Banks must not be handed chance to rewrite the rules on fraud reimbursement 

Almost three quarters of complaints about how banks treat victims of authorised payment fraud are upheld, prompting fears that consumers will see a drastic drop in protection if firms are allowed to rewrite the rules on bank transfer scam reimbursement.


In 2020/21, the Financial Ombudsman Service (FOS) upheld 73 per cent of cases for authorised fraud. This is a significant increase on the uphold rate of 57 per cent for fraud and scams cases overall, and 32 per cent of all complaints made to the FOS.

Around 90 per cent of authorised fraud complaints were about bank transfer scams – also known as authorised push payment (APP) fraud – which occur when someone is tricked into transferring money to a bank account operated by a scammer.

Back in 2019, banks helped to create a voluntary industry code, which commits signatories to return money where the customer was not at fault, but decisions published by the FOS show some banks are unfairly denying reimbursement to victims of fraud.

Which? has seen evidence from case studies that show some banks are setting the bar unreasonably high when it comes to the steps scam victims are expected to have taken when making a payment in order to be eligible for the reimbursement of their losses – effectively demanding that they should have acted as financial detectives to reduce their risk of being scammed.

Decisions from the Financial Ombudsman and a recent review of the code by the Lending Standard Board are consistent with the consumer champion’s view.

In one instance, a Nationwide customer was initially denied reimbursement for £53,500 after failing to spot a fraudster had subtly changed one digit of their solicitor’s email address and tricked them into sending money to their account.

The FOS said it wasn’t realistic for firms to expect customers to look out for tiny discrepancies in an email address, such as in this case where an ‘i’ rather than an ‘l’ came at the cost of tens of thousands of pounds, and resulted in a house purchase falling through.

In another, a Santander customer was wrongly denied reimbursement for £2,299 after booking flights on the premise that he was booking through a travel company but was duped by a fraudster.

The criminal was operating a sophisticated con by providing convincing fake documents such as an ATOL certificate and a flight schedule, to the extent that the FOS said it was reasonable for the customer to believe he was dealing with a legitimate operator.

These are just two of numerous examples of how banks’ application of the code is riddled with chronic problems, and highlight how victims are still not getting the safeguards they need to protect against a crime that can cause financial and emotional devastation – nearly five years after Which? submitted a super-complaint on the issue.

The Payment Systems Regulator (PSR) has put forward proposals to reform how consumers should be protected against APP scams. Astonishingly, despite clear issues with how banks are treating customers when they fall victim to this crime, one of the options currently on the table is to let firms rewrite the rules on when a consumer is entitled to reimbursement, subject to approval by the regulator.

Appearing at a Treasury Committee hearing today, Which? will argue that taking such an approach would be an abdication of responsibility by the regulator and a demonstration that it has not learned the lessons of its approach over the past four years.

More than £700,000 is being lost to bank transfer scams every day, but less than half of the money lost to this type of crime is currently returned to victims, with banks routinely blaming customers for falling for what can be highlighly sophisticated crimes.

Instead of asking banks to rewrite the existing rules they are unwilling to follow, Which? believes the right option to address the serious shortcomings of bank transfer scam protections is for the PSR to take forward its alternative proposal to require all firms to reimburse customers who have acted appropriately. This would abolish the reimbursement lottery that leaves a victim’s chances of getting their money back dependent on where they bank.

Introducing this requirement into the rules of Faster Payments and Bacs, with effective enforcement by the PSR, will ensure that consumers are treated fairly and consistently. This would mean that standards of protections for this type of scam will be similar to unauthorised fraud, such as when a consumer loses money after their identity is stolen, where there are clear expectations on when customers should get their money back.

This route requires the regulator to be granted powers from the Treasury in order to take action, so it should proactively work with the government to secure them without delay.

The consumer champion also believes greater transparency about how firms are handling cases of bank transfer fraud is needed, so customers can clearly see how their bank chooses to treat victims of crime and how well they are tackling bank transfer fraud.

As the majority of the industry has failed to share any information about how they handle bank transfer scam cases, the regulator should now force them to do so.

Gareth Shaw, Head of Money at Which? said:

“The evidence that the bank transfer scams code is not being applied consistently or fairly by firms is overwhelming, and it is unacceptable for so many victims of crime to be abandoned when they turn to their bank to try and get their money back.

“As a result, for the regulator to suggest that protections could be improved by putting banks in control of rewriting the rules on reimbursement is astonishing.

“The PSR must scrap this idea and take matters into its own hands by writing the new rules, making it mandatory for all firms to reimburse victims when they are not at fault.”


Case studies


  • A Nationwide customer was tricked into sending £53,500 to an account that she thought belonged to her solicitor but was actually controlled by a fraudster, who had managed to impersonate the solicitor via email. The email from the fraudster contained one different digit to the genuine solicitor’s email – an ‘i’ rather than an ‘l’. As a result of the scam she’d lost the property purchase. Nationwide explained that it said it has provided a clear warning to the customer about the specific scam risk which subsequently materialised, and recommended an action which, if taken, would’ve prevented the scam. The FOS said it wasn’t realistic for firms to expect customers to look out for tiny discrepancies in an email address, and disagreed that the customer ignored effective warnings or that she made the payments without a reasonable basis for belief that she was paying her solicitor. It said the customer should be reimbursed.


  • A HSBC customer was scammed out of £600 after completing a bank transfer to buy a bracelet from an online marketplace that never arrived.  HSBC initially offered £300 reimbursement but did not offer the full amount because it said she could have taken more responsibility and made checks before making the payment.

It said the price of the bracelet was “too good to be true” and it wasn’t bought from a reputable website. The FOS response pointed out that the online marketplace is owned by a multinational business, while there was no suggestion in the advert for the bracelet that it was brand new, so it wasn’t fair to compare the price to the cost of a similar new item. The FOS declared that the victim, aged 73 and a customer of the bank since she was 16, should be reimbursed in full.


  • A Santander customer who lost a total of £2,299 over two payments after booking flights on the premise that he was booking through a legitimate travel company, which was actually being impersonated by a scammer. The fraudsters provided false documents which were very similar to what the genuine travel company would issue, such as an ATOL certificate and a flight schedule. Santander provided only partial reimbursement initially, although the FOS told the bank to refund the customer in full as the customer had a reasonable basis for believing that the transaction was legitimate.




  • Financial Ombudsman Service Annual Complaints Data and Insight 2020/21

  • Authorised fraud includes Authorises push payment and plastic card fraud, where the consumer is tricked into making a payment using their credit/debit card as opposed to a bank transfer. The fraud and scams category includes all types of fraud including chip and PIN disputes, cash not dispensed from ATMs, ID theft and online transfers.

  • Richard Piggin, Head of External Affairs at Which?, will be giving evidence to the Treasury Committee Financial Crime inquiry at 10.30am on Thursday 8 July

  • Authorised push payment scams – call for views

  • A Santander spokesperson said: “Protecting our customers from fraud is a top priority for everyone at Santander and we have the utmost sympathy with victims. We were one of the original participants in the Contingent Reimbursement Model Code and we continue to fully support its purpose.”

  • A Nationwide spokesperson said: “We are sorry that our member has been a victim of a scam.  Although we did provide a digital warning before she made the transaction, we accepted the FOS’ decision and  have reimbursed the member for the full amount lost as a result of this scam. We would urge anyone who is even slightly concerned about the risk of being scammed to please get in touch with their bank or building society before making a payment. It could be the difference between losing their money or not.”

  • A HSBC UK spokesperson said: “Protecting customers from fraud is an absolute priority for us and we work hard to deliver on our commitments under the CRM Code. We independently review every scam case in line with the guidance set out in the code to determine whether a customer has done enough to protect themselves from being a victim. We act with empathy and understanding when investigating a case and aim to ensure fair and reasonable outcomes for all customers.”

Press Release