MSE News: 'Super-complaint' submitted over protection for bank transfer scam victims

Cornucopia

colsten wrote: »

My understanding is we are already covered for those cases - provided we can prove that we were not negligent with the access data for our accounts.

Thanks - that's good to know.

GingerFurball_2

colsten wrote: »

My understanding is we are already covered for those cases - provided we can prove that we were not negligent with the access data for our accounts.

Banks cannot refuse to refund because of gross neglegence.

Where they will get you is that if you were to PM me your login details, they would consider that you had authorised me to transact on your account. Any payments made by me would therefore have been authorised, therefore not fraud.

TheBanker

A lot of the problem is down to people thinking email is a secure method of communication, when it is not.

Banks won't accept payment instructions via email for a very good reason - emails can easily be spoofed.

Unfortunately a lot of these victims are quite happy to transfer thousands of pounds on the basis of an email which appears to come from a solicitor.

They are probably the same people who complain to banks that they are "being awkward" when the bank declines to accept payment instructions by email and instead requires these to be submitted via a secure mechanism.

I have a lot of sympathy for these people but I don't think the banks are at fault. If I drew cash from the ATM and then got mugged I wouldn't expect the bank to reimburse me, so what is different here?

There has been a lot of publicity for scams in recent times and organisations such as Which and MSE can only help by raising awareness, along with the banks. But holding the banks liable is not right.

In any case if the banks are liable it will either mean:
1) They stop doing large payments unless the customer attends a branch for interrogation prior to allowing the payment or
2) All the other customers have to pay higher charges or receive lower interest to cover all these refunds which are required.

Cornucopia

TheBanker wrote: »

A lot of the problem is down to people thinking email is a secure method of communication, when it is not.

It goes much wider than that, unfortunately.

I have a lot of sympathy for these people but I don't think the banks are at fault. If I drew cash from the ATM and then got mugged I wouldn't expect the bank to reimburse me, so what is different here?

And yet the Banks have spent money on trying to make ATMs more secure, including installing cameras in/around them to provide a degree of protection against ATM mugging.

There has been a lot of publicity for scams in recent times and organisations such as Which and MSE can only help by raising awareness, along with the banks. But holding the banks liable is not right.

As is often the case in forum discussions, what is a subtle, nuanced point "the banks should take more responsibility" is translated into a binary point "the banks should not be held liable". The two are not the same thing.

In any case if the banks are liable it will either mean:
1) They stop doing large payments unless the customer attends a branch for interrogation prior to allowing the payment or
2) All the other customers have to pay higher charges or receive lower interest to cover all these refunds which are required.

This presumes that the cost of doing nothing is less than the cost of doing something, which is probably not correct. I saw a figure of £50bn pa for UK fraud a short while ago (only in passing on a TV programme), but if the issue is anything like as big as that, then we cannot do nothing.

At the same time, the doing something could be a series of cheap but effective measures. Some of those might involve blocking or quarantining suspicious transactions, but some might just involve alerting a customer more forcefully to the risks in the context of a transaction that is outside that customer's normal account usage. The technology is capable of much, much more than we presently have as protection at the moment, and the question is why?

TheBanker

Cornucopia wrote: »

As is often the case in forum discussions, what is a subtle, nuanced point "the banks should take more responsibility" is translated into a binary point "the banks should not be held liable". The two are not the same thing.

Actually I was reading the MSE news story which sparked this thread:

Which? is calling on banks to shoulder more responsibility for money lost to scams made by bank transfer, just as they reimburse customers who lose money due to scams via direct debits, credit and debit cards or fraudulent account activity. The idea is banks will then have an incentive to develop better mechanisms to nip bank transfer fraud in the bud.

In its super-complaint, Which? calls on the PSR to:

Formally investigate the scale of bank transfer fraud and how much it is costing consumers .
Take action and propose new measures and greater liability for banks to ensure consumers are better protected when they have been tricked into making a bank transfer.


It is pretty clear to me that they are suggesting that the banks should reimburse these losses. Unless MSE have misrepresented what Which? are actually calling form.

This presumes that the cost of doing nothing is less than the cost of doing something, which is probably not correct. I saw a figure of £50bn pa for UK fraud a short while ago (only in passing on a TV programme), but if the issue is anything like as big as that, then we cannot do nothing.

I didn't suggest doing nothing (and banks are already doing things). But I don't think the bank is liable for a customer's mistake. I think education of the public is needed and this is where Which? and the regulators should focus their efforts.

At the same time, the doing something could be a series of cheap but effective measures. Some of those might involve blocking or quarantining suspicious transactions, but some might just involve alerting a customer more forcefully to the risks in the context of a transaction that is outside that customer's normal account usage. The technology is capable of much, much more than we presently have as protection at the moment, and the question is why?[/QUOTE]

We do this at our bank. We have a fraud detection system which looks for various types of transactions including those that match the pattern of common scams. And we try to contact the customer to confirm it's genuine and try to discuss the circumstances.

But if the customer has been convinced by a fraudster that their money needs to move quickly, they may lie to our staff. Sometimes the genuine customers who accidentally get caught up in this abuse and swear at our staff.

When I used to work in front line banking, in a branch, the scam at the time was persuading elderly folk to draw out large amounts of cash for building repairs. We had a spate of these in our area and used to try to persuade the customer not to do it. We knew it was a scam and if the customer would allow me, I would phone a friend or relative to see if they could come to the bank. If they weren't willing to let me do that I sometimes lied and said we did not have enough cash so they would have to come back tomorrow.

It is however a very difficult situation if the customer does not want to believe that they are falling victim to a scam. Ultimately I don't think the banks have a right to stop someone accessing their own money and we certainly don't have the right to speak to relatives etc. without permission, even if we know who they are.

teamgb

I purchased a new Laptop supplied with Norton Security loaded all the updates.

Logged into my Santander accounts to check a balance, the screen blinked and requested a One Time Password to make a payment. My mobile rang with the OTP, showing that I was about to make a payment for £5000 to an account number I did not know. If I had just followed the on screen instruction and entered the OTP I would have lost £5000 and it would be my own fault not the Banks.

The bank did spot the attempt and suspended the account, I had to set up new security details which took about a week to complete.

Cornucopia

TheBanker wrote: »

Actually I was reading the MSE news story which sparked this thread:

Which? is calling on banks to shoulder more responsibility for money lost to scams made by bank transfer, just as they reimburse customers who lose money due to scams via direct debits, credit and debit cards or fraudulent account activity. The idea is banks will then have an incentive to develop better mechanisms to nip bank transfer fraud in the bud.

In its super-complaint, Which? calls on the PSR to:

Formally investigate the scale of bank transfer fraud and how much it is costing consumers .
Take action and propose new measures and greater liability for banks to ensure consumers are better protected when they have been tricked into making a bank transfer.


It is pretty clear to me that they are suggesting that the banks should reimburse these losses. Unless MSE have misrepresented what Which? are actually calling form.

I think you are reading something that isn't there. They are calling for the Banks to take more responsibility, not to take all the blame. They are two very different things.

I didn't suggest doing nothing (and banks are already doing things). But I don't think the bank is liable for a customer's mistake. I think education of the public is needed and this is where Which? and the regulators should focus their efforts.

I think that if many, many reasonably intelligent people are making these irreversible "mistakes" using the Banks' systems, then we should at least ask whether there is something wrong with those systems. Personally, I have always been very wary of the issues of setting up new instructions involving providing/entering an account number from some other source. Typically, I will make a test payment of £1 for any new instruction where I have access to both accounts. (I appreciate that this would not prevent all types of fraud).

There's a further issue with the replacement of cheque transactions by bank transfers, where the rules and protections are not remotely similar (and cheques were not fraud-proof, either).

We do this at our bank. We have a fraud detection system which looks for various types of transactions including those that match the pattern of common scams. And we try to contact the customer to confirm it's genuine and try to discuss the circumstances.

In some types of these frauds, that "checking" will have no effect, because the customer believes the transaction to be genuine, even though it is not.

But if the customer has been convinced by a fraudster that their money needs to move quickly, they may lie to our staff. Sometimes the genuine customers who accidentally get caught up in this abuse and swear at our staff.

Yes, I can see this, and if the customer is that convinced by the scam, then I think that's an argument for doing more than simply warning people.

When I used to work in front line banking, in a branch, the scam at the time was persuading elderly folk to draw out large amounts of cash for building repairs. We had a spate of these in our area and used to try to persuade the customer not to do it. We knew it was a scam and if the customer would allow me, I would phone a friend or relative to see if they could come to the bank. If they weren't willing to let me do that I sometimes lied and said we did not have enough cash so they would have to come back tomorrow.

It is however a very difficult situation if the customer does not want to believe that they are falling victim to a scam. Ultimately I don't think the banks have a right to stop someone accessing their own money and we certainly don't have the right to speak to relatives etc. without permission, even if we know who they are.

Again, this suggests a more, not less comprehensive set of anti-fraud options. If the customer perceives this as the Bank "meddling" in one random instruction, then I can see a reaction against that. OTOH, if its part of a previously communicated anti-fraud system, involving prior agreement or opting-in, prior communication between relatives, prior agreement of transaction levels that will flag warnings, then all of that will help even a confused customer to put the Bank's actions into true perspective.