Some of Britain’s biggest high street banks have cautioned against a new code designed to protect customers against push payment scams, arguing it could leave them solely responsible for paying out compensation.
Responding to a consultation, Barclays, Lloyds, Nationwide and Santander all said that they disagreed with changes that could lead to payment providers being held liable for fraud even if they were not responsible for it.
Some of the banks added that they might limit services to customers or levy fees on bank transfers if the code was implemented in its current form.
Authorised Push Payment scams happen when victims transfer money into a scammer’s bank account often after being tricked – £145m was stolen this way in the first six months of 2018
The new draft code, published by the Authorised Push Payment Scams Steering Group in September, sought to offer a greater level of protection to victims of so-called authorised push payment scams.
These are scams in which a customer is tricked into authorising a payment to a scammer themselves.
Under current rules, banks are not necessarily obliged to refund payments which have been authorised by their customer, but the new code states that ‘firms should reimburse the customer’ when they have been the victim has been a victim of an APP scam.
It adds that customers deemed especially ‘vulnerable’ to such scams should also normally be reimbursed. That definition should be determined on a case-by-case basis, the draft code suggested.
Figures from trade body UK Finance in September found that £145million was stolen through APP scams in the first half of last year, but only £31million of that was recovered.
Responding to the consultation, several of the country’s largest banks said they supported the new code, but expressed concerns about being left liable for millions in reimbursements.
Six ways to outfox the cyber-criminals
ASSUME any caller claiming to be your bank or utility provider could be a fraudster.
It might sound unfair and the call may be genuine – but being sceptical from the start could help protect you.
CALL your bank back on a different phone line if you are not sure a call is authentic.
Use the phone number on the back of your credit or debit card. If calling from the same phone wait at least five minutes for the current call to be disconnected. Otherwise a fraudster could simply stay on the line while you dial.
KNOW the hallmarks of fraud. There will be convincing lies throughout a scam and the perpetrators will sound intelligent and authoritative.
But typical requests include being asked to: provide a code, a PIN, move money to a different account, repay a sum accidentally put in to your account, reveal passwords or allow remote access to your computer. Do not comply.
BE careful about what links you click on emails, or what attachments you open. Scammers know how to imitate your friends or big brands in messages.
These links could contain viruses that, once on your computer, allow fraudsters to spy on you when you enter log-in details for online banking. Or they will pose as big brands and demand personal information that you should not surrender.
UPDATE anti-virus software on your computer and regularly change passwords on online accounts.
LEARN more ways to protect yourself with help from websites such as takefive-stopfraud.org.uk and getsafeonline.org.
Compiled by Laura Shannon
Barclays said: ‘We disagree with the notion that payment service providers should accept all liability for a scam in the instance that “no blame” can be attributed to either party.’
Lloyds, part of the country’s biggest banking group which controls around a quarter of UK current accounts, added that while they were supportive of the idea ‘that all who meet the requisite level of care should be reimbursed’, ‘we believe it does not necessarily follow that a PSP should directly bear the cost or reimbursement in such “no blame” cases’.
Meanwhile Santander said that the draft code ‘is overly weighted in the customer’s favour and punishes a payment services provider for criminal behaviour’ conducted by ‘third parties that it is not responsible for’.
It added that if victims of even smaller purchases were ‘essentially insured by some form of strict liability’, it would not encourage customers to be careful and could even encourage fraudulent claims.
This is Money has previously reported on the Spanish bank’s poor response to scam victims, which included sending carbon-copy letters rejecting refund requests to customers and fobbing off customers after just 24 hours.
All four banks suggested that there could be consequences if the rules around reimbursements were adopted in their current form.
Santander questioned whether those whose losses were not ‘life changing’ should be excluded from reimbursement, while Lloyds said it could potentially bring in a levy on payments in order to fund any compensation.
It added: ‘Simply levying the charge could raise awareness of scams amongst consumers in a similar way to how the “plastic bag tax” raises general awareness of the impact of waste upon the environment.’
Nationwide suggested customers identified as vulnerable may be barred from some offers or have restrictions placed on their accounts, while Barclays said it could slow down or even interrupt payment services for customers in order to limit its liability.
Responding to the consultation, Tom Clementson, director of consumer and SMB at ShieldPay, said: ‘Banks are behind the times when it comes to protecting their customers from push payment fraud.
‘The very fact that there is a consultation on compensation payments brings the question of how people are able to transfer thousands of pounds to a fraudulent bank account into sharp focus.
‘More safety checks must be put in place to ensure consumers do not become victims. The adoption of technology, which verify both identity and matching bank accounts, is one solution that can help to eliminate the risk.’
In total, the consultation responded 53 responses between September and November 2018.
Ruth Evans, the chair of the APPS Steering Group, said: ‘We know the devastating impact authorised push payment scams can have on their victims and the steering group is united in its determination to tackle these crimes and improve protection for consumers.
‘That is why it is essential that we get the voluntary code right and it is clear from the consultation responses there are a number of matters still to consider.
‘We are, however, acutely aware that time is of the essence and we are working hard to resolve these issues swiftly.’