SHORTER READ

Banking & financial disputes

Bank Fraud: Safeguards and Solutions (Part one)

Reports show that instances of bank fraud are currently on the rise. New remote working policies and increasing reliance on internet shopping, amongst other factors, mean that we are currently more vulnerable to bank fraud than ever.

SHARE

Authors

Fraudsters are targeting both businesses and individuals with both the usual scams we have been aware of for a while and with new COVID-19-related schemes. It is, therefore, more important than ever to be vigilant. But we might also ask what protections are available to bank customers in the current climate? This series of articles takes a brief look at a few of the measures which banks have in place to protect their customers, what options are available to customers who find that they have been the target of a fraud and what measures you should be putting in place to limit the risk of fraud.

Confirmation of Payee (CoP)

Barclays, HSBC, Lloyds Banking Group, Nationwide Building Society, Royal Bank of Scotland Group and Santander UK (the six largest banking groups in the UK) were all due to introduce this new protection by 31 March 2020. In light of the COVID-19 crisis, the Payment Systems Regulator has said that banks can postpone implementation until 30 June 2020, although it seems that some of the banks have already rolled out the new system in accordance with the original deadline.

The new CoP system will check whether the name of the payee [the person/business to whom the payment is being made] provided by the customer matches the name on the account to which the money is being transferred. The payer [the person/business making the payment] will be told that there is either an exact or a partial match or that there is no match between the payee name and the name on the account. This gives the payer the opportunity to carry out further checks in the event of a partial or no match notification. This should be useful in situations where, for example, the payer has received bank account details by email but has not realised that the real email was intercepted by a fraudster who sent across their own bank account details instead.

In order to maximise the protection offered by this new system, customers should consider:

  • ensuring that the details of the payee for any transfer are always copied exactly as shown on an invoice
  • introducing a procedure for what should be done in the event of receiving a partial or no match CoP notification
  • on receipt of a partial or no match CoP notification, confirming the payee’s details using a different contact method from the one by which the details were originally provided, e.g. calling the payee’s general telephone number and asking to be put through to the individual who provided the account details rather than using their direct dial.

More details on how CoP will operate can be found on the UKFinance website.

Contingent Reimbursement Model Code (the Code)

The Code was created to protect customers and reduce instances of authorised push payment (APP) fraud. APP fraud is where a customer authorises a payment, believing that the payment is for a legitimate purpose and being made to a genuine payee. But they subsequently discover that it is in fact a scam or that the funds have been redirected to a fraudulent third party.

The Lending Standards Board has oversight of the Code and is due to conduct a review of the Code in summer 2020. It is currently voluntary though several banking groups and building societies have signed up to it since its commencement, including Barclays, HSBC, Lloyds, Metro Bank, Nationwide and RBS. Currently the Code only has effect from 28 May 2019, but in November 2019 the Treasury Committee reviewed the Code and issued a publication expressing its views that the Code should become compulsory and should have retrospective effect back to 2016.

The Code requires that banks take reasonable steps to protect their customers from APP fraud, including having procedures in place to detect, prevent and respond to such scams. Where a customer is the victim of APP fraud, signatory banks will refund the customer the stolen money even if the bank is not at fault for the fraud. There are exceptions for when the bank does not have to do so, for example, where the customer received a no match CoP notification (as explained above) and ignored it, or where there are other grounds for showing that the customer made the payment without a reasonable basis for believing that it was not a genuine payment. These are just two examples, but the grounds for refusing to compensate the customer are set out in the Code. Compensation may be paid by the customer’s own bank (the sending bank) or the payee’s bank (the receiving bank) or both.

Compensation is only available to consumers, micro-enterprises (with fewer than 10 employees and with annual turnover and/or an annual balance sheet which does not exceed EUR 2 million) and charities with annual income of less than £1 million. It also only applies to transactions which take place between GBP-denominated UK-domiciled accounts.

More information about the Code can be found on the Lending Standards Board’s website.

For more information or advice on what to do in the event of fraud, please contact a member of our Banking and financial disputes team.

Authors

MoreofHelen'sInsights

You are contacting

Helen Ingram

Associate

helen.ingram@collyerbristow.com