A possible way to stop most push payment fraud

Se1Lad

I don’t think that Barclays could make it any clearer than the message that already appears.  No need to make it more complicated by adding an unnecessary phone call:

jimjames

theoldmiser said:

Mnoee said:

theoldmiser said:

eskbanker said:

Doesn't sound viable to me - I think you massively underestimate the frequency of significant transfers and the cost of banks having to resource phone calls for every such occasion.

The increasing prevalence of Confirmation of Payee (not perfect but workable for most) and the voluntary code under which the banks are on the hook for 'genuine' APP scams (i.e. where the customer hasn't been reckless or negligent) seem to me to be a sensible compromise between security, convenience and cost....

As I said... you could set your OWN MAXIMUM SPEND LIMIT.

You don't think that it costs banks a huge amount of staff time to deal with push payment fraud AFTER it has occurred?

How much are staff who phone up customers paid per hour? £12? Each phone call would take, say, five minutes (to be generous), and would therefore cost the bank £1 per call.

So if everybody was given a default maximum spend limit now, generated by a computer, based on their previous years' transactions, obviously there would not be a large number of such transfers.

Say I never spend more than £1,000 (I don't) on anything more than once a year. So my maximum spend limit would be £1,000.

The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

£1 per call is too much? Most people would only get a call once a year - THEY could easily change their maximum spend limit themselves (but obviously there would have to be a maximum to THAT limit, in case a fraudster phoned them and got them to 'up' their limit to make it easier for them to defraud them.)

So then the fraudsters start their phone call with 'increase your maximum spend limit to...'? 

This would again trigger a phone call from the bank to confirm with the customer that they had NOT just been phoned up by somebody claiming to be from the bank...

You only have to read the comments on this forum where people have had transactions blocked to see that action is being taken at the moment. Just because you haven't seen it doesn't mean it isn't taking place.

It's not for bank transfers but the system for approving credit card payments via app authorisation seems to work well - assuming you have a phone signal and data.

Admiral_Barbarossa

Not Viable, I transfer in excess of £1,000 a month without any issues between my Bank and Building Society, and vice versa as well! I do not need my bank ringing up every time I want to do this!

maisie_cat

I transferred £10k to another bank into a savings account in my name and FD tried to phone me. When they got no answer they blocked the transfer. I was impressed that they did that, so there is a system in place already as well as warnings all over the place. Frankly the easiest way to stop it is to make people prove they are financially savvy about fraud before they have the devices, but that will never happen.

eskbanker

maisie_cat said:

I transferred £10k to another bank into a savings account in my name and FD tried to phone me. When they got no answer they blocked the transfer. I was impressed that they did that, so there is a system in place already as well as warnings all over the place.

It's a good point that there are already checks in place that will block transactions that trigger the security algorithms used by each bank, but of course the value of such security measures is in their confidentiality and unpredictability, i.e. if the banks started to use defined and known thresholds then that makes such features straightforward to work around, as an earlier poster was saying.

maisie_cat said:

Frankly the easiest way to stop it is to make people prove they are financially savvy about fraud before they have the devices, but that will never happen.

That's self-contradictory though, in that this clearly isn't the easiest way to stop it, as it's arguably even less practical than OP's scheme.

Having said that, the industry does recognise the value of education, which is mentioned in the action plan published by UK Finance:

The finance industry is tackling authorised push payment scams by:

• Helping to prevent customers being duped by criminals by raising awareness of how to stay safe through the Take Five to Stop Fraud campaign.

• The implementation of an industry code for the reimbursement of victims of authorised push payment scams.

• Implementing standards to ensure those who have fallen victim to fraud or scams get the help they need as quickly as possible.

• Working with government and law enforcement to deter and disrupt criminals and better trace, freeze and return stolen funds, while calling for new powers on information sharing to allow banks to share data to detect and prevent financial crime better.

• Delivering the Banking Protocol – a ground-breaking rapid response scheme through which branch staff can alert police and Trading Standards to suspected frauds taking place. The system is now operational in every police force area and in the first six months of 2021 prevented £32 million of fraud and led to 91 arrests.

• Working with government on making possible legislative changes to account opening procedures to help the industry act more proactively on suspicion of fraud and prevent criminals from accessing financial systems.

• Exploring new ways to track stolen funds moved between multiple bank accounts.

The introduction of the reimbursement code has transformed the impact of this issue on customers, in that 61% of police/bank impersonation scams are now reimbursed, compared with 26% before it came in - the fact that the banks are on the hook for the cost inevitably focuses minds on ever better preventive measures (Confirmation of Payee being the most obvious example), but the fact that banks reimburse about £7m/month to customers impacted by the police/bank impersonation scams (which are only 18% of APP scams, contrary to OP's belief) highlights just how unrealistic OP's bizarre fantasy maths are, in that if they could eliminate their £7m/month liability while spending less (without unacceptable service impact) then of course they would....

born_again

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

The thousands of victims of push payment fraud, the police, and the banks who have to deal with all of this. If the current system was working, there would be no push payment fraud, at least, that's what I consider 'working' to mean.

I see you couldn't discuss anything else I wrote in answer to your objections...

Whatever amount you mean by "significant transfers" that are frequent - guess what - the BANKS know how often these amounts are transferred, and can set a limit - £1,000 was just off the top of my head, because most people's bank payments which are not their mortgage, are less than that amount. i.e. you go shopping, you don't spend £1,000 on food. You pay your electricity bill (guess what, this is normally done by direct debit so isn't even going to register in what I'm talking about) and it's less than £1,000. etc.

My idea would stop almost ALL push payment fraud, what exactly do you find wrong with it? Something more specific would be helpful. It could be a £2,000 limit, it would be up to the banks to set the initial maximum amount.

You could argue that if people took notice of all the warnings, in the media, from banks & police. There would be no push payment fraud. But people do not...

While it sounds like a good idea. A few pitfalls. 
1. people will not believe it's the bank calling & not answer, or they are busy. So what happens then?
2. Fraudsters know about it & ring saying they are the bank.
3. People will complain because they want their money there NOW..

Better still lets go back to the  old 3 day transfers. 

Daliah

born_again said:

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

The thousands of victims of push payment fraud, the police, and the banks who have to deal with all of this. If the current system was working, there would be no push payment fraud, at least, that's what I consider 'working' to mean.

I see you couldn't discuss anything else I wrote in answer to your objections...

Whatever amount you mean by "significant transfers" that are frequent - guess what - the BANKS know how often these amounts are transferred, and can set a limit - £1,000 was just off the top of my head, because most people's bank payments which are not their mortgage, are less than that amount. i.e. you go shopping, you don't spend £1,000 on food. You pay your electricity bill (guess what, this is normally done by direct debit so isn't even going to register in what I'm talking about) and it's less than £1,000. etc.

My idea would stop almost ALL push payment fraud, what exactly do you find wrong with it? Something more specific would be helpful. It could be a £2,000 limit, it would be up to the banks to set the initial maximum amount.

You could argue that if people took notice of all the warnings, in the media, from banks & police. There would be no push payment fraud. But people do not...

While it sounds like a good idea. A few pitfalls. 
1. people will not believe it's the bank calling & not answer, or they are busy. So what happens then?
2. Fraudsters know about it & ring saying they are the bank.
3. People will complain because they want their money there NOW..

Better still lets go back to the  old 3 day transfers. 

Why not go right back to before the Internet and online banking?

MrFrugalFever

Daliah said:

Why not go right back to before the Internet and online banking?

No thank you. People just need to learn to take greater care and responsibility. It appears that this country is fixated on blaming everyone else for their misfortune’s but themselves.

Daliah

MrFrugalFever said:

Daliah said:

Why not go right back to before the Internet and online banking?

No thank you. People just need to learn to take greater care and responsibility. It appears that this country is fixated on blaming everyone else for their misfortune’s but themselves.

My suggestion was anything but serious 😅

Wyndham

Hmmm.... I can't see it working.

The way I understand these scams is that someone rings up and says they are from the bank, and that money must be moved to a new account.

If this were me, I would put the phone down, and maybe ring the bank back on a number I trust. I'd also do that from a different phone (still have a landline!).

But this isn't me - this is someone who isn't suspicious of that initial call, and takes it at face value.

So, the call continues, and includes lots of warnings about how this is a 'secret' fraud arm of the bank, and how 'the branch' may call to check but it's really important not to say anything about this to them as 'they are all in on it'.

With the proposed system, then would also be a warning that they may call to check the transaction, but that it must be allowed through, and again, warnings not to say anything to whoever rings ('they are in on it too').

So, the call comes, from the bank, and what does the customer say? To let it through, of course.

There is a mindset with these things. They target and are successful with people who, for whatever reason, are not suspicious of the first call. And in that case, you can make as many subsequent calls as you like, but it's not going to make any difference.

The only possible advantage is that in the time between the fraud call and the real call, the victim may have stopped to think and realised it was all a bit odd (the fraudsters do make the most of a sense of urgency and issue dire warnings which scare people). But for the costs involved, and the benefit gained, I really can't see it working.