Which? is calling for vital fraud protections to be made mandatory, as the consumer champion reveals more than £1 billion is estimated to have been lost to bank transfer scams
in just three years.
With measures set to come in that should significantly reduce the amount of money lost to this type of fraud, Which? is also raising concerns that some banks are not committed to introducing the protections on time, or even at all.
Which? analysed bank transfer fraud statistics since the start of 2017, a few months after it first highlighted the threat from these devastating scams with a super-complaint.
The projected total lost since then, based on current trends, now stands at a staggering £1.1 billion, according to the research.
During that period, the sums lost to this type of scam, also known as authorised push payment (APP) fraud, have risen rapidly, while the payments regulator and banks have been slow to introduce much-needed protections for consumers.
According to Which?’s projections, £97 million could have already have been lost in the first three months of this year alone.
Alarmingly, analysis suggests that almost a third of the total losses since 2017, equating to £320 million, could have been prevented if a simple system of checking names on bank transfers had been in place during that period.
This important measure – known as confirmation of payee (CoP) – is finally due to be introduced by most of the UK’s major banks by the end of March.
CoP ensures that a check is made on whether or not the name a customer enters when making a payment matches the account details it is being sent to. It helps to stop fraudsters from posing as trusted organisations such as a bank or solicitor and tricking people into making payments to them.
The Payment Systems Regulator (PSR) has only directed the six biggest banking groups to sign up by 31st March, but Which? believes all banks must join the scheme in order for it to be effective.
The consumer champion asked all banks when they planned to introduce Confirmation of Payee. Of the banks that have been directed to sign up, RBS Group (including Royal Bank of Scotland, NatWest and Ulster Bank) and HSBC (including First Direct) were unable to confirm a specific date when asked if they would be ready by the regulator’s deadline.
On the other hand, Lloyds Banking Group is ahead of the pack, implementing CoP from 2 March 2020 for Bank of Scotland customers, before rolling it out to Halifax and Lloyds customers throughout the rest of this month.
Of the banks that haven’t been directed to sign up by the regulator, several have said that they plan to deliver the system by the end of the year.
However, Metro Bank told Which? that it has no current plans to implement CoP at all – despite this being a requirement of the voluntary industry code on APP scams launched in May 2019, which Metro Bank signed up to. It did not elaborate on why it is does not intend to introduce CoP, but says the voluntary code gives customers significantly increased protection against authorised push payment scams.
Amid concerning reports of banks failing to follow the code’s rules around reimbursing blameless APP scam victims, Which? is concerned that a voluntary approach to ensuring victims are treated fairly is no longer viable.
The next set of UK Finance figures on bank transfer scams is due for release in the coming days. It should show an increase in the amount of money being reimbursed to victims of bank transfer fraud, as banks signed up to the code begin implementing the greater protections it offers.
Which? believes the code and CoP should be made mandatory and that the government must consider directing the PSR to ensure all banks are signed up. The consumer champion is also encouraging all consumers to put pressure on their bank to sign up to both the code and CoP.
Gareth Shaw, Head of Money at Which?, said:
“The UK has been in the grip of a fraud crisis for years, but new security measures offered by the banking industry should finally give people better protection against increasingly sophisticated fraudsters.
“At the end of this month, we should get a true sense of how well the industry is tackling the issue. It is vital for all banks to commit to basic name-check security, and the whole industry should sign up and follow through on the protections offered by the scams code.
“If the banks fall short of making these commitments themselves, these initiatives must be made mandatory by the government.”
- Based on UK Finance data and modelling assumptions from the Payment Systems Regulator, Which? projects figure for the total amount lost to Authorised Push Payment Fraud since the beginning of 2017 is just over £1billion (estimated between £1059.48 million – £1114.24 million)
- Based on analysis by the PSR, Which? estimates that approximately £320 million of losses to customers could have been prevented if Confirmation of Payee had been introduced at the beginning of 2017. The PSR estimates that 70 per cent of misdirection fraud will be prevented in its first year, and 75 per cent each year afterward
- Metro Bank said: “We take our customers’ security extremely seriously and have a range of safeguards in place to help defend them against fraud, which we constantly review and update in light of increasingly sophisticated tactics from fraudsters. We have no plans to implement Confirmation of Payee currently, but can reassure our customers that they will continue to be protected. Metro Bank is a voluntary signatory of the Contingent Reimbursement Model Code, giving customers significantly increased protection against authorised push payment scams.”
- Tables of banks signed up to CoP and introduction dates: https://infogram.com/confirmation-of-payee-cc-1h9j6qkr5lov6gz?live
- In May 2019 the banking industry introduced a new voluntary code that offers increased protection from scammers, including reimbursement to blameless victims. The move came two years after Which? launched a super-complaint to push banks and regulators to better protect people who lose money to bank transfer scams.