View more on these topics

Paul Lewis: Banks must step up efforts on scam prevention

New rules mean banks will have to take more responsibility for fraud protection. But is it enough?

Last month, the police reporting service Action Fraud tweeted: “2019 will not be a happy year for fraudsters.”

It was referring to a new initiative where banks will check the name of the payee before transferring money to a sort code and account number.

Many people think banks do that already – after all, we cannot make a transfer without entering the name of the person or business where the money is going. But, no. They have finally been forced to do so by a pincer movement from the Payment Systems Regulator and pay.uk, the new name for the body that moves £6trn a year of faster payments, Bacs and cheques.

The new system will not start before 1 July next year. So despite Action Fraud’s hopes, the first half of 2019 will be a happy time for thieves who still have months to carry on as normal. The initiative, called “confirmation of payee”, has been discussed for years. Until recently, I was told it was impossible or even against EU law.

The thefts it will frustrate are called “authorised push payment” frauds. In the first six months of 2018, thieves used that method to steal £145.4m from 34,128 individuals. That appeared to be a 44 per cent increase in the money stolen and a 77 per cent rise in victims over the same period last year. But the banks’ trade body UK Finance says the numbers are not comparable, admitting only to an increase which it could not quantify.

Norfolk advisers jailed for £17m fraud

In all cases, the victim had authorised the transfer themselves after the thieves tricked them into thinking it was a good idea.

In some cases, thieves pretended to be from the victim’s bank or a trusted firm like Microsoft or BT, and warned their security was compromised and they should move money to a “safe” account. In others, thieves intercepted emails and sent a revised account number as the victim was about to pay a large bill, perhaps for building work or a property purchase.

These crimes should be stopped by confirmation of payee. The victim will be warned the account name does not fully match the one they had entered and told to check before authorising the payment.

Unlike other frauds, the banks have taken no liability for an APP loss. They say the customer authorised it and must take the hit. However, in a parallel move, other new rules from the PSR will mean that, if banks do not use confirmation of payee and other available technologies to detect or prevent fraud, compensation will be paid – though banks are still arguing whether it is them or a state-run fund that should pay it.

What puzzles many people is how thieves open the bank accounts they need to receive the proceeds of this crime. Meet Nilesh Sheth. Over three years, this Barclays personal banking manager opened 400 accounts at his own bank using fake IDs and sold the details to a gang of thieves.

When arrested, £16,000 in cash was found at his Essex home, and he was recently ordered by the court to disgorge another £62,000 or have a year added to his four-year sentence. That total of £78,000 amounts to less than £200 for each of the accounts he opened which the gang of four men used to launder £16m. They were jailed for between three and 10 years each.

Barclays said it was “a rare occasion where an individual deliberately exploited our systems”. Banks typically underplay the number of accounts they allow to be opened with fake IDs. But an ex-fraudster called Tony Sales told me on Money Box it was easy enough to do. “To buy a fake passport, if I’m a fraudster, will cost me £700. To buy a fake utility bill is going to cost me £50.” Banks say most frauds use what are called “mules”. These are young people or students with a legitimate account who are paid by thieves to allow them to use it to launder money.

Fraud prevention agency Cifas reported earlier this year that the incidence of young people aged 14 to 24 involved with a mule account was up 36 per cent.

Cifas members identified more than 32,000 mule accounts in 2017. Lloyds Bank told me it had closed 13,000 such accounts since it launched a special unit to identify them at the end of 2017.

However, it does not always act as fast as it might. It identified one account belonging to a 19-year-old woman which was not blocked until 14 payments totalling £100,000 had passed through it.

The final step of the laundry cycle is moving the money out of the receiving account into others.

The Sheth trial revealed how thieves obscure the trail. The gang used the 400 accounts to receive money from many frauds, mixed it up and sent it on.

The proceeds of one fraud were not kept intact and traceable. They were split into smaller amounts, added to other money, split again, moved through numerous accounts in various amounts, until finally this thoroughly mixed and untraceable money was transferred to eastern Europe, where it disappeared.

Confirmation of payee is an important step and may save some people from losing their life savings. But banks will still allow thieves to open or take over accounts, still fail to spot money moved in unexpected quantities and still be too slow to follow it.

In other words, they will still be involved in every step of money laundering but fail to reimburse most of the customers who fall victim to this industrial-scale crime.

Paul Lewis is a freelance journalist and presenter of BBC Radio 4’s Money Box programme. You can follow him on Twitter @paullewismoney

Recommended

Catherine Metcalfe: Everything you should know about the Apta

New rules came into force on 1 October to replace the transfer value analysis The last year has seen a wave of regulatory consultations and policy statements on pension transfers. The latest, PS18/20: Improving the Quality of Pension Transfer Advice, arrived days after the implementation of rules set out in PS18/6: Advising on Pension Transfers. […]

MM-AutumnBudgetBanner
3

Lifetime allowance 2018/19 increase confirmed but pensions absent

The Government has confirmed that the lifetime allowance 2018/19 will rise in line with inflation, but savers have been offered little else in the Autumn Budget. The lifetime allowance will increase from £1m to £1,030,000 to match CPI from 2018/19.  Though the maximum amount the can be saved each year into a Junior Isa or […]

7

Berkeley Burke loses High Court appeal against FOS

Embattled Sipp provider Berkeley Burke has lost its judicial review in a landmark High Court ruling published today. The ruling is over a longstanding dispute between Berkeley Burke Sipp Administration and the Financial Ombudsman Service. The judgment establishes with greater certainty whether Sipp providers have a duty of care to vet unregulated investments for their […]

Health - thumbnail

Fit for Work: guidance for employers published

On Friday, the Department for Work and Pensions published its guidance for employers on using the new Fit for Work (FfW) service to help ill employees return to the workplace. It also includes more details on the tax exemption for medical interventions that commenced on 1 January 2015.

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

There are 4 comments at the moment, we would love to hear your opinion too.

  1. As do the mobile phone operators or more accurately Vodafone & O2 after the revelations on Watchdog last night. By ignoring their own rules they are undermining the protection efforts of others

  2. In February 2015 we successfully lured an online scammer to our office, where she was arrested by the two detectives we had waiting. In the course of the back-and-forth email game we played to get her there, we identified a number of accounts opened with the ‘big 4’banks and in each case, we notified the bank concerned so that they could close the accounts. In not a single instance were we able to even obtain an acknowledgment of our communications, let alone confirmation that proper action had been taken. The only way to make banks take this kind of fraud seriously is for them to be forced to compensate the victims.

    • Haven’t had the excitement of an arrest on premises but experience of dealing with banks and letting them know about fraudulent accounts is essentially the same. It’s painful (often several transfers before you speak to the right person), there is a lack of communication and you never know if it did any good.

      How difficult is it to have a dedicated rapid response team that is publicised and easy to access for other regulated firms?

  3. The issue here is ‘tipping off’. On the one side a good attribute but on the other a real bug bear as banks and other financial businesses will ‘go quiet’. That does not mean that no action is being taken.

    My former experience of SIPP frauds was that the FCA is one of the worst in terms of reactions to concrete information about fraud. Actively stopping communication to Trustees/businesses about to be defrauded. The FCA hit the firms involved but not the fraudsters. Much easier than going after unregulated advisers or fraudsters.

Leave a comment

Close

Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm

Email: customerservices@moneymarketing.com