Which? calls for transfer scam protections as losses hit £1bn

Which? is calling for fraud protections to be made mandatory, as more than £1 billion is estimated to have been lost to bank transfer scams in just three years.

With measures set to come in that should significantly reduce the amount of money lost to this type of fraud, Which? also raised concerns that some banks are not committed to introducing the protections on time, or even at all.

It analysed bank transfer fraud statistics since the start of 2017, a few months after it first highlighted the threat from these scams with a super-complaint. The projected total lost since then, based on current trends, now stands at a £1.1 billion.

During that period, the sums lost to this type of scam, also known as authorised push payment (APP) fraud, have risen rapidly, while the payments regulator and banks have been slow to introduce much-needed protections for consumers.

According to the consumer organisation’s projections, £97 million could have already have been lost in the first three months of this year alone.

Analysis also suggested that almost a third of the total losses since 2017, equating to £320 million, could have been prevented if a system of checking names on bank transfers had been in place during that period. This measure - known as confirmation of payee (CoP) - is due to be introduced by most of the UK’s major banks by the end of March.

CoP ensures that a check is made on whether or not the name a customer enters when making a payment matches the account details it is being sent to, helping to stop fraudsters from posing as trusted organisations such as a bank or solicitor and tricking people into making payments to them.

The Payment Systems Regulator has only directed the six biggest banking groups to sign up by 31 March, but Which? argued that all banks must join the scheme in order for it to be effective.

The consumer champion asked all banks when they planned to introduce CoP. Of the banks that have been directed to sign up, RBS Group (including Royal Bank of Scotland, NatWest and Ulster Bank) and HSBC (including First Direct) were unable to confirm a specific date when asked if they would be ready by the regulator’s deadline.

On the other hand, Lloyds Banking Group is implementing CoP from 2 March for Bank of Scotland customers, before rolling it out to Halifax and Lloyds customers throughout the rest of this month.

Of the banks that haven’t been directed to sign up by the regulator, several have said that they plan to deliver the system by the end of the year.

However, Metro Bank told Which? that it has no current plans to implement CoP at all – despite this being a requirement of the voluntary industry code on APP scams launched in May 2019, which Metro Bank signed up to. It did not elaborate on why it is does not intend to introduce CoP, but said the voluntary code gives customers significantly increased protection against APP scams.

Gareth Shaw, head of money at Which?, said:“The UK has been in the grip of a fraud crisis for years, but new security measures offered by the banking industry should finally give people better protection against increasingly sophisticated fraudsters.

“It is vital for all banks to commit to basic name-check security, and the whole industry should sign up and follow through on the protections offered by the scams code – if the banks fall short of making these commitments themselves, these initiatives must be made mandatory by the government.”

    Share Story:

Recent Stories


The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.