Bank APP scam rejection and possible lax security measures

connor0811

I wrote a letter on behalf of a family member to his bank as he was the victim of an Authorised Push Payment scam. Basically he was duped into thinking it was someone from the bank and to transfer money into a safe account, he told me straight after he’d done it and I said phone then bank immediately as it was a scam. There were circumstances that made it pretty believable it could be someone from the bank to be fair to him.
The first complaint was rejected which is what prompted me to write the letter for him, he received the decision which was rejected again with a nominal amount of compensation compared to the money lost due to the time its taken to deal with the complaint. They’ve said he doesn’t meet the criteria for the APP scam code, but the next part is the best. He also received a letter addressed to him but upon opening it it was headed to someone else, this had the same reference number as his letter. The same had happened to them as the details of the complaint are there to see the only difference is they were refunded half, then complained again and were refunded the rest plus interest! One thing I mentioned in the letter of complaint was lax security measures, surely this backs it up?

My question is, is it worth taking this further, it was a substantial amount of money for someone of his age and the position he’s in? And should I take it back up with the bank or go straight to the financial ombudsman with it? 

eskbanker

connor0811 said:

They’ve said he doesn’t meet the criteria for the APP scam code

In what way?

connor0811

eskbanker said:

connor0811 said:

They’ve said he doesn’t meet the criteria for the APP scam code

In what way?

They said he didn’t make sufficient checks to make sure the caller was from the bank.

colsten

If your family member isn't happy with how their complaint has been handled, they can escalate the matter to the FOS. They have 6 months from the bank's final response to do so.  They can also go to the FOS in the same timescale if the bank has not provided a final response within 8 weeks of raising the complaint.

eskbanker

connor0811 said:

eskbanker said:

connor0811 said:

They’ve said he doesn’t meet the criteria for the APP scam code

In what way?

They said he didn’t make sufficient checks to make sure the caller was from the bank.

If he disagrees with their conclusion then there's probably not much mileage in pursuing it further with the bank, so, assuming they've given their final response to the complaint, the next step is to escalate to FOS.  Did his bank use Confirmation of Payee at the time, as this may give the bank a reason to reject such complaints, if the account holder chose to ignore warnings about non-matching payees?

I'd suggest that data protection breaches and any other security concerns be raised as separate issues rather than trying to lump too much into one big complaint.

connor0811

eskbanker said:

connor0811 said:

eskbanker said:

connor0811 said:

They’ve said he doesn’t meet the criteria for the APP scam code

In what way?

They said he didn’t make sufficient checks to make sure the caller was from the bank.

If he disagrees with their conclusion then there's probably not much mileage in pursuing it further with the bank, so, assuming they've given their final response to the complaint, the next step is to escalate to FOS.  Did his bank use Confirmation of Payee at the time, as this may give the bank a reason to reject such complaints, if the account holder chose to ignore warnings about non-matching payees?

I'd suggest that data protection breaches and any other security concerns be raised as separate issues rather than trying to lump too much into one big complaint.

Yes they did, but they told him to ignore these warnings (naive I know but he genuinely believed it was someone from his bank), but the new account was in his name! Different sort code, I did some digging and it was the same banking company but a branch in Bluewater, which is in Kent if I remember rightly.

I’ll do them separately for him then and just make a small reference to them in other complaints.

Thank you 

eskbanker

connor0811 said:
Yes they did, but they told him to ignore these warnings (naive I know but he genuinely believed it was someone from his bank), but the new account was in his name!

I don't understand - if the dodgy account was in his name there wouldn't be any CoP warnings?  Fraudsters being able to open an account in your relative's name is suspicious though, so that will be worth pursuing....

Edit: the lax security measures may be directly relevant after all, if they contributed to a fraudulent account being opened in his name, so it may make sense to incorporate these into the same complaint after all, although the data protection issue is probably best kept separate IMHO.

naedanger

The important point is to follow the complaint process to the end. In other words follow the bank's process until they say that their response is final. At that point you can, and should, take your complaint to FOS. 

Some reading:
https://www.financial-ombudsman.org.uk/consumers/complaints-can-help/fraud-scams

https://www.thisismoney.co.uk/money/beatthescammers/article-8384311/Thousands-fraud-victims-complained-Financial-Ombudsman-year.html
From the second link "According to its figures, 11,383 complaints were resolved in 2019-20, 58 per cent of which were upheld in favour of consumers, [my emphasis] suggesting nearly three in five are wrongly being turned away for refunds."

colsten

naedanger said:

The important point is to follow the complaint process to the end. In other words follow the bank's process until they say that their response is final, or 8 weeks have elapsed from date of complaint. 

Don't have to wait for final response if the bank take their time

connor0811

eskbanker said:

connor0811 said:
Yes they did, but they told him to ignore these warnings (naive I know but he genuinely believed it was someone from his bank), but the new account was in his name!

I don't understand - if the dodgy account was in his name there wouldn't be any CoP warnings?  Fraudsters being able to open an account in your relative's name is suspicious though, so that will be worth pursuing....

Edit: the lax security measures may be directly relevant after all, if they contributed to a fraudulent account being opened in his name, so it may make sense to incorporate these into the same complaint after all, although the data protection issue is probably best kept separate IMHO.

He got a text message from the bank which told him to contact them if he didn’t make this payment, but on his online banking it was shown as paying to an account in his name. I know you can put different names in on online banking and a warning may come up about it not matching the actual name on the account, it may of I’ll get clarification from him of this, but on the online banking once the payment had gone through it still shown as his name, wether this is relevant or not I don’t know. They also said it was an immediate payment, but the banking app says it was the day after.

I’m shocked that the fraud measures didn’t pick up such a large amount being sent to an account elsewhere, as when I made an irregular but legitimate transaction in the past, the bank (I’m with the same one funnily enough) got in touch to make sure it was me making the transaction and it wasn’t some form of scam if it was me, I presume they held it in pending or something until I confirmed and it was no where near the sum we’re talking about here.

Again, thank you for replying  

eskbanker

connor0811 said:

He got a text message from the bank which told him to contact them if he didn’t make this payment, but on his online banking it was shown as paying to an account in his name. I know you can put different names in on online banking and a warning may come up about it not matching the actual name on the account, it may of I’ll get clarification from him of this, but on the online banking once the payment had gone through it still shown as his name, wether this is relevant or not I don’t know. They also said it was an immediate payment, but the banking app says it was the day after.

The fact that it's shown that way only signifies that he entered that as the payee name (or maybe a nickname or reference, depending on the bank's online platform), but doesn't reflect the actual name on the account at the other end.

It will be relevant to get to the bottom of this - if the target account really was in his name then serious questions need to be asked of the bank's security processes (although names obviously aren't unique) but he wouldn't have had a CoP warning and so shouldn't be held responsible for paying to the wrong account.  On the other hand, if the target account wasn't in his name, then he'd have received a CoP warning and presumably ignored it, which thereby gives the bank the opportunity to decline his claim.

connor0811 said:

I’m shocked that the fraud measures didn’t pick up such a large amount being sent to an account elsewhere, as when I made an irregular but legitimate transaction in the past, the bank (I’m with the same one funnily enough) got in touch to make sure it was me making the transaction and it wasn’t some form of scam if it was me, I presume they held it in pending or something until I confirmed and it was no where near the sum we’re talking about here.

Many who've been scammed express the same view, but the bank aren't actually responsible for stopping all such transactions and so can't be relied on to act as a safety net.


On a wider point, does the fact that you're dealing with this for him signify that he's vulnerable in some way?  If so, then the bank should be able to impose stronger checks if they're advised of this....