Can we win the war on bank fraud?

Whenever I write about this topic, clients and colleagues report back to me with remarks like “I’d never fall for this” or “How stupid would you have to be?” However, the sad truth is regulators have been fighting a losing battle against fraudsters during the pandemic as they find new and inventive ways to con millions out of unsuspecting consumers and investors alike.

In addition, it is a complete lottery as to whether the victims of these crimes will ever get their money back. UK banks who have signed up to the ‘no fault’ refund code have wildly varying interpretations of how it works and we have recently witnessed MPs on the Treasury select committee rightly carpeting financial regulators about this.

The number of scam warnings the Financial Conduct Authority (FCA) issued in 2020 was double the level seen in 2019 and is on course to double again in 2021. Many were about investment fraud, including highly convincing cloned websites of financial providers and private banks designed to snare the unwary. It is right, there is a growing consensus that tech and social media platforms who profit from selling adverts and hosting content must help to fund the fraud fightback.

The FCA’s enforcers are targeting online platforms that fail to check if ‘financial promotions’ have been issued by a regulated firm. Google has been so heavily criticised it has offered to refund £600,000 to the FCA which is the amount it spent on its own fraud prevention ads last year.

I sincerely hope this activity results in positive action, but as the number of dodgy websites proliferates, the regulator has adopted a policy of ‘warn consumers first, investigate criminals later’, adding suspect sites to its ScamSmart list as soon as they are spotted. This approach seems only to ‘put the fire out’ and fails to grab the arsonist.

2020 saw the value of so called ‘Authorised’ fraud (where consumers are duped into transferring money to criminals), hitting record levels with £479m lost by nearly 150,000 victims. Fewer than half will ever get any money back. The majority of UK banks have adopted a voluntary code to refund ‘no fault’ victims of such crimes, but MPs are pressing the regulator about why it is being so inconsistently applied. The number of victims who managed to get any money back ranged from as few as 30% of cases at one UK bank to 75% at another. This difference in reimbursement rates is, surely, totally unacceptable.

Currently, a whopping 73% of disputed bank fraud cases are found in the customers’ favour. This is a statistic that should shame the banking industry, the average across all complaints the FOS handles is 32%. The volume of complaints means it is currently taking the FOS up to nine months to start investigating fraud cases, causing further anguish.

How does your bank measure up?

Well, there is no way of finding out as banks do not want to make the figures public but this is vital information for their customers. The lack of scrutiny means there is no pressure on the laggards to step up their fraud prevention efforts, it is time the regulator to toughen up.

The menace of ‘number spoofing’ is a chilling example of why I want to publicise it. I was contacted by a client who is battling with his bank after losing nearly £20,000 to an ‘authorised’ scam. He received a call purporting to be from his bank’s fraud department, saying his account had been compromised, and he needed to move his money fast. I know my client to be an intelligent and smart individual and he asked: “How do I know you are really my bank?”

“Well done sir, you are so right to ask that question,” was the reply from the professional-sounding fraudster, inviting him to check the number he was calling from was the same as the one on his bank’s website. It was an identical match. Reassured, he followed the instructions from the fraudster. The first time he heard about ‘number spoofing’ was when he spoke to his bank’s actual fraud department. The bank is disputing his eligibility for a ‘no fault’ refund on the basis he should have known, hung up and redialled. However, the warning messages he saw online made no mention of spoofing.

The complexity of online fraud shows the urgent need for banks, regulators, tech and telecoms companies to work together to better protect consumers. Cross-industry groups like Stop Scams UK are a good start but the reality for victims is that trying to claw any money back is just as traumatic as losing it to the scammers.

Talk to bankers around the world and many will tell you, when it comes to cyber-crime, they are second only to the military in terms of the strength of their defences. Yet trawl the dark web and it is obvious that attempts to breach those walls are commonplace. One criminal was detected trying to recruit insiders within America’s three biggest banks, JPMorgan Chase, Bank of America and Wells Fargo, offering a ‘seven-to-eight-figure’ weekly payment to authorise fraudulent wire transfers.

Such activity represents the handiwork of a new breed of bank robber. Forget the hold-ups of yore. Today’s smartest hackers are likely to be backed by rogue states, such as North Korea or tolerated by countries such as Russia and China. As one of the first industries to offer online transactions, banks have been fending off hackers since the dawn of the internet. They spend more on cyber-security than any other sector and manage to foil a lot of the attempted thefts. Nonetheless, since 2016, no industry has suffered more from attacks than banks.

If you are approached by telephone, email or by letter with an offer that grabs your intention or you have any doubt as to the legitimacy of a call out of the blue, stop! Check it out, make sure and stay safe. Do not let these criminals succeed.

If you need to discuss any of the above content, please contact your Prosperis adviser on 01423 223640 or email us below.