Fraudsters trick victims out of £4,526 in bank transfer scams last year as banks refund less than a quarter of lost money

21 March 2019

Fraudsters managed to trick victims into paying them £354 million in bank transfer scams last year, new figures from UK Finance show.

Over the course of last year there were 84,624 APP scam cases, split between 78,215 personal cases and 6,409 non-personal cases.

This means on average victims lost around £4,526 from criminals. 

In an authorised push payment (APP) scam, the customer is duped into authorising a payment to another account which is controlled by a criminal.

A total of £228 million was lost from personal accounts and £126 million from business accounts.

Banks were able to return £83 million, less than a quarter of the losses.

Katy Worobec, managing director of economic crime at UK Finance, says: “Fraud is a crime which poses a major threat to us all – it can have a devastating impact on victims and the money stolen funds even more damaging crimes such as terrorism, drug trafficking and people smuggling.

“Every business, from online retailers to social media companies, as well as the public sector, has a duty to work together to beat fraud and prevent stolen data getting into the hands of criminals.”

Tom Clementson, director of consumer and SMB at Shieldpay, comments: “Billions of pounds have been lost to the hands of criminals as banks fail to crack down on fraudulent activity. Scammers remain well ahead in the game.

"Levels of fraud are heading in the wrong direction, people are losing life changing sums of money and criminal activity is broadening out onto new online platforms."

New code

In February, the Authorised Push Payment Scams Voluntary Code was agreed following work between the industry, consumer groups and the Payment Systems Regulator.

The code comes into effect on 28 May and will protect customers from payment service providers who sign up to it.

Unlike credit card scams, victims of authorised push payment fraud have not been entitled to the same level of protection. Banks frequently refuse to refund victims of this type of scam on the grounds that they authorised the transaction.

Under the voluntary code banks have to reimburse consumers for their losses provided they have taken reasonable care.

Currently, if a customer authorises the payment themselves banks have no legal protection to cover them for losses.

Ms Worobec says: “Last month, the finance industry and consumer groups agreed a voluntary Code which will increase protection for customers from authorised push payment scams. It delivers a significant commitment from signatories to reimburse victims when the customer has met the standards expected of them under the Code.

“At the same time the industry continues to fight fraud on every front to protect customers and prevent this kind of crime – investing in advanced security systems and new ways to track stolen funds, assisting law enforcement in tackling the criminals and supporting the government in improving the ways in which intelligence is shared.”

Unauthorised scams

A total of £845 million that was stolen was unauthorised. With an unauthorised fraudulent transaction, the account holder does not provide authorisation for the payment to go ahead and it is done by a third party.

Unlike authorised fraud scams, unauthorised fraud customers are legally protected against any losses.

Industry research indicates that customers are fully refunded in over 98% of unauthorised fraud cases.

Take Five Campaign

To stay safe, customers are urged to follow the advice of the Take Five to Stop Fraud campaign:

  • A genuine bank, organisation or the police will never contact you out of the blue to ask for your PIN, full password or to move money to another account.
  • Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by.
  • Never automatically click on a link in an unexpected email or text.
  • Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number.

Add new comment