UK Finance responds to the PSR’s recommendations on the Which? super-complaint
- New data exposes growing problem of criminals targeting customers to trick them into transferring their money
- Just over £100m lost to transfer scams in first six months of 2017. 19,370 cases – with an average loss of £3,027 for consumers and £21,477 for businesses
- Financial providers return £25.2 million – almost a quarter of losses, but call for legislative changes to allow them to do more
Today (7 November) the industry publishes new data exposing the growing problem of criminals targeting customers by tricking them into authorising a payment. It also publishes details of other industry initiatives to protect customers and detect and deter criminals.
Commenting on the PSR’s response to the Which? super-complaint Stephen Jones, Chief Executive of UK Finance, said:
“Today marks an important step forward in the battle to fight the serious problem of criminals tricking customers into authorising payments and we are pleased the regulator has acknowledged everything the industry has achieved to date.
“We are under no illusion that more needs to be done and we support the PSR’s desire to develop a mechanism to return more stolen funds to victims. We look forward to working with the PSR to secure the vital changes to legislation needed to enable the proposed refund model to work, and help deliver further positive change for customers as quickly as possible.”
Commenting on new industry data on authorised push payment fraud Katy Worobec, Head of Fraud and Financial Crime Prevention, Cyber and Data Sharing at UK Finance, said:
“These figures confirm that criminals are enjoying a great deal of success targeting customers directly and tricking them into falling for their scams. There is no fast or surefire solution, but the industry is determined to crack down on these criminals on all fronts. Raising customer awareness is one weapon in the fight to stop these scams, which is why we are investing in the Take Five campaign.”
New data collated and published by the financial industry for the first time reveals that in the first six months of 2017 customers sent £101.2 million to criminals after being tricked by authorised transfer scams1. The new figures reveal the extent of the growing problem of criminals directly targeting consumers and businesses to trick them into authorising a payment. Industry data shows there were 19,370 cases in H1 2017: 88% of this total were consumers losing an average of £3,000, and the remainder were businesses who lost on average £21,500 per case.
Criminals use a range of tactics including invoice scams, house purchase scams and email hacking to target victims, and their scams can be very convincing. If a customer authorises the payment themselves, current legislation means that they have no legal protection to cover them for losses – unlike other financial frauds where the criminal makes a payment without a customer’s consent.
Banks will always endeavour to help customers recover stolen money but customers typically only approach their bank after the payment has been processed, when they realise they have been duped. By this time the criminal has often withdrawn the stolen funds and the customer’s money has gone. Financial providers were able to return £25.2 million of the losses in the first half of 2017.
The industry is taking decisive action to tackle these scams with a multi-pronged approach:
- Preventing customers falling for these scams: the industry has joined forces with Her Majesty’s Government to raise awareness of common scams in order to encourage customers to confidently challenge a criminal. The latest Take Five to Stop Fraud campaign is supported and promoted by banks and building societies. A new customer advice guide is also available to download which advises customers on common authorised transfer scams and the best prevention advice.
- Repatriation of funds: the industry is working with Government and law enforcement on how to freeze and seize more stolen money to return it back to victims. The implementation of the Criminal Finances Act2 will assist with this but legislation is also being reviewed to see what changes are required to provide banks with a greater ability to return funds to victims. A change in the law would also allow criminal funds, currently frozen in bank accounts, to be potentially used to tackle fraud and scams and help victims.
- Collating industry data to establish the scale of the issue and to monitor it going forward with updates provided twice a year. This data will help industry and law enforcement to tackle authorised transfer scams more effectively.
- Considering longer term innovations to help customers better identify who they are dealing with. This may include a system to verify payee name details before a payment is made. UK Finance supports the proposal to make such an innovation available as outlined by the Payments Systems Regulator’s strategy setting body – the Payment Strategy Forum. UK Finance believes this should be developed to provide assurance to customers that they are paying the intended recipient, whilst acknowledging that this system would only be possible with legislative changes to allow more data to be shared.
- Putting measures in place to ensure customers who have fallen victim of fraud and scams get the help they need no matter who they bank with. Best practice standards3 will address issues such as around-the-clock availability of fraud specialists, consistent processes for notifying and assessing customer claims and blocking frauds.
- Work with government on making possible changes to legislation concerning account opening procedures to help the industry act more proactively on suspicion of fraud and prevent criminals from accessing financial systems.
- Sponsoring a dedicated police unit who specialise in tackling financial fraud and scams head on.
UK Finance recently published data on other fraud types (card, remote banking and cheque fraud) for the first half of 2017. Total fraud losses on all these frauds fell by 8 per cent.
Take Five has issued the following advice to help customers stay safe from financial scams with the key message “My Money, my info, I don’t think so”:
- A genuine bank or organisation will never contact you asking for your PIN, full password or to move money to a safe account.
- Never give out personal or financial information. Always contact the company directly using a known email or phone number.
- Don’t be tricked into giving a fraudster access to your details. Never automatically click on a link in an unexpected email or text.
- Always question uninvited approaches, in case it’s a scam.
Notes to Editor
- In an authorised transfer scam (also known as an authorised push payment ‘APP’ scam) a criminal tricks their victim into sending money directly from their account to an account which the criminal controls. Criminals use a range of tactics to commit this crime, including impersonating someone from a bank or a police officer, claiming a fraud has been spotted on a customer’s account, sending fake invoices to businesses, offering fraudulent investment opportunities or posing as a house purchaser’s solicitor. Once the victim has authorised the payment and the money arrives in the criminal’s account, the criminal will quickly transfer the money out to numerous other accounts, often abroad, where it is then cashed out. There are more details on the common scams that criminals use in “Take Five My Money, My Info, I don’t think so” consumer advice guide.
|January – June 2017||Personal||Non-Personal||Total|
|Total returned to victim||£9,813,650||£15,404,140||£25,217,791|
In the absence of a legal order, there is no legal mechanism for banks to return money received following an authorised push payment scam. A key pillar of the work to increase the repatriation of funds will be the implementation of the Criminal Finances Act, which provides an additional mechanism by which law enforcement can freeze and seize the proceeds of crime. The industry is also working with law enforcement to put in place a more effective system that helps return more money to victims, both within the current legal framework, and to identify where Government could change the law to make it easier to protect and help victims.
- The industry best practice standards set out APP Claim Reporting Standards. These were developed by UK Finance members to address the issue, identified in the PSR’s response to the Which? super-complaint, of sending and receiving financial institutions not effectively engaging with each other in a timely manner when attempting to recover payments made as the result of an APP scam. They are intended to apply to APP scams suffered by personal and small business customers where the victim’s bank and the beneficiary bank are in the UK. The intention is that these standards will improve the process through which APP scams are dealt with, making it easier and better for the customer, and possibly improving the likelihood of their funds being recovered. These changes will produce a significant improvement in the customer experience, providing a consistent experience for customers of all participating banks, and will improve the banks’ response to these claims, helping to prevent scams from succeeding.
The industry best practice guidelines set out principles for APP claim reporting standards:
- Banks will have 24-hour, 7-day dedicated staff trained in scam management to deal with and process APP scam complaints.
- The customer will only have to deal with their own bank or account provider. The victim’s bank will act as the intermediary between the victim and the beneficiary bank, and will be the victim’s sole point of contact.
- Banks have agreed on a set of necessary information, to be collated by the victim’s bank following APP scam complaints.
- The victim’s bank will collate and provide this information to the beneficiary bank and the latter will proceed with its investigation into the alleged scam.
- The beneficiary bank will conduct an investigation, recover funds where possible and appropriate, and return funds to the victim if it can.
- The banks will also collaborate more widely with each other on information to support investigations and protect victims.
- UK Finance is a new trade association which was formed on 1 July 2017 to represent the finance and banking industry operating in the UK. It represents around 300 firms in the UK providing credit, banking, markets and payment-related services. The new organisation brings together activities previously carried out by the Asset Based Finance Association, the British Bankers’ Association, the Council of Mortgage Lenders, Financial Fraud Action UK, Payments UK and the UK Cards Association.
- As a constituent part of UK Finance, Financial Fraud Action UK is responsible for leading the collective fight against financial fraud on behalf of the UK payments industry. Our members include banks, credit, debit and charge card issuers, and card payment acquirers in the UK.
- The Dedicated Card and Payment Crime Unit (DCPCU) is a unique pro-active police unit, with a national remit, formed as a partnership between Financial Fraud Action UK, the City of London Police and the Metropolitan Police together with the Home Office. It is fully sponsored by the cards and banking industries, with an on-going brief to investigate, target and, where appropriate, arrest and seek successful prosecution of offenders responsible for card, cheque and payment fraud crimes. It is headed up by a Detective Chief Inspector and comprises officers from the Metropolitan and City of London police forces who work alongside banking industry fraud investigators and support staff.