Banks Not Doing Enough to Protect Fraud Victims


May 2020

Banks Not Doing Enough to Protect Fraud Victims

Banks could do more to protect and compensate victims of fraud, particularly their most vulnerable customers, the Lending Standards Board (LSB) has found.

Last May, nine high street banks and building societies signed a voluntary code pledging to compensate victims of authorised push payment (APP) scams. In this type of fraud, customers are tricked into sending money to an account controlled by a criminal. In transferring the sums, they may believe they are paying for legitimate goods or services, such as paying a solicitor or tradesperson. As the customers authorised these payments, they aren’t protected by other fraud compensation schemes.

Under the new code, banks have committed to refunding these victims themselves if the bank is at fault, while compensation comes out of a no-blame pot if neither the bank nor the customer is found to be at fault. The sector has had difficulty reaching an agreement about how to fund the no-blame pot in the longterm, although funding was recently extended until the end of the year.

In a review of the code’s first year, the LSB, which is responsible for governing banks’ adherence to it, found that firms had taken positive steps to implement it and reimburse customers. However, it warned that banks were failing to identify customers as vulnerable when they reported fraud, which could impact compensation claims.

It also cautioned that banks are reliant on a checklist process for allocating blame, which means some claims may be denied without fully being considered.

The review found some cases of banks sending text messages to customers saying they won't be refunded without telling them why. Banks are also failing to keep records of how they reached that decision, leaving customers no opportunity to challenge it.

The review also highlighted problems with banks failing to deliver effective warnings about fraud.

Emma Lovell, chief executive of the LSB, said: “Our review shows areas of good practice and strong evidence that, when applied correctly, the code is working. Where improvements need to be made, we have issued recommendations to individual banks and these are currently being worked through by firms. Fundamentally, we want to see banks taking all of the required steps to protect consumers, while ensuring fair outcomes for those that fall victim to a scam. Banks have reaffirmed their commitment to this.”

More than 120,000 people fell victim to authorised push payment fraud last year, losing an average of £3,800 each, according to data from trade body UK Finance.

Currently, nine banks and building societies have signed onto the code: Barclays, Co-Operative, HSBC (including, First Direct and M&S Bank) Lloyds, Metro, Nationwide, NatWest (including RBS and Ulster Bank), Santander and Starling. A number of mainstream banks have yet to sign up to the code, although TSB has separately committed to refund victims.

Earlier this year payment provider Shieldpay warned that fraud victims are still seeing less than half of their lost funds returned and said banks need to do more to prevent fraud.

Peter Janes, chief executive of Shieldpay, said: “The voluntary code is a positive step but compensating victims is simply firefighting without tackling the source of the problem. Fraudsters must be stopped in their tracks and consumers protected against transferring money into accounts which are held by scammers.”