Economy & Policy

September 2016: banks implored to halt fraud epidemic. September 2017: new victims come forward every day

Ayear after a “super-complaint” was made to financial regulatorsabout the epidemic of bank transfer fraud, customers are still being swindled out of their life savings on a regular basis.

Last September Which? submitted its super-complaint to the Payments System Regulator in an attempt to force banks to do more to protect victims of “push payment”, or bank transfer, scams.

It called for a formal investigation into the scale of the problem and called on the regulator to shift more of the liability to the banks in such cases.

Which? said it believed banks’ failure to assist customers arose from the fact that – unlike in other forms of fraud – its is customers who bear the losses incurred in transfer fraud.

‘We were told the prospects of recovery were virtually nil’

Jeanne and Peter Strang are just two of the fraud victims told by their bank that it would not take responsibility for their loss because the transfer was “authorised”.

The couple, both in their eighties, had £40,000 stolen by a fraudster who posed as an employee from their bank, RBS. Mr Strang questioned why RBS’s systems hadn’t picked up the unusual transactions.

“Two £20,000 payments on two consecutive days should have rung alarm bells,” he said.

A year on from our super-complaint, people are still at risk of losing life-changing sums of moneyGareth Shaw, Which?

The couple received a phone call at their London home one afternoon in March.

The caller convinced Mr Strang that his money was at risk and that he needed to move it to a safe account. He was told to enter his RBS card in his card reader and transfer £20,000 of his savings.

The next day the fraudster called again and asked Mr Strang to transfer another £20,000. This time he said he suddenly felt uneasy and called RBS.

The bank found that the money had been drained immediately from the account and Mr Strang said he was told the “prospects of recovery were virtually nil”.

The state-backed bank said it was “unable” to give Mr Strang a refund as he had authorised the payment using his card reader, card and security details.

Mr Strang countered that he had not willingly made the payment but had been “used” by a fraudster who abused his banking facilities.

The Strangs were tricked into transferring £40,000 to a fraudster posing as an RBS employee

The Strangs have complained to the bank and the financial ombudsman, the free resolution service, on the grounds that they did not act negligently and that RBS’s systems should have detected the unusual payments.

‘Why didn’t NatWest check the payee’s name?’

Agi Gamski was also told by her bank, NatWest, part of RBS, that it would not be refunding the £73,759 she paid to a fake supplier after her company’s email system was hacked.

However, she argued that if the bank had cross-checked the name of the payee and the account details, the money would not have ended up in the wrong hands.

Ms Gamski received a legitimate-looking invoice from a bogus company that claimed to be a supplier to the construction firm she worked for.

The payment was made by bank transfer in early July but Ms Gamski, 45, discovered the ruse only after she was alerted to the email hack separately a week later.

She contacted the real supplier, which said it had yet to be paid.

She called NatWest and said she spent hours on the phone being passed between departments. Eventually she was told the money was gone.

She said: “The banks don’t have to do anything to help because they are not obliged to refund us.

“They have the technology to cross-check names and account numbers, but they don’t. They push us towards making bank transfers but fail to put protective measures in place.”

NatWest said it was unable to refund Ms Gamski as the payment had been authorised but had contacted the recipient banks when it was alerted to the scam to try to recoup the funds.

What has happened over the past year?

Over the past 12 months this newspaper has repeatedly questioned banks and other financial services firms over their failure to prevent fraud or assist victims.

Telegraph Money has called for names and account numbers to be cross-checked to prevent the money going to fraudsters who pose as individuals and for banks to ensure that specialist fraud teams are available outside working hours.

This newspaper has also questioned why large and unusual transactions are not being flagged up by banks’ computer systems, why banks are not taking responsibility for allowing fraudsters to open bank accounts and why victims end up caught between systems of different providers that refuse to communicate.

No organisation appears to keep records of how many people are affected by bank transfer fraud each year – something Telegraph Money continues to press for – but we know that the numbers are large.

More than 650 victims, who collectively lost more than £5.5m, got in touch with Which? in just two weeks in November.

But a year after the financial regulator was alerted to the industry’s failings, no remedy has been implemented.

UK Finance, which represents the banking industry, said it was still working to “identify and collate data” to understand the scale of “push payment” fraud.

Its findings will be published later this autumn, when “best practice standards” will also be introduced across the industry.

Specially trained staff will handle all cases of bank transfer fraud and deal with communication between the victim’s bank and the fraudster’s.

Ways to verify the name of the account to which a transfer is made, known as “confirmation of payee”, are also being considered.

However, UK Finance said it would be difficult to implement as banks were not able to share this data easily. There are no plans to reimburse victims who are tricked into making payments.

UK Finance said that if a consumer authorised a payment, even if they were conned into doing so, the liability was theirs, not the bank’s.

Gareth Shaw of Which? said the industry’s proposals were “steps in the right direction” but the regulator now needed to set out how the industry could tackle the problem.

“A year on from our super-complaint, people are still at risk of losing life-changing sums of money,” he said.

“Data sharing between banks and best practice standards must be agreed and adopted across the industry to make sure consumers are protected.”

The PSR said it will publish its report in November which will include its thoughts on what should happen next.

Katy Worobec, head of fraud at UK Finance, said: “Banks want to do more but are constrained by current legislation.”

Telegraph Money has heard from countless victims of bank transfer scams in the past year who have been left out of pocket.

Peter Zaffiro spent almost £2,000 on nonexistent rugby tickets, while Lesley Thompson paid £3,000 to fraudsters as part of an elaborate grant scam.

Andy Eggleston lost £19,000 after a fraudster posed as him over emailand asked his personal assistant to make a payment to a Barclays account, in line with requests he often made.