Watchdog slams banks’ ‘vague and ineffective’ fraud alerts

Banks can wriggle out of paying fraud refunds if they can prove victims ignored warnings on their websites.

Yet a damning report by the Lending Standards Board (LSB) revealed last week that many of these scam alerts are vague, ineffective and not good enough.

The watchdog refused to name and shame the banks with the worst fraud warnings. But Money Mail has done its own analysis to find which of the banking giants could do more to protect their customers.

Weak warnings: A damning report by the Lending Standards Board revealed last week that many banks’ scam alerts are vague, ineffective and not good enough

Under the voluntary code of conduct introduced last May, banks must present customers with ‘effective’ warnings about scams when they are making payments online.

The code states that these alerts must be understandable, clear, impactful, timely and tailored to the customer.

Nine of the biggest providers – including Barclays, HSBC, Lloyds, Nationwide, NatWest, and Santander – have signed up to the code.

Yet while major banks have agreed to continue refunding blameless victims until at least June, many are still unfairly denying claims — with one firm only refunding customers in 1 per cent of cases.

Gareth Shaw, head of money at lobby group Which?, says: ‘Banks too often pin the blame on consumers who fall victim to a bank transfer scam by claiming they’ve ignored a warning – but we’ve seen no evidence these warnings are effective at preventing fraud.

Money Mail asked a fraud expert to analyse each of the banks’ scam alerts. Richard Emery, of consultancy firm 4Keys International, says almost all were too vague, with HSBC and First Direct the worst offenders.

When customers make a payment via HSBC’s mobile banking app, the warning appears at the bottom of the screen under its ‘verify payment button’ – making it easy to miss. 

The message is also very generic and reads: ‘Don’t fall victim to a scam. Criminals pretend to be people you trust, like a company you’d pay bills to, HSBC or even the police. HSBC will never ask you to move money, but criminals will.’

It was hoped effective warnings would protect victims of so-called push payment scams, who lost £207.8 million in the first half of the year

It was hoped effective warnings would protect victims of so-called push payment scams, who lost £207.8 million in the first half of the year

It then advises customers to follow a link for more information.

Mr Emery says most people won’t read the scam warning because of where it is placed on the page, and are unlikely to click on the link to find out more.

First Direct’s alert is also at the bottom of the screen. But the text is small and in a pale grey font. 

It reads: ‘If you have received an unexpected request to make a payment, then stop and contact the company using its telephone number from a trusted source e.g. its website. First Direct will never ask you to move money, but criminals will.’

Mr Emery says the alert is unlikely to protect victims of investment scams or online shopping fraud as customers expect to make these payments.

However, he says Santander and RBS/NatWest are among the best at warning customers.

‘When customers set up a new payee on the RBS mobile banking app, they are presented with an image of a black hand in a bright yellow circle. 

The text reads ‘take five to stop fraud’, adding: ‘Are you confident the payment you make isn’t a scam? Tell us your payment reason to protect yourself.’ Santander and Metro Bank have a similar system in place.

Duped: Kevin Hanson fell victim to a scam after he received a text message claiming to be from his bank

Duped: Kevin Hanson fell victim to a scam after he received a text message claiming to be from his bank

Although Lloyds customers are not asked their reason for making a payment, they are presented with several security questions.

One asks: ‘Did we call and tell you to move your money to another account?’ If customers select ‘yes’, they are shown a message in a bright red box that reads: ‘This is a scam. We will never ask you to move your money, or for your banking details. Right now, your money is safe in your account. If you move it, there’s a good chance you will lose it.’

Barclays asks its customers why they are making the payment and offers nine options.

If customers say it is for an ‘investment’, the alert reads: ‘We recommend that you reject any unsolicited calls or messages and make sure that you’ve checked they’re legitimate and are a Financial Conduct Authority (FCA)-regulated firm.’

Nationwide also tailors its warnings to the type of payment. And at the top of the page it reads: ‘STOP AND THINK: what type of payment are you making? This helps us protect you from scams.’

Mr Emery says: ‘Overall warnings could be improved in respect of clarity and visual presentation. Many are too generic.’

Lloyds customer Kevin Hanson, 63, fell victim to a scam after he received a text message claiming to be from his bank saying his account had been compromised and that he must move his money – £4,100 – to a ‘safe account’.

But the next day he realised he had been tricked. He called Lloyds and was asked if he had seen an alert when making the payment. He says: ‘I was shown no empathy. The warning was insufficient.’

Lloyds says it presented Mr Hanson with an alert and also showed him a scam warning but acknowledged it could have handled the situation better and will offer compensation.

HSBC says its warnings are driven by the risk of the transaction. UK Finance says banks are working with the LSB to ensure the code is effective.

[email protected]

Regulation must end refund lottery 

By KATY WOROBEC  

Victims are legally entitled to a refund in cases where the criminal steals their details and makes the payment, but the law doesn’t currently cover scams where a customer is tricked into transferring the money themselves.

Last year, the banking sector worked with consumer groups to introduce its own voluntary standards to try to address this gap. Nine banks and building societies covering more than 85 per cent of the market signed up to a voluntary code under which customers who lose money to these scams through no fault of their own are entitled to a refund.

Almost £90 million has been reimbursed to customers since the code was introduced. However, the industry recognises not all victims are protected by these voluntary measures and there are inconsistencies in how they are being applied. 

Customers and firms need certainty, so we are calling for new legislation to put in place these protections for all.

It’s not often that an industry asks for new laws and more regulation, but that is exactly what is needed. 

To keep abreast of the criminals we feel such legislation is necessary to aid prevention and deliver better customer security – and, vitally, deliver clear, unequivocal rules on reimbursement to end the refund lottery.

This week the Government announced its Online Harms Bill, setting out strict rules to hold tech companies to account for harmful content on their platforms. 

However, online fraud was not included within the proposals. It’s now crucial that the Government comes forward with new legislation that ensures tech companies do more to clamp down on the fraud being perpetrated on their platforms.

The finance industry is committed to tackling all forms of fraud, but only the combined efforts of every sector will truly ensure greater protection for customers and stop the scam epidemic. 

  • Katy Worobec is managing director of economic crime at UK Finance.

Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.