be compared with checks based on a customers's record.As to the comment about Aqua
What you mean is, our payment systems have been done on the cheap instead of being done properly.1: It would require a massive investment in IT systemsthe level of acceptable risk is up to each institution to decide upon as a purely commercial decisionit's difficult to justify from a business perspective.
Exactly. So far as the banks are concerned, it's not about protecting customers or preventing crime, it's all about the bank's bottom line.Again, it comes down to money (and again - banks are businesses
So now we understand each other. But customers are left with a big problem, because their money is too important to them to be left in the hands of businesses making purely commercial decisions."It will take, five, 10, 15 years to get back to where we need to be. But it's no longer the individual banks that are in the wrong, it's the banking industry as a whole." - Steven Cooper, head of personal and business banking at Barclays, talking to Martin Lewis0 -
My point was that some people's mail is more dippable than others', because it's delivered where somebody can just pick it up and walk off with it. The banks are well aware of the problem but are refusing to recognise it.
The banks can't do a damn thing about it if the customer refuses to use on-line banking. They're required by law to provide statements/changes to T&Cs etc. Cards can be sent to branches if the customer is concerned about security.
This is a problem only if you allow it to be one. If your post is dodgy ask for your cards to go to branch or get them sent to a friends address (you can easily change your mailing address whilst keeping your official address the same).
If none of that works for you, the law needs to change, not the banks procedures.
P.s. I don't know about all banks, but I know where I work they are definitely aware and have procedures in place to try and protect your mail, such as hand-written post, disguised delivery, refusing to deliver to high risk locations or asking for signed postage for example.My point was that for CNP transactions you don't need to have the card, you only need the details on the card. But those details are no secret because the cardholder has to keep giving them to retailers, whose security may not be trustworthy. There are ways of paying for things without giving the card details to retailers.
There are indeed ways of paying without giving out card details, but for those that can and do, charge-backs are always available to retrieve the money, in the case of genuine fraud I've never seen a charge-back or bank refund be declined.Huh? Doesn't seem to take much to get a personal customer's banking suspended or account closed. The usual excuse is "unacceptable risk to the bank". In other words, some idiot computer program has flagged you up and the staff are too scared to give you an OK.
Actually it doesn't take much to close a business account either, if it's to protect the bank. But if it's only to protect customers, who cares.
There is a big difference between banks closing an account due to account operations and closing an account due to allegations of misconduct. Account ops are reviewed regularly and unusual transactions can rightly flag up (in which case it's a decision for the bank to decide if, on evaluation, the account is dodgy and/or could cause reputational damage), allegations of misconduct would quite rightly need to be supported by evidence or legal action, if it isn't it's just hearsay. If you don't understand this difference that's fine, you don't need to.The point I was trying to make was that fraud and ML checks don't look at a customer's record at all, so can't be compared with checks based on a customers's record.
That's just plain incorrect, no offence intended. Customers records/past behaviour/current behaviour based on the information the bank has on the customer are all taken into account. A customer earning 90k a year who suddenly pays in a £20k cheque wouldn't raise any eyebrows, one that earns 10k and is on benefits who pays the same cheque in would be a cause for further questioning.
Some of the onus here is on the customer to make sure the bank holds up to date information on them, if not you can't blame them for being concerned.What you mean is, our payment systems have been done on the cheap instead of being done properly.
On the cheap? No. Even simple IT systems for massive organisations are eye-wateringly expensive. The problem is (as a previous poster mentioned) that they are developed over time and hence are just 'tagged on' to existing systems as new requirements come in. A new bank, making a brand new system, would be able to develop a wonderful network with perfect collaboration between departments etc, until things change (which they do every month) and then they'd be in the same boat of having to try to tie existing systems to new ones. Not as easy as you may think. If you have any background in IT you'll understand what I mean.Exactly. So far as the banks are concerned, it's not about protecting customers or preventing crime, it's all about the bank's bottom line.
So now we understand each other. But customers are left with a big problem, because their money is too important to them to be left in the hands of businesses making purely commercial decisions.
Protecting customers and preventing crime ARE all about the bottom line. Protecting customers from fraud means the bank doesn't have to refund a customer who's been a victim, and this therefore means prices don't go north to mitigate fraud losses (i.e. the bank and the customer benefit from these procedures).
Criminals who use a bank leave the bank and its staff liable for massive fines and/or prosecution if they fail to put reasonable safe-guards in place, again reducing losses and helping society at large reduce criminal gains.
So yes, it is largely commercial, and what's wrong with that if it benefits the vast majority of society?
Also - What's the alternative? You seem to be suggesting banks shouldn't be based on commercial decisions, so the only alternative I can see is some commy style state-owned banking system, and good luck getting technological and progressive developments from THAT, as it wouldn't have to compete! Not to mention how ridiculous it would be for the civil service to make COMMERCIAL lending decisions without any concern for the actual financial outcome due to bad losses, as the taxpayer would foot the bill. As a taxpayer that doesn't sit well with me at all.
Laws and regulators do help drive the banking system forwards, such as faster payments and the changes to cheque clearance rules, but they are the exception, not the norm.
Kind regards,
Cal0 -
in the case of genuine fraud I've never seen a charge-back or bank refund be declined.
I accept you may genuinely believe that, however there are regular cases of people who only get fraud cases refunded by banks after going either to the media or FOS. Some banks seem predisposed to blaming the customer for these cases.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards