In March and April of this year, I received calls on my mobile from fraudsters claiming to be members of my bank’s fraud investigation team. They told me that my account had been hacked and that in order to flush out the perpetrators I had to transfer money as per their instructions to aid their investigation and (more threatening) not to derail a larger investigation. I ended up transferring nearly £30,000 from my Santander account to accounts with Barclays and Cash Plus Bank, both of whom took no responsibility for my loss.
I have been a victim of “authorized push payment” (APP) scams. In these scams, fraudsters contact bank customers directly, posing as the bank’s fraud investigators, police, HMRC or similar and persuade customers to transfer money (usually using real-time payment systems, such as Faster Payments) from their own accounts to accounts. with other banks. The money is then almost immediately withdrawn from the recipient’s account, in many cases abroad, and is not recoverable.
Despite action taken to tackle rising levels of bank fraud, and APP fraud in particular, the scale of the problem has continued to grow to such an extent that UK Finance, the banking trade body, has described it as amounting to national security. crisis. It is estimated that bank fraud now costs the UK economy around £1billion a year, and APP fraud accounts for the bulk of that. I got my money back, with interest, only after involving the media. Prior to this, Santander had only offered me £4,300 as a reward for what was stolen from me.
In these scams, it is easy to identify the original recipient, as the victim will be instructed, persuaded or intimidated into transferring money to a named numbered account with an identifiable bank from the sort code. These accounts, described by UK Finance as ‘money mules’, may or may not be set up in accordance with anti-money laundering and ‘know your customer’ regulations. There is evidence that many, if not most, receiving accounts are legitimate, either in the sense that the bank concerned complied with regulations and verified the identity of the account holder, not realizing that the purpose of the account is to serve as a conduit for stolen money; or, worse, in the sense that the account holder is completely innocent and unaware that their account was themselves hacked to serve as a conduit.
Too often, losses caused by APP fraud are left, wholly or partially, where they fall: with customers. Too often, banks refuse to reimburse customers on the grounds that they have ignored warnings about how to protect themselves from scams. This ignores that, legally, a bank’s duty is to act as an “ordinary and prudent banker” would act when challenged by unusual or suspicious activity on a customer’s account. , even when the payment instruction appears to have been authorized by the customer. The ordinary prudent banker does not automatically execute such an instruction without first ascertaining that the instruction is genuine and not the consequence of fraudulent misrepresentation. Banks – not only the victim’s bank, but also the “first recipient’s” bank – have systems in place to detect and interrogate suspicious transactions. Given the exponential growth of bank fraud, these systems obviously do not work effectively and the warnings about scams clearly do not go through. Although victims have the right to complain to the Financial Ombudsman Service if their bank refuses to reimburse them, the process is extremely time-consuming and adds to the distress caused to customers who may have suffered catastrophic losses. There is also no guarantee that a complaint will lead to a favorable outcome.
The question then arises: what do we do with all this stolen money which, after all, is not recovered from the fraudsters even when a victim manages to obtain total or partial compensation? Indeed, UK banks allow themselves to be used as vehicles not only for theft, but also to facilitate serious organized crime, such as drug or human trafficking and even terrorism. Perhaps this factor more than any other should compel the banks and appropriate agencies (including, for example, the National Crime Agency, the Financial Conduct Authority and HM Treasury) to fully recognize the urgency of this crisis, already so damaging to thousands of bank customers and the UK economy, and to begin to develop a coherent strategy to combat it.