There has been a huge increase in Authorised Push Payment (APP) scams through mobile or online banking.
This is where a scammer convinces someone to transfer money to the scammers account – usually by pretending to be a bank employee or Police officer.
Previously, the banks used to treat victims of these scams as being to blame and therefore having to take the financial loss themselves.
Then, some time ago, the largest banks and building societies signed up to a new voluntary code that sets standards for how they should treat victims of APP scams.
However, Which? has raised concerns about the way banks interpret the new code and how in some cases they are trying to shift the blame back onto customers.
e.g. The case of Miss P.
A caller to Miss P. told her that she had won a loyalty bonus worth £35 off her next BT bill and quoted the full details of her bank card as well as her full name and address ‘to confirm her eligibility’. Although she shared no sensitive data over the phone, this laid the groundwork for the second stage of the scam.
A few days later, she received a call from the ‘National Crime Agency’ warning her that £400 had been taken from her account due to a series of scams involving BT and complicit banks. The caller explained that the authorities knew she had been targeted only days before by a caller pretending to be from BT.
They then asked her to help with their investigation into her local bank branch, by moving her money to a ‘safe account’. She agreed and, as instructed, printed off an email that appeared to confirm the opening of this safe account – with Clydesdale Bank – in her name. In reality, this account was controlled by the criminals.
Miss P then visited her nearest branch to transfer £30,000 from her account, telling them that she wanted to move the money so that her savings weren’t all in one place, as she was coached to say.
Lloyds says staff followed the correct procedures, as per the Banking Protocol – a rapid response scheme through which branch staff can alert police and Trading Standards to suspected frauds.
Nothing gave the bank cause for concern. However, Miss P says no concerns were raised or questions asked. It was only the following day when she attempted to move more money from her account, that staff blocked the payment and became concerned about a potential scam.
Lloyds initially refused a refund because ‘she didn’t take steps to verify the identity of the cold caller’.
Under the APP code, banks and their customers must take steps to prevent APP fraud, but if both parties have met the standards set out in the code, there is a ‘no-blame fund’ that banks can use to reimburse innocent victims.
The code also states that firms should provide a greater level of protection for customers who are considered vulnerable to APP scams and these customers should be reimbursed regardless.
Lloyds has since decided to reimburse the full amount.
It is best to take care before instructions from anyone on the phone, even if they do know some of your financial details. Always verify who is calling you by checking with their company at a phone number you find independently.
If you have any experiences with phishing scams do let me know, by email.