The phone call was not unexpected, but by the time it ended, Ellen Norton’s* plans to get married and buy her first home were dashed. Norton had responded to an email purporting to be from the courier firm DPD, which informed her she had missed an attempted delivery and would have to pay a small fee to rearrange it.
She realised it was a scam as soon as she had clicked the link and made the payment. She alerted her bank, Halifax, cancelled her debit card, and kept a close eye on her transactions.
So, five days later, when she was called from Halifax’s advertised number and the caller told her he was from the bank’s fraud team, she believed him. He said fraudulent transactions had been made, and she should move her £15,000 savings into a new account in her name for safeguarding.
Norton had fallen prey to what’s known as authorised push payment (APP) fraud, where customers are tricked into authorising payments to criminal gangs.
Covid-19 has caused the crime to double, as more customers move to online banking and criminals exploit people’s vulnerabilities.
More than £200m was stolen from victims of APP fraud in the first half of 2020, according to banking trade body, UK Finance. Although a voluntary scheme that requires banks to reimburse blameless customers was launched in May 2019, only about a quarter are fully refunded and not all banks have signed up.
Moreover, time could be running out. There is a pot of cash available to compensate “no-blame” cases – where neither the customer nor the bank is at fault. But funding is due to end on 30 June. By then, it is expected regulators will have decided on a more sustainable funding model.
The Treasury told the Observer: “We are engaging closely with the Payment Systems Regulator as it considers what steps are required to tackle the issues – including whether legislative changes would help.”
It is a delicate balancing act. Customers are expected to be vigilant about transferring money, but as scams grow more sophisticated and payments faster, banks have a duty to warn account holders of suspicious tactics and trace stolen funds.
Currently, fraud victims who lose life-changing sums face a lottery depending on the bank they use. Late last month, an official review into the voluntary scheme concluded that companies had been too slow to sign up, and that those that had had been inconsistent. Regulator the Lending Standards Board (LSB) says banks should do more to detect and prevent fraud, and failure to provide records on claims undermines attempts to monitor the scheme.
Campaign group Which? says that victims are being let down. “The voluntary nature of the scams code has allowed banks signed up to it to interpret and implement it in a wide variety of ways, without proper regulatory oversight,” says head of campaigns Neena Bhati.
Halifax initially admitted it could have done more to prevent Norton’s fateful transfers but it only refunded half the sum, claiming she did not take appropriate steps to verify the caller. “The stolen savings were to put towards the deposit for my partner’s and my first home and to get married. I’m 52 and so these are now unlikely ever to happen,” she says.
The bank changed its stance after the Observer requested a comment. “While customers are expected to take reasonable care when making payments, we also consider a number of other factors including the sophistication of the scam and the customer’s personal circumstances. We have considered new information, and been able to refund the full amount .”
*Name has been changed