APP Scam - advise needed on how to get bank to reconsider

njb1001

One of my parent's (a pensioner of nervous disposition) has fallen victim to an APP Scam. They have lost a substantial amount of money. The fraudster called them and after many hours of gaslighting, they got teamviewer installed and then helped create transfers out of their accounts. The bank has rejected the claim saying that the parent authorised it, so it is their fault. We do have a crime number from Action Fraud / Police and will escalate to the Ombudsman if necessary.

My question: Are there "magic phrases" or "magic words" that I should use in the complaint about the bank's rejection of the claim? I would like to get them to rethink and reverse their decision immediately, rather having the stress of following up with a lawyer and the ombudsman.

My inital thought is to query the bank's assessment of:
- a vulnerable customer
- the bank's security and times when they missed clues that my parent was being pressured,
- their ineffective generic text message received in a high-stress situation.

Has anyone heard of incidents when the bank reversed their decision and if so, why did the bank agree to reverse?

colsten

I have no suggestions on how you can try to talk the bank into paying up.

I would suggest, though, that you / your parent urgently consider a Power of Attorney as it is clear that the parent requires help with their financial affairs.

mazzetti

I thought the banks were required pretty much automatically to repay victims of app scams these days unless gross negligence has been proven ?

Have your parents made a formal complaint to the bank - if not then that is the next step.

Chino

njb1001 said:

My inital thought is to query the bank's assessment of:
- a vulnerable customer

As you knew your parent to be "vulnerable" - whatever that means - what steps had you taken to prevent your parent from falling victim to scams such as this?
The logical consequence of what you appear to want to argue is for banks to have control of their customers' deposits. I, for one, don't want that. If I want to pay money to a fraudster, that's my prerogative.
Of course, why it is that fraudsters appear to be able to pass banks' KYC processes with ease when genuine customers are required to dig up their dead relatives from the grave to prove identity is another matter.

eskbanker

njb1001 said:

The bank has rejected the claim saying that the parent authorised it, so it is their fault.

Seems a self-defeating argument - any authorised push payment scam inherently involves the customer giving authorisation, the clue is in the name!  The voluntary APP scam code (assuming their bank has signed up to this?) specifically mentions "An authorised push payment will include a payment where, as part of giving consent for a specific payment, a Customer shares access to their personal security credentials or allows access to their banking systems such as online platforms or banking apps for that payment to be made".

However, it'll be important when challenging the bank's decision to identify exactly what their line of argument is in terms of the specific reason(s) for declining reimbursement:

R2(1) A Firm may choose not to reimburse a Customer if it can establish any of the following matters in (a) to (e). The assessment of whether these matters can be established should involve consideration of whether they would have had a material effect on preventing the APP scam that took place. 

(a) The Customer ignored Effective Warnings, given by a Firm in compliance with SF1(2), by failing to take appropriate action in response to such an Effective Warning given in any of the following: 

(i) when setting up a new payee; 

(ii) when amending an existing payee, and/ or 

(iii) immediately before making the payment 

(b) From [DATE TBC], the Customer did not take appropriate actions following a clear negative Confirmation of Payee result, where the Firm complied with SF1(3) or SF2(2), and those actions would, in the circumstances, have been effective in preventing the APP scam; 

(c) In all the circumstances at the time of the payment, in particular the characteristics of the Customer and the complexity and sophistication of the APP scam, the Customer made the payment without a reasonable basis for believing that: 

(i) the payee was the person the Customer was expecting to pay; 

(ii) the payment was for genuine goods or services; and/or 

(iii) the person or business with whom they transacted was legitimate. 

(d) Where the Customer is a Micro-enterprise or Charity, it did not follow its own internal procedures for approval of payments, and those procedures would have been effective in preventing the APP scam; 

(e) The Customer has been grossly negligent. For the avoidance of doubt the provisions of R2(1)(a)- (d) should not be taken to define gross negligence in this context.

njb1001 said:

My inital thought is to query the bank's assessment of:
- a vulnerable customer
- the bank's security and times when they missed clues that my parent was being pressured,
- their ineffective generic text message received in a high-stress situation.

Not convinced there's a huge amount of mileage in the first point, unless the bank were demonstrably advised of some specific vulnerability (i.e. not just assuming that elderly = vulnerable) and correspondingly agreed some extra controls to handle their banking business differently.  What reasonable improvements do you feel there could have been with their security practices and text wording that you believe would have made a difference had they been in place?

colsten

which bank are we talking about, btw?

born_again

njb1001 said:

One of my parent's (a pensioner of nervous disposition) has fallen victim to an APP Scam. They have lost a substantial amount of money. The fraudster called them and after many hours of gaslighting, they got teamviewer installed and then helped create transfers out of their accounts. The bank has rejected the claim saying that the parent authorised it, so it is their fault. We do have a crime number from Action Fraud / Police and will escalate to the Ombudsman if necessary.

My question: Are there "magic phrases" or "magic words" that I should use in the complaint about the bank's rejection of the claim? I would like to get them to rethink and reverse their decision immediately, rather having the stress of following up with a lawyer and the ombudsman.

My inital thought is to query the bank's assessment of:
- a vulnerable customer
- the bank's security and times when they missed clues that my parent was being pressured,
- their ineffective generic text message received in a high-stress situation.

Has anyone heard of incidents when the bank reversed their decision and if so, why did the bank agree to reverse?

There are no magic words.
Were the bank aware your parent was vulnerable? 
Did your parent speak to the bank in the time frame and tell them exactly what was going on?
I have spoken to people in this situation and they have point blank refused advice given that they may/are be being scammed, even after explaining the exact situation they are in. If they are recorded as a vulnerable customer then the bank can contact the family and advise them, if not then in reality there is nothing they can do to force them not to make the payment. It is possible for the bank to call police or social services to visit the person if seriously worried, but that is usually if someone is there in person, but that all depends on any conversation the rep has with the person.
No need for a lawyer to be involved. If your parent is not happy they can complain (not you, unless you have POA) if not resolved to their satisfaction then it can go to FOS.

njb1001

mazzetti said:

I thought the banks were required pretty much automatically to repay victims of app scams these days unless gross negligence has been proven ?

Have your parents made a formal complaint to the bank - if not then that is the next step.

That is the step that I am preparing. Thanks Mazzetti.

njb1001

Chino said:

njb1001 said:

My inital thought is to query the bank's assessment of:
- a vulnerable customer

As you knew your parent to be "vulnerable" - whatever that means - what steps had you taken to prevent your parent from falling victim to scams such as this?
The logical consequence of what you appear to want to argue is for banks to have control of their customers' deposits. I, for one, don't want that. If I want to pay money to a fraudster, that's my prerogative.
Of course, why it is that fraudsters appear to be able to pass banks' KYC processes with ease when genuine customers are required to dig up their dead relatives from the grave to prove identity is another matter.

Vulnerable is defined very loosely in the CRM code. It can mean many things. Also, I do not live in the same country, so it is not feasible for me to be so closely involved on a day-to-day basis. I was simply asking for advice. I am not asking the bank to take control, I want them to be more secure.

njb1001

eskbanker:

Yes, the sending bank is signed up to the code. The receiving bank is not.
Challenge to their decision - I am challenging for a number of reasons, including not sending a specific, personalised warning. In the situation, the coerced parent was not able to take in the message.
After flagging the initial transaction as questionable, why was the receiving bank not advised to hold the payment back?

Vunerable customer - I read the CRM code, and understood that the responsibility is on the bank to make sure a client is not vunerable.
The fact that the bank did not flag a host of abnormal behaviours during the scam makes me question their security systems.

njb1001

born_again 

Parent complained whilst the scam was in progress. Bank had ample opportunity to trace - and indeed stopped further transactions.