A bank fraud refund scheme comes into effect today (May 28th). Banks will start refunding victims of so-called ‘ authorised push payment fraud’ under a voluntary code. What will change?
What are authorised push payment frauds?
An authorised push payment (APP) fraud is when a bank customer unwittingly gives permission to a fraudster to take a payment from their bank account. These authorised push payment frauds occur when a fraudster convinces someone that they’re a genuine supplier (such as a solicitor, computer help specialist, builder or trader) or that they can help you avoid fraud on your account.
In the past, banks have taken the view that because the customer has authorised the payment, they and not the bank should bear the loss. This is the case even when the customer has been convinced by a very plausible fraudster to make the payment.
It has to be said that banks have repaid some victims of these frauds, but it’s been hit and miss. Some banks have been better than others and taken a more compassionate view.
SAVVY TIP: Banks that aren’t signed up to the new bank fraud refund scheme may not refund people who’ve unwittingly authorised a payment to a scammer.
How will the bank refund scheme work?
Banks that sign up to the voluntary bank fraud refund scheme code will commit to refunding customers who’ve had money stolen on or after May 28th. The code says banks have to:
- Protect their customers from authorised push payment fraud. They’ll have to make sure they have procedures in place to detect and prevent this fraud. If customers are identified by the bank as vulnerable, the bank will have to have more protection in place.
SAVVY TIP: If a family member is vulnerable, perhaps because they are in the early stages of an illness like dementia, ask them to tell the bank or tell the bank on their behalf. That way the bank will be obliged to take extra care. Banks will have to identify vulnerable customers themselves, through behavioural analytics etc, but if you tell them yourself, you’ll know they’re aware.
- Delay payments where they suspect APP fraud is being committed. The payment shouldn’t be made while the bank investigates whether or not fraud could be involved.
- Prevent accounts from being used to launder the proceeds of advanced push payment fraud. One of the problems up until now has been that once the fraudster has stolen the money, they’ve cleared out the account they paid the stolen money into very quickly. In the past banks that have processed this stolen money have been reluctant or unable to help fraud victims.
SAVVY TIP: Banks will have to freeze payments if they think there’s been a fraud. Banks also should do adequate checks when someone opens an account.
- Refund money that’s been stolen, where neither the bank nor the customer is to blame for the fraud. Before the bank fraud refund scheme came into force, banks would only refund customers if they (the bank) was at fault. This code does change things, but it doesn’t mean everyone will get refunded. If the bank thinks you’ve been negligent, you probably won’t get your money back.
When won’t you get refunded?
You may not get refunded by the bank fraud refund scheme in the following circumstances:
- If you ignored warnings from the bank. This could be, for example – a message on your mobile banking app not to make the payment if it was the result of a cold call. These warnings typically appear when you set up a new payee, or amend details of an existing payee. Your bank may also contact you once you’ve made the payment to check that you definitely wanted to pay them.
- If you made the payment thinking you may be paying a fraudster. The bank fraud refund scheme wording is a bit more specific. It says you won’t get a refund if you made the payment without ‘a reasonable basis for believing that’: you were paying the person you expected to pay, or were paying for goods or services that were genuine, or that the person you were paying was genuine. This feels like it gives the banks a reasonable amount of wriggle room. I do hope they don’t use it, but it doesn’t instil me with complete confidence, to put it mildly.
SAVVY TIP: The banks must take into account the ability of the person to make the decision at the time they make the payment. So, for example, the bank must take into account someone’s vulnerability – such as dementia or a learning disability. However, they must also take into account things like how familiar someone is with online banking if they were tricked into making an online payment to a fraudster. If they someone has never made an online banking payment before and a fraudster tricks them into transferring money to their account, they may be treated differently to someone who regularly banks online.
Worryingly, the code says that banks will be able to assess fraud refunds on a case by case basis. This makes me think that many people won’t be refunded.
When will you get your money back?
The bank should make a decision about whether or not to refund your money quickly and generally no later than 15 business days (three weeks) after the APP fraud occurred. In some cases, this can be extended to up to 35 days (seven weeks). Once the bank has decided that it will refund you, it should pay out the money quickly.
If the bank says it won’t refund your money, you can complain. Normally banks have up to eight weeks in which to look into complaints. However, in this case it will be up to three weeks (15 business days) or seven weeks (35 days) in some circumstances.
SAVVY TIP: If you’re not happy with the bank’s response, you can then complain to the Financial Ombudsman Service.
Which banks have signed up?
The code covering the bank fraud refund scheme is voluntary so only banks that have signed up to the code by May 28th will commit to offering these refunds. The banks that have signed up to the code include:
- Bank of Scotland
- First Direct
- Intelligent Finance
- Lloyds Bank
- M&S Bank
- Nationwide Building Society
- NatWest and RBS
- Santander (includes Cahoot and Cater Allen)
- Starling Bank
- Ulster Bank
SAVVY TIP: Co-op Bank, Tesco Bank and Clydesdale and Yorkshire Banks, which also own Virgin Money, haven’t signed up to the code. Most of the newer fintech banks, such as Monzo haven’t signed up yet either.
Are the banks doing enough?
I think the banks should be doing more. For example, at the moment you only have to put in the sort code and account number of the person you’re paying. The banks are due to introduce something called ‘confirmation of payee’, which means that they will have to match the name you put in, as well as the sort code and account details. This was due to come into force in July (2019), but has been delayed until sometime in 2020.
TSB’s Fraud Refund Guarantee
A few weeks ago, TSB announced that from April 14th 2019, it would refund its customers who are defrauded. The bank will pay them back if money was taken fraudulently (as banks have to do currently) and if they were tricked into paying a thief who they thought was genuine. It launched its Fraud Refund Guarantee, which TSB says will pay out if customers contact the bank on 0800 096 8669 (or on the number on their card):
- TSB will still investigate the fraud claim, including what happened and how it happened. TSB says this is so it can tell the customer and ensure they’re protected from future fraud.
- TSB will not repay losses due to fraud committed by an individual on their own account. Customers who abuse the Fraud Refund Guarantee, for example by repeatedly ignoring account safety advice, may not get money refunded in the future.
- TSB will not refund losses for retrospective claims; the Fraud Refund Guarantee applies to fraud losses incurred on or after Sunday 14 April 2019.
- The guarantee covers authorised and unauthorised transactions for claims meeting the criteria. For authorised transactions the guarantee is limited to £1 million for each claim.
- The fraud guarantee will also cover any new customers joining TSB from 14th April.
TSB says that the voluntary code that many of the high street banks have signed up to doesn’t go as far its own Fraud Refund Guarantee. TSB says that its own refund guarantee will pay out in these situations when the banks’ voluntary code does not:
- If a customer has been socially engineered into resetting their login details or withdrawing money from a branch and handing it over to fraudsters.
- If a customer’s account has been taken over after they gave access away to a fraudster without realising.
- If a customer has been negligent and handed over memorable information to the fraudster.
- In cases of push payments, where warnings are displayed to the customer, but they authorised the payment regardless, they will get a refund.
SavvyWoman email newsletters: If you found this information useful why not sign up now to receive free fortnightly email newsletters with money saving tips and help? You can sign up at the top of any page on the website and your details won’t be passed to any other company for marketing purposes.