Victim of APP Fraud -help please

Office10

I have recently been a victim of APP fraud. I was sucked in, genuinely believing I was talking to the Fraud Team at my bank as the Fraudster knew about a previous compromise on my account.
I have had money taken from my account and my credit card used to the max. My bank are refusing to refund me or help me get my money back as they say I didn’t do enough to ascertain that the fraudster worked for them.
I’ve tried contacting the companies where the transactions were made and they want my bank to contact them to stop payments etc, but my bank is refusing to do this as in their eyes the transactions were authorised. I certainly didn’t knowingly authorise money to be taken from my account.
Any advice would be greatly appreciated. Please be kind, I’ve had enough sleepless nights already.

eskbanker

Office10 wrote: »

I have recently been a victim of APP fraud. I was sucked in, genuinely believing I was talking to the Fraud Team at my bank as the Fraudster knew about a previous compromise on my account.
I have had money taken from my account and my credit card used to the max. My bank are refusing to refund me or help me get my money back as they say I didn’t do enough to ascertain that the fraudster worked for them.

Was this all before or after 28 May?

A new code of conduct came into force then, under which participating banks should refund genuine APP scams, although it's not a completely blank cheque, so if your bank (which one is it btw?) has reasonable grounds to decline a claim then it will - what's the full story? Maxing a credit card as well as emptying a current account is an unusual twist and I can see why that would be seen as suspicious....

Office10 wrote: »

I’ve tried contacting the companies where the transactions were made and they want my bank to contact them to stop payments etc, but my bank is refusing to do this as in their eyes the transactions were authorised.

APP scams typically involve one-off direct payments and these won't normally be reversible unless there's evidence of fraud (and if there's still money in the destination account, which there usually won't be).

Office10 wrote: »

I certainly didn’t knowingly authorise money to be taken from my account.

I'm afraid you did if it was an APP scam, as that's the whole point of them (and that's what the A stands for), i.e. you do authorise money to be taken from your account, even if its destination isn't what you'd anticipated.

Edit: I was looking to link to the actual APP scam code of conduct last night but it was inaccessible then and still is today. It's published at https://appcrmsteeringgroup.uk/wp-content/uploads/2019/02/APP-scams-Steering-Group-Final-CRM-Code.pdf and when available includes definition of the circumstances under which banks are able to decline a refund:

Exceptions

R2 (1) A Firm may choose not to reimburse a Customer if it can establish any of the following matters in (a) to (e). The assessment of whether these matters can be established should involve consideration of whether they would have had a material effect on preventing the APP scam that took place.

(a) The Customer ignored Effective Warnings, given by a Firm in compliance with SF1(2), by failing to take appropriate action in response to such an Effective Warning given in any of the following:

(i) when setting up a new payee;
(ii) when amending an existing payee, and/ or
(iii) immediately before making the payment

(b) From [DATE TBC], the Customer did not take appropriate actions following a clear negative Confirmation of Payee result, where the Firm complied with SF1(3) or SF2(2), and those actions would, in the circumstances, have been effective in preventing the APP scam;

(c) In all the circumstances at the time of the payment, in particular the characteristics of the Customer and the complexity and sophistication of the APP scam, the Customer made the payment without a reasonable basis for believing that:

(i) the payee was the person the Customer was expecting to pay;
(ii) the payment was for genuine goods or services; and/or
(iii) the person or business with whom they transacted was legitimate.

(d) Where the Customer is a Micro-enterprise or Charity, it did not follow its own internal procedures for approval of payments, and those procedures would have been effective in preventing the APP scam;

(e) The Customer has been grossly negligent. For the avoidance of doubt the provisions of R2(1)(a)-(d) should not be taken to define gross negligence in this context.

R2 (2) In assessing whether a Customer should be reimbursed or not, Firms should consider

(a) whether the acts or omissions of Firms involved in trying to meet the Standards for Firms may have impeded the Customer’s ability to avoid falling victim to the APP scam

(b) whether, during the process of assessing whether the Customer should be reimbursed, the Customer has acted dishonestly or obstructively in a material respect

18cc

Not sure if I am right on this and maybe other can help but as far as the credit card use is concerned it should be treated differently (as it is CREDIT) and if they are fraudulent transactions then you should have no problem getting those refunded.

Office10

The credit card team at the Halifax are being extra unhelpful. I have contacted the companies involved with the transactions involved and a few of them are willing to help and cancel the transactions if my bank contacts them. The Halifax are point blank refusing to do this.
The fraudster told me she was from the Halifax Fraud team and even knew about a previous compromise on my account from before, so I had no reason to disbelieve her at the time. She told me she was removing the transactions, when in effect, she was actually getting me to authorise payments. I understand it’s not the banks fault, I just don’t understand why they won’t help me.

eskbanker

I still don't really understand exactly what happened here.

As far as I'm aware, APP scams usually entail money being transferred from current accounts to transient accounts operated by fraudsters, who will then empty them sharpish and make off with their swag.

So to me, making credit card payments to traceable companies is an unusual variation and I can see why Halifax would have difficulty with agreeing this to be fraudulent given that you accept that you made the payments to numerous identifiable companies. Perhaps if you clarify which companies you paid by credit card and why they're apparently so willing to reverse the transactions it might help? What did you think you were buying?

If you've made credit card payments to companies and received nothing in return then you may be able to make Section 75 or chargeback claims stick?

Office10

I didn’t think I was buying anything. The Fraudster told me that there were various transactions on my account that they needed to secure. The Halifax sent me OP codes ( no idea what these were at the time) and she told me that these would remove the transactions from my account.
I only learned later that these codes were giving authorisation for the payments to go ahead.
I know, looking at it now, they really have had me for a fool but at the time, I was so sure I was talking to a real person from the fraud department as they knew about previous compromised cards and my details.
I understand it’s not the banks fault, I just want them to help me get my money back.

eskbanker

OK, let's put the reasoning for the payments to one side for now.

You're saying that you made multiple credit card payments to companies that you've subsequently been able to contact - what sort of companies are these and what sort of transaction values are we talking about?

Based on what you've posted, Halifax are asserting that you were negligent enough to justify them not refunding you, so they are essentially saying they have no responsibility to help you. However, it may be viable for you to use other routes such as Section 75 or chargeback to get at least some of your money back, so if you've made payments to identifiable companies without getting anything in return then this may be an avenue worth pursuing, as it doesn't seem likely that trying to get Halifax to help you will achieve anything....

masonic

I'm confused. The main thrust of this thread doesn't seem to be about APP fraud, rather it's an early example of credit card fraud involving text message confirmation. I'm unclear whether there was APP fraud as well (money transferred from bank account to fraudster's bank account), or whether all of the transactions were card payments involving a merchant?

If this is entirely card based transactions, then I'm struggling to see how the fraudster will ultimately benefit from their efforts and also remain anonymous so as not to get caught.

Office10

The Fraudster has moved some of my funds to the N26 bank and something called Worldremit. I was told at the time they were being moved to my new Halifax account. She also made various transactions to shops such as Pretty Little Things and Giglio with my credit card linked to my account. The Halifax gave me a list of the transactions and the shops involved and left it to me to contact them. Some have stopped the transactions and others can’t because the goods have been delivered. A couple are willing to refund back to my account if the bank contacts them, but my bank won’t do that for me.
I have no idea where the goods have been delivered the shops won’t tell me because of GDPR.
I thought this Was considered APP fraud? Apologies if not, it’s because the Fraudster got me to unwittingly authorise the transactions telling me they were fraudulent and asking me for the OP codes to remove them. I had no idea what OP codes were and foolishly trusted the fraudster as she seemed to be very knowledgeable.
I know this looks stupid and gullible behaviour when reading this, but at the time, I had no reason to disbelieve what she was telling me.

born_again

"I was told at the time they were being moved to my new Halifax account."

How many times has it been said that Banks DO NOT OPEN ACCOUNTS OR MOVE MONEY TO NEW ACCOUNTS DUE TO FRAUD...

Of course they knew about the previous compromise. They committed it.

Worldremit is a money transfer company.
From the sounds of this, this is NOT APP fraud, but simply card fraud.

GIven you have given the fraudster the one time pass codes for the transactions, they are within their right to refuse refunds.
S75 does not come into play on fraud.
Not sure what chargeback would cover this. Unless goods do not turn up, but if retailer can prove deliver that will be lost.

Note that where a code has been used, and it is fraud. The bank loses this money. As there is no fraud chargeback right.

All you can do is raise a complaint, that you have not been treated fairly. As this is a known type of fraud.
Then hope that the Customer relations team look at this is a different light.

eskbanker

Office10 wrote: »

The Fraudster has moved some of my funds to the N26 bank and something called Worldremit. I was told at the time they were being moved to my new Halifax account. She also made various transactions to shops such as Pretty Little Things and Giglio with my credit card linked to my account.

It sounds like two different but similar incidents - one involving bank-to-bank faster payments from your Halifax current account to N26 and Worldremit (where the money has presumably vanished without trace), and then a separate set of payments made to legitimate merchants with a credit card. If you're saying that you didn't actually make these transactions but simply provided authorisation codes then that isn't really APP as such (which would be where you made the payments yourself), but there's no real value in flogging that one to death as the label doesn't really matter. However, it's different data needed to make fraudulent transactions via two separate routes, which may be significant....

Office10 wrote: »

The Halifax gave me a list of the transactions and the shops involved

Does this mean that you don't use online banking and so weren't able to see these for yourself? I'm wondering if the fraudster has perhaps set up online banking for your account?

Office10 wrote: »

Some have stopped the transactions and others can’t because the goods have been delivered. A couple are willing to refund back to my account if the bank contacts them, but my bank won’t do that for me.

I presume they're referring to the usual fraud processes whereby if you report unauthorised transactions to your bank, they'll reclaim the funds from the merchants if they believe you're an innocent party, but as they believe you're complicit in this, Halifax won't cooperate.

Office10 wrote: »

I have no idea where the goods have been delivered the shops won’t tell me because of GDPR.

Have you reported this to Action Fraud yet? I don't think it's particularly common for the police to pursue low-level financial fraud like this but they certainly won't if they don't know about it.

Office10 wrote: »

I had no idea what OP codes were

It's not a term I'm familiar with and I suspect you're referring to OTPs, i.e. One-Time Passcodes, which are used by many banks to authorise new payees being added and/or online transactions. It's not really a surprise that Halifax would consider your relaying of these codes as being negligent, it's much the same as disclosing your PIN - I've had them from Santander with suitably unambiguous wording: "OTP to MAKE A (NEW) PAYMENT of £x to account ending nnnn. Please call us if this wasn't you. NEVER share this code, not even with Santander staff".