Refund hopes rise for push payment scam victims
More consumers who fall victim to "push" payment scams may be reimbursed by their bank under proposed new rules.
A draft voluntary code for banks aims to prevent "Authorised Push Payment" (APP) scams.
Such scams trick account holders into authorising a payment to another account - usually a fraudster.
At the moment banks typically refund only about a fifth of the money that goes missing, leaving some thousands of pounds out of pocket.
The new code establishes the principle that if customers take "the requisite level of care", they should be reimbursed by their bank.
But consumers will still have to prove that they took "reasonable steps" to make sure that the person they paid was who they thought they were.
At the same time the payments regulator has announced that a new tool to counter such fraud, known as "confirmation of payee" should be in place by July next year.
Consumer rights group Which? initiated a super-complaint about APP scams two years ago.
Jenni Allen, managing director of Which? Money, said the call to reimburse innocent victims of such scams was a "significant win" for consumers.
But she warned the new code would only be judged a success if banks protected more customers from scams and "swiftly" reimbursed those targeted by criminals.
"It's simply unacceptable that in cases where banks claim they could not have done anything more, it will still be the victim who is left to bear the cost - often with devastating consequences."
One APP victim was Angelene Bungay of Shrewsbury, who was duped into paying £13,000 to someone posing as the builder carrying out her loft conversion.
Her bank said that despite Mrs Bungay being one of a growing number of APP victims, she would not be refunded.
The code aims to make it harder for criminals to commit push payment fraud, and sets out how consumers can get better protection and support from their banks.
But it lists eight ways that banks can justifiably refuse to reimburse customers who have been defrauded.
These include cases where customers:
- refuse to heed warnings from their bank
- "recklessly share" their security credentials
- fail to take steps to make sure they person they paid was who they thought they were
- fail to be honest with their bank
- are "grossly negligent"
- fail to heed a confirmation of payee result (see below)
Questions also remain about who is liable when both the bank and the customer appear to have taken all the necessary steps to prevent fraud.
What is confirmation of payee?
Under the current system, anyone making an online payment to another person has to enter their name, their sort code and their account number.
But as long as the sort code and the account number match up, the payment will go through. In other words the name on the account is not checked by the bank.
Under the confirmation of payee system, a message will bounce back to customers, saying " Did you mean to pay Joe Bloggs?" - giving the actual name of the account-holder.
This should stop fraudsters posing under false names. This system is now due to come in by July 2019.
A draft is open for consultation until 15 November and the final version is intended to be agreed by early next year. In the meantime five banks have said they will start to implement the draft code.
Stephen Jones, chief executive of UK Finance, which represents banks, said the industry would work with partners to identify a sustainable way to reimburse consumers.
"It is vital that we get the right outcome for customers... while ensuring innocent victims and customers are not penalised for the criminal actions of others," he said.
Financial services firms "have now got a clear sighting shot as to the overall direction of travel" in terms of reimbursement for fraud, he said, while consumers should have greater consistency in being able to get money back.
Some of the issues must be resolved by new regulation, rather than a voluntary code alone, UK Finance added.