In the first six months of 2018, online scammers had a bit of a field day with UK customers’ bank accounts. In fact, they drained over £500million from British customers from January to June. So despite the advent of better firewalls, higher levels of awareness about online scams, and repeated attempts to stop people giving away their details willy-nilly, the scammers are still making a nice living out of UK banking customers.
£145million of that amount was the result of what are known as ‘Authorised Push Payment’ (APP) scams, where people think they’re transferring money to a legitimate account by bank transfer, but are in fact being conned into sending their money to a scam account. In some cases the amounts can run into hundreds of thousands of pounds, where people believe they’re transferring their mortgage payment to what they think is the seller’s bank. It turns out to be a fraud, the scammers walk away with all your money, and no, you haven’t bought that dream home you’ve been saving up for.
It's your own fault… apparently
The worst part of this is that APP victims cannot guarantee that they’ll get their money back. Whereas the £358millon lost to unauthorised fraud will usually be replaced without too much hassle, around 21% of APP scam victims do not get their money back. Why? Because the banks may insist that the victims should’ve done more to protect themselves, and have in effect agreed to the money transfer without practicing due diligence beforehand.
It’s a shady area, because current legislation means the victim of an APP scam is technically liable for any losses if they authorise the payment in the first place, whether that payment then goes to a fraudulent bank account or not. These could include other types of scam such as ‘purchase scams’, where a victim is fooled into paying for a service or product that doesn’t actually exist, and could range from a suspicious eBay purchase to a non-existent holiday or car.
But I put in all the right details…
A bank transfer, which used to be regarded as one of the safest methods of moving money from one account to another, is now not as secure as you’d like to think. You only need to enter three pieces of data: the name of the person you’re paying the money to, their account number, and their sort code. So it’s simple for a scammer to set up a phony account name, number and sort code, and vanish with your cash as soon as you hit ‘send’.
Shouldn’t the bank pay up?
Your bank is under no obligation to cover any debt if you’ve agreed to transfer the money, and if they think you haven’t been careful with your details then they may refuse to refund your cash. It doesn’t happen that often, but if you’ve been a little lax with your online security, the bank may end up regarding you as partially responsible for your own misfortune. It’s a tough call, and the banks are being criticised for their stance, which has been described as ‘woefully insufficient’ by the consumer group ‘Which?’.
There are plans afoot for the Payments System Regulator – who oversees all financial transfers – to introduce a reimbursement scheme for APP victims. However, it’s worth bearing in mind that the banks may still include some caveats to any agreement that’s put together, and there will always be winners and the occasional loser when it comes to refunds.
What can I do?
The best advice is to always, always, always practice extreme caution when making any online transaction, especially if large sums of cash are involved. Check and double check the details, and if you’re not sure, ask the recipient for the name of their bank (including the branch). You should then be able to check if the sort codes and account names are legit.
We shouldn’t need to say this by now, but never, ever give out security details such as your PIN or account passwords. If something doesn’t ‘feel’ right, then trust your instinct and do your checks. Never feel under pressure to make a money transfer – a genuine organisation or seller will be willing to wait while you carry out your own thorough checks.
If things do go horribly wrong, then don’t panic. Contact your bank in the first instance and ask to talk to their fraud department. Once you’ve registered a complaint with them they are duty-bound to investigate. If you don’t feel that they’re taking the situation seriously then talk to a legal expert who specialises in cybercrime, who will be able to advise you on your next move.
If you require any further guidance on this matter, please feel free to contact Justin Emerson on 01245 228113 or firstname.lastname@example.org
This is not legal advice; it is intended to provide information of general interest about current legal issues.