Millions potentially still vulnerable to devastating bank transfer scams, warns Which?

8 August 2019

Almost half of the UK’s major banks and building societies still haven’t signed up to vital new fraud protections – leaving millions of customers at risk of losing life-changing sums of money to bank transfer scams.

A voluntary industry code, which came into force on 28 May, should bring greater protection against transfer fraud – which cost consumers £228.4 million last year – and make it easier for scam victims to get their money back.

However, Which? can reveal that 12 of the 27 main banks and building societies have not yet signed up to these important new standards.

Nine of the providers – Bank of Ireland, Citibank, Clydesdale Bank, Monzo, Post Office Money, Tesco Bank, Co-Operative Bank, Virgin Money, and Yorkshire Bank – say they are working to become a signatory to the code.

Alarmingly, none of the banks gave a definitive date for when they would sign up – except for Monzo, which said it was working towards implementing the code by the end of July, but at the time of writing, had yet to do so.

Meanwhile, Danske Bank, First Trust Bank and N26 are assessing what becoming a signatory involves.

In contrast, TSB has gone beyond the requirements of the code by introducing its fraud guarantee, which promises to refund any innocent victim of a scam.

Last year, only £42.3 million of the money lost to these scams was returned – less than a fifth of the total – meaning countless victims were left out of pocket.

The publication of the code marked a significant step forward in the fight against bank transfer fraud, which is why it is so alarming that a number of banks are still yet to sign up.

Under the new rules, any victim deemed to have lost money through no fault of their own should receive their money back.

Signatories to the code account for over 85 percent of authorised push payments, which make up the vast majority of the 218.5 million faster payments that were made last month.

Although official figures do not separate payments made by businesses, which are not covered by the code (although micro-enterprises are), from those made by consumers, it is likely that millions of payments made each month will not be covered by the new protections as a result of banks not signing up to the code.

With a staggering £434 being lost every minute to bank transfer fraud, Which? is calling for all banks to urgently sign up to the voluntary code of good practice to reassure their customers they will be protected from these types of scams.

Jenny Ross, Which? Money Editor, said:

“People’s lives are being derailed every day as life-changing sums of money are lost to bank transfer fraud, so it’s incredibly concerning to see so many banks not yet signed up to this vital code.

“If the code is to deliver results for victims of fraud, all providers need to now urgently work towards implementing it – any more time wasted could result in millions more being lost as a result of this devastating crime.”

Notes to editors

In 2018 £228m was lost (UKF figures) to authorised push payments from personal accounts, in 78,215 cases (averaging £2,915 each). This equates to £19m per month, £625k per day, £434 per minute and £7 per second.

Voluntary code:

“12 out of 27 of the 27 main banks and building societies have not signed up to the code” – Correct as of 1 July. And unchanged as per Lending Standards Board information: https://www.lendingstandardsboard.org.uk/contingent-reimbursement-model-code/#firms-that-have-signed-up-to-the-code

The APP Steering Group states that signatories to the code account for 85 percent of authorised push payments, meaning 15 percent will not be covered.

The voluntary code of good practice aims to better protect customers and reduce the occurrence of APP fraud, it sets out the agreed principles for greater protection of consumers and the circumstances in which they will be reimbursed. Under the code any customer of a bank or other PSP signed up to the code who falls victim to an APP scam will be reimbursed providing the customer did everything expected of them under the code.

Payment service providers that sign up to the code will commit to:

protecting their customers, including procedures to detect, prevent and respond to APP fraud, with a greater level of protection for customers considered to be vulnerable to this type of fraud; and
preventing accounts from being used to launder the proceeds of APP fraud, including procedures to prevent, detect and respond to the receipt of funds from this type of fraud.

Press Release