Tuesday 6 April 2021

Banks must act to control fraud epidemic

Banks must act to control fraud epidemic

Don’t think you are too clever to be conned

An epidemic is sweeping the UK. Laying low the old and vulnerable, damaging healthy adults for life and undermining our belief in the systems that are supposed to protect us. It is caused not by a few strands of RNA, but by an intelligent life form. Clever, resourceful and agile, it worms its way into our brains, distorts our perception of reality and makes us pleased to give our money to thieves. 

In 2020, nearly 150,000 individuals had £479m taken from them by this plague. And that is just a small subgroup of the most common form of crime in Britain — fraud. It may be costing us billions of pounds a year. No one knows because much of it is never reported. What could be more embarrassing than admitting you were fooled by thieves into giving them the keys to your safe? Fraud is the crime we are the most likely to experience. It is out of control. And no one seems able to stop it. 

This type of scam begins with a frightening cold call. BT says your router is insecure and you need to pay to secure it. HMRC calls to warn that you are about to be prosecuted for tax evasion if you do not pay a sum into court now. Your bank reveals that your account has been compromised and the money must be moved somewhere safe. They panic you, threaten you, and if you are still sceptical they ask you to check caller ID. When you do it will show the correct number for BT inquiries, HMRC or even the fraud reporting line for your bank. 

These genuine numbers are sent by a technique called number spoofing, which allows the thieves to send any number they choose to the Caller ID system. One top law enforcement officer told me on Money Box recently “do not trust what you see on caller ID”. But people do and then agree to transfer money to the thieves or even give them the keys to do so themselves. Some steps have been taken to bar some numbers from being spoofed but the gov.uk website is a rich source of official numbers for thieves to harvest. Ofcom says there is no general solution to the problem of callers sending a false number. 

Until one is found the thieves will wrap this cloak of credibility around them. It would matter less to customers if they were compensated for being victims of this professional psychological warfare. A recent code was supposed to ensure that blameless victims would have their money reimbursed by the banks. But the latest figures from UK Finance show that for the 139,104 thefts that fell under the code in 2020, only 45 per cent of the £312m stolen was given back to customers — just £141m. That is a lot better than the 19 per cent reimbursed before the code began in May 2019. But evidence from dozens of people who still come to me after losing life changing sums indicates that banks are using the code itself to justify not paying. 

One popular disclaimer is that under paragraph R2(1)(a)(iii) the customer did not heed an “effective warning” about the transaction before they made it. That raises the question — can a warning be effective if it is not heeded? Another is paragraph R2(1)(c)(iii), under which the customer did not have a reasonable basis for believing the person they were paying was legitimate. But would anyone hand over thousands of pounds to someone they did not believe was legitimate? The code was not intended to be a playlist of excuses not to pay. 

Some banks are worse than others. The Payment Systems Regulator revealed last year that two out of eight banks in the code paid customers nothing in 96 per cent of cases. Even the best only reimbursed 59 per cent in full (the average was one in six). The regulator refuses to identify which banks are the worst, keeping that vital information secret from the people who need it: their customers. 

 Contrast this with TSB, the one major high street bank that is not a member of the code. It has its own “fraud refund guarantee” and says it repays in full 99 per cent of customers whose money has been stolen in this way. The regulator is now consulting on similar mandatory rules that would reimburse all customers who were not implicated in the crime. That would concentrate the minds of the banks. They already meet all losses from unauthorised thefts, such as card fraud or remote banking fraud, and these are being controlled, falling by 7 per cent in 2020 according to UK Finance. But losses to authorised payment frauds, where less than half are reimbursed, increased by 5 per cent with total incidents up 22 per cent. If the banks had to repay everyone it might make them more interested in stopping these thefts. 

The uncomfortable truth for the banks is that they are at the heart of these crimes. They allow thieves to open and operate current accounts and then use the faster payment system to receive the money and move it rapidly between accounts until it vanishes. In 2020, 96 per cent of the money stolen this way went through the faster payment system, a total of £398m, up 19 per cent on 2019. 

 I put my hand up here. In my early days on Money Box I championed faster payments. Why does it take three days to move money in the 21st century, we asked. And where is our money for those three days? Answer: earning interest for the banks. By 2008 the banks were shamed into setting up a new infrastructure that moved money at once and, crucially for the crooks, beyond recall. 

Perhaps now is the time to introduce a pause in the system so that when we transfer money to a new payee there is a delay of, say, 24 hours before the payment is made. One of the characteristics of the people whose money is taken is that within at most a few hours the psychological drug that made them credulous enough to co-operate with the crime wears off and they think: “****! I’ve been robbed.” But even after a few seconds it is too late to undo the transfer. 

 Preventing number spoofing, making the banks liable and introducing a pause for new payees would go a very long way towards ending most of these crimes. Meanwhile, there is one impenetrable barrier to them. End the call. No one ever lost money by doing that. And do not think that you are too clever to be caught. No one is. Once you engage, you are hooked. Their silver tongues will wrap around your brain while their digits enter your bank account and fish out all your money. So end the call.

This piece originally appeared in the FT early in April.

Paul Lewis
Version 1.00