A possible way to stop most push payment fraud

theoldmiser

Mnoee said:

theoldmiser said:

eskbanker said:

Doesn't sound viable to me - I think you massively underestimate the frequency of significant transfers and the cost of banks having to resource phone calls for every such occasion.

The increasing prevalence of Confirmation of Payee (not perfect but workable for most) and the voluntary code under which the banks are on the hook for 'genuine' APP scams (i.e. where the customer hasn't been reckless or negligent) seem to me to be a sensible compromise between security, convenience and cost....

As I said... you could set your OWN MAXIMUM SPEND LIMIT.

You don't think that it costs banks a huge amount of staff time to deal with push payment fraud AFTER it has occurred?

How much are staff who phone up customers paid per hour? £12? Each phone call would take, say, five minutes (to be generous), and would therefore cost the bank £1 per call.

So if everybody was given a default maximum spend limit now, generated by a computer, based on their previous years' transactions, obviously there would not be a large number of such transfers.

Say I never spend more than £1,000 (I don't) on anything more than once a year. So my maximum spend limit would be £1,000.

The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

£1 per call is too much? Most people would only get a call once a year - THEY could easily change their maximum spend limit themselves (but obviously there would have to be a maximum to THAT limit, in case a fraudster phoned them and got them to 'up' their limit to make it easier for them to defraud them.)

So then the fraudsters start their phone call with 'increase your maximum spend limit to...'? 

This would again trigger a phone call from the bank to confirm with the customer that they had NOT just been phoned up by somebody claiming to be from the bank...

wmb194

Obviously they don't capture every instance but banks already have algorithms which will put holds on transfers that are deemed unusual or out of character and ask you to call the fraud department. Over the years this has happened to me a few times, usually a first first payment of thousands of pounds to a new account. 

In addition to how annoyed customers will be, you're seriously underestimating the admin and cost burden of calling thousands and thousands of people every day. It won't work for every instance anyway because some people will still insist on making the transfer.

Mnoee

theoldmiser said:

Mnoee said:

theoldmiser said:

eskbanker said:

Doesn't sound viable to me - I think you massively underestimate the frequency of significant transfers and the cost of banks having to resource phone calls for every such occasion.

The increasing prevalence of Confirmation of Payee (not perfect but workable for most) and the voluntary code under which the banks are on the hook for 'genuine' APP scams (i.e. where the customer hasn't been reckless or negligent) seem to me to be a sensible compromise between security, convenience and cost....

As I said... you could set your OWN MAXIMUM SPEND LIMIT.

You don't think that it costs banks a huge amount of staff time to deal with push payment fraud AFTER it has occurred?

How much are staff who phone up customers paid per hour? £12? Each phone call would take, say, five minutes (to be generous), and would therefore cost the bank £1 per call.

So if everybody was given a default maximum spend limit now, generated by a computer, based on their previous years' transactions, obviously there would not be a large number of such transfers.

Say I never spend more than £1,000 (I don't) on anything more than once a year. So my maximum spend limit would be £1,000.

The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

£1 per call is too much? Most people would only get a call once a year - THEY could easily change their maximum spend limit themselves (but obviously there would have to be a maximum to THAT limit, in case a fraudster phoned them and got them to 'up' their limit to make it easier for them to defraud them.)

So then the fraudsters start their phone call with 'increase your maximum spend limit to...'? 

This would again trigger a phone call from the bank to confirm with the customer that they had NOT just been phoned up by somebody claiming to be from the bank...

How long do you think I'm able to sit around waiting for calls?! Also, any time someone claiming to be my bank calls me, I call them back from a number on their website/through the app/on the card. That's a very common measure that people take against these kind of fraudsters. Add in hold time for the hours needed already for this idea of yours to work. Thankfully I don't have to call often, as my banks have not called me in about ten years. They mostly send me secure electronic messages through their apps. 

When I try to send myself a pound from one bank, it says: FRAUD ALERT: Don't fall victim to a scam. Criminals pretend to be people you trust, like a company you'd pay bills to, the police, or even First Direct (woo, switching bonus!).... Etc. It does go on and say they'll never ask you to move money, but criminals will.

When I go to send it back from my other account, it says 'Could this be part of a scam?... A fraudster might tell you to ignore these warnings' before I've even typed in any payment details.

Literally every banking app I've used in recent years have these warnings. There are measures in place already. 

Daliah

Another unreserved "no thanks" from me for the OP's proposal, which appears to be a gigantic sledge hammer to crack the tiniest of nuts. Not that any bank would ever implement such restrictive, and costly, measures (although one or two allow you to set a lower than standard daily payment limit on your current account).

Daliah

wmb194 said:

It won't work for every instance anyway because some people will still insist on making the transfer.

Precisely. The fraudsters would definitely find a way round any regular confirmation calls by banks, such as telling the gullible victims that there is an organised crime ring which will call, pose as their bank and make them stop from getting their money into a safe account.....This kind of thing is happening already, even without the restrictive proposal by the OP.

kaMelo

Your proposals, whilst coming from the right place, completely ignores the weakest link in every APP scam, the customer. The only reason any of these scams work if because the customer allows it to, they are the reason the current system, in your eyes, isn't working. Unless you address that then nothing the banks do will make a difference to security but what it will do is make life for everyone else who moves money around unbearable.

I have never read a single case of APP fraud that didn't have big red flags waving and bells sounding at some point in the process that should have alerted the customer that they were being scammed. Despite the often repeated mantra "complex scams" they really aren't, they are all simple and with a little due diligence from the weak link, the human, would stop it every time.

dggar

Wouldn't the original poster be better off sending the proposal to the CEOs of every banking group rather than waisting time and effort on this forum

sheramber

My RBS account has a daily limit set on it. I can set it to what I want and change it when I want.A recent payment to a local contractor for work done was stopped, despite being under my daily limit. It took a hour of answering questions before the bank released the payment. 

Daliah

sheramber said:

My RBS account has a daily limit set on it. I can set it to what I want and change it when I want.A recent payment to a local contractor for work done was stopped, despite being under my daily limit. It took a hour of answering questions before the bank released the payment. 

People who are making perfectly legitimate payments are suffering unnecessary delays because a small number of other people are not able to manage their own money, and are holding the banks responsible for their own shortcomings.

If the bloke down the road leaves his front door open and gets burgled, is this a reason why you and everyone else in the street shouldn't be allowed to open your front door without the permission of the Police? Thought not. In the same way, I don't think the majority of current account holders should be restricted because a small number of people still haven't heard that their bank won't ring them with requests to move their money, and who choose to ignore the copious, prominent warnings every bank now bombards you with when you make a payment / transfer.

No, I am not victim blaming, I am just telling how it is.

MrFrugalFever

Not sure I would be too happy with this. I move in excess of £1,000 monthly quite regularly, sometimes sums of up to £10,000. 

I understand your thought process but it would be completely unreasonable from a time, resource and cost perspective.

We live in a technologically advanced digital age, there could be some mileage involved in some form of soft credit search carried out on the receiving bank for certain amounts of money being transferred (or similar checks in the background which are automated), if something untoward is detected then the payment could be put in to suspense, at which point a notification could be sent to the sender via in-app messaging or text etc.