How to protect your money from authorised push payment fraud

APP fraud is the fastest growing type of fraud in the UK!

7 Likes

Good article, but what I’m more interested in how you protect vulnerable customers from APP fraud. Especially if they have Alzheimer’s or dementia

2 Likes

For example, on every inbound bank transfer we compare the name the sender entered when they sent the payment with the actual name on the account and store the result of this comparison.

That’s very interesting! I didn’t know this was sent to the recipient’s bank, I’d assumed that only the reference was sent. Is this for Faster Payments only, or does it also apply to BACS?

I really like that you state you’ll never call me without pre-arranging it. Monzo get it.

It’s so galling to get calls from other companies that instantly say “We need to ask a few security questions”. They act so astonished when I say no.

6 Likes

They’ve not mentioned it as of yet. I don’t really get how it works to be honest. It’s all a bit ‘flimsy’ with what the banks are expected to do and the rules the bank customers must follow:

Your bank could refuse to refund you if:

  • You ignored warnings about scams when setting up and amending payees, or before making a payment
  • You did not take care to establish that the person you were sending money to was legitimate
  • You were ‘grossly negligent’ – although this is very difficult to define
  • You’re a small business or charity and did not follow internal procedures for making payments
  • You acted dishonestly when you reported the scam

Source: https://www.which.co.uk/news/2019/02/bank-transfer-scam-victims-to-get-refunds-from-may-2019/

Sounds like all a bank needs to do is stick a ‘Make sure this aint a scam’ sign when you pay a new payee and you cant get your money back.

Would be interesting to hear what the peeps at Monzo’s thoughts are.

2 Likes

Authorised Push Payment (APP) fraud can happen in lots of ways. Here’s a video from Jim Browning showing an example of APP fraud that if you have 20 mins spare some of you might find interesting: https://www.youtube.com/watch?v=uo5JdX-CzoY

I don’t believe the customer would be entitled to a refund if the bank participated in this new voluntary code.

The one example I can think of where a customer should get their money back would be in this scenario:

  • Customer has some building work
  • Communicates with contractor over email, agrees on final price, expects an email with payment details
  • Contractor’s email gets hacked. Scammer emails customer(s) with altered payment details
  • Customer transfers to the scammer

But should the bank really pay the cost? Or should it be the hacked company? :man_shrugging:

1 Like

I hate these types of scammers… :no_good_man:

1 Like

To a certain extent, I feel for both the banks and the customers. For a customer, it’s awful to get caught out by APP fraud; and for a bank, it’s very difficult to effectively protect against it because a lot of it is happening outside your control. You could add more checks on transfers, but that will annoy many legit customers making legit transactions, and in many cases the checks don’t work because the scammer has given a good reason to lie to the bank.

If anything, what might help best would be to increase the clearance time for payments again, to give time for fraud to be reported and money to be returned before it is spent. But again, this is going to massively annoy legit customers who don’t want their transfer taking three days to clear.

That said, in some cases banks do need to update their messaging. My mother has a Natwest account and they’ve told her that “We’ll only call you from this number”, which is all well and good except it can be - easily - spoofed. Luckily my mother knows not to speak to anyone phoning up about her bank account and that, even if she thinks it is a legit call, she’ll pop into the local branch to talk to them there instead.

2 Likes

I know this is becoming a much bigger issue. I had an issue and I popped into my branch to double check.
I think APP fraud could be where blockchain technology could actually help. What I mean by this,

  1. When you set up an account you generate a Genesis(or node) for block for your account(Hard coded account number and sort code)
    2)Ever transaction that you have is attached to that blockchain(in its functionality as a digital ledger). A fraud check could then be implemented via a smart contract that you could easily deploy to the person’s Hexa(Good luck breaking that :rofl: ) It could generate a nice secure method. The validation of the block would serve the customer and the bank. As the bank would have to validate the block. and any issue would be flagged.
    Obviously just a thought ,I’m developing and learning smart contracts for another purpose :slight_smile:
1 Like

Santander have made some changes to their app payment flow.

Now, when choosing between ‘pay now’ and ‘pay later’ there’s a message to the effect of scammers will want you to pay now, choosing pay later gives you time to stop the payment.

And you now have to declare what the payment is for from a menu list.

1 Like

Your right annoying with Santander using at work now have to choose reason why making payment. E.g pay invoice or instruction from colleague. Then having to tick a box on the next page before pressing confirm.

They should just say ‘pay a scammer’ and have done with it. :joy:

2 Likes