Money not refunded by bank after I was mugged

SoftCell68

I was a victim of a savage beating where I had my watch and phone stolen. I was forced to give my passcode to open the phone at the risk of being stabbed. 
I was finally able to get away and drive home, where ambulance & police were notified. I was taken to A&E. 
After leaving hospital the next day, I was made aware that the thieves had got into my banking app & at 12:19am transferred £5500 from my account. At 12:39am they transferred £4000 and finally at 03:54am they transferred a further £1200. Making a total of 10,700.00 All three transactions to different banks!
Obviously as I was in hospital I was unable to report this immediately but did so as soon as I noticed when released from A&E where I was receiving treatment for a fractured eye socket.
It is now 21st of February and I am still waiting to hear back from my bank (The Co Operative) regarding refunding my money.
I am obviously concerned that the only security checks to these large withdrawals in the early hours may have been a text message to ask me to confirm if this was me. Obviously as they had my phone they would have simply replied yes.
Is it not obvious that the bank should have prevented these withdrawals as they were obviously suspicious? The police have later informed me that the accounts that my money was sent to are  involved in scams & what appears to be organised crime,
Am I going to get my money back? Will I only be getting it back after appealing to the FSA?
Currently I have to wait for the bank to get back to me & the stress is unbearable.
Any help?

MorningcoffeeIV

SoftCell68 said:

Is it not obvious that the bank should have prevented these withdrawals as they were obviously suspicious? 

No, it's not obvious because they weren't obviously suspicious. They checked the transactions and got a positive response.  In the vast majority of cases, the transaction would have been genuine. 

At this stage, wait for the bank's response. If you end up needing to take it further, it's not to the FSA as they no longer exist and didn't ever deal with customer complaints. You want FoS.

But exhaust the bank's procedure first.

born_again

You will just have to let them finish their invistigation. 
With a police report of the attack, it should not be a issue.
If they do not refund, then it will be a complaint to them & FOS if it is not resolved.

 But no one here can say one way or another which way it will go. 

DullGreyGuy

Goes to show why you shouldn't use the same PIN for multiple things too!

 Given you were fit to drive and inevitably would have had a wait for an ambulance it's unfortunate that you didnt activate any of the remote security features on the phone. I don't know on Android but certainly Apple you can remote wipe the phone but it remains locked to your appleID. Given they used a banking app on the phone it must have been connected to the internet so would have become a useless lump to them. 

Hopefully you are on the mend, it would be difficult for the bank to state you were 'grossly negligent' based on your description here and as long as there isn't more to the story that you aren't telling us. 

jon81uk

DullGreyGuy said:

Goes to show why you shouldn't use the same PIN for multiple things too!

 Given you were fit to drive and inevitably would have had a wait for an ambulance it's unfortunate that you didnt activate any of the remote security features on the phone. I don't know on Android but certainly Apple you can remote wipe the phone but it remains locked to your appleID. Given they used a banking app on the phone it must have been connected to the internet so would have become a useless lump to them. 

Hopefully you are on the mend, it would be difficult for the bank to state you were 'grossly negligent' based on your description here and as long as there isn't more to the story that you aren't telling us. 

In the newest version of iOS there is a feature to try and prevent this sort of access to bank accounts if they get access to the phone PIN Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection | WIRED
It means they need the biometrics (faceID or touchID) in addition to the PIN.

eskbanker

SoftCell68 said:

I was a victim of a savage beating where I had my watch and phone stolen. I was forced to give my passcode to open the phone at the risk of being stabbed. 
I was finally able to get away and drive home, where ambulance & police were notified. I was taken to A&E. 
After leaving hospital the next day, I was made aware that the thieves had got into my banking app & at 12:19am transferred £5500 from my account. At 12:39am they transferred £4000 and finally at 03:54am they transferred a further £1200.

Ultimately the transactions were unauthorised, even though you'd divulged the phone passcode in violent circumstances, and therefore IMHO the bank is obliged to refund you:

Your bank can only refuse to refund an unauthorised payment if:

• it can prove you authorised the payment
• it can prove you acted fraudulently
• it can prove you deliberately, or with 'gross negligence', failed to protect the details of your card, PIN or password in a way that allowed the payment
• you only told your bank about the unauthorised payment 13 months (or more) after the date it left your account 

https://www.fca.org.uk/consumers/unauthorised-payments-account

In terms of timescales, when did the attack happen and when did you report it to the police, i.e. in relation to the transaction timestamps?

SoftCell68

The attack happened late at night on 05/02/24, The police were informed of the attack when I got home (early hours 06/02/24) an officer was informed of the specific withdrawal times when he came to my house for a full statement on the 07/02/24. Upon investigation he has confirmed after liasing with my bank that the accounts where my money was sent are linked to scams and organised crime.

eskbanker

SoftCell68 said:

The attack happened late at night on 05/02/24, The police were informed of the attack when I got home (early hours 06/02/24)

I was really meaning the extent to which you have evidence that the attack had been notified to police before 00:19, 00:39 and/or 03:54 - it shouldn't make a huge difference but may strengthen your case if there's independent corroboration of the attack preceding some or all of the transactions.

SoftCell68

They didn't let me go until approx 12:30am. I was just glad to be able to get away, How I drove home I'll never know. Adrenalin I suppose. Got home approx 1am when police and ambulance were called by my partner

SoftCell68

Firstly let me assure you that I am an innocent victim of a crime here. The police have told me that there was an identical attack a week or so before at the same spot. I certainly wasn't 'flaunting my watch as you say and resent the implication that a victim is at fault for an attack.
There were not 3 separate banking apps, read my statement, I said that my money was transferred to 3 separate accounts fraudulently at 3 separate times. I was able to get home (about a 20 min drive and reported the crime. It was only after leaving hospital the next day was I able to call the bank who confirmed these withdrawals.
Let me remind you that my attackers were threatening to "slice me" and after being beaten up already I had no reason to think they weren't serious.
I would challenge anyone in the same situation where they thought they could lose their life to not give the passcode to their phone in these circumstances.
This still does not mean it was ok for my bank to not pick up on 3 large withdrawals without the flimsiest of checks. Previously when making a large withdrawal I have been told to call the bank before it could be authorised for instance.
My bank have not even called me to ask me any questions they may have. I have been treated very shoddily by them and this is only adding to my stress levels at this time.

DullGreyGuy

jon81uk said:

DullGreyGuy said:

Goes to show why you shouldn't use the same PIN for multiple things too!

 Given you were fit to drive and inevitably would have had a wait for an ambulance it's unfortunate that you didnt activate any of the remote security features on the phone. I don't know on Android but certainly Apple you can remote wipe the phone but it remains locked to your appleID. Given they used a banking app on the phone it must have been connected to the internet so would have become a useless lump to them. 

Hopefully you are on the mend, it would be difficult for the bank to state you were 'grossly negligent' based on your description here and as long as there isn't more to the story that you aren't telling us. 

In the newest version of iOS there is a feature to try and prevent this sort of access to bank accounts if they get access to the phone PIN Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection | WIRED
It means they need the biometrics (faceID or touchID) in addition to the PIN.

@jon81uk I was going to mention that too but then looked at the details and I am not convinced it helps in this scenario. 

It stops the person from being able to use the PIN to go into Wallet or Saved Passwords and stops them from being able to change your AppleID password for example. 

If however it doesn't stop the phone being unlocked by the PIN nor does it stop banking apps being loaded which if they have been setup to use the same PIN or gave them both PINs means the person can still access them.  Effectively stops breaches via Apple applications but not non-Apple ones. Lost Mode and Remote Wipe are the two protections for those and only the later if the person has the device pin