APP fraud is the fastest growing type of fraud in the UK!
Good article, but what Iâm more interested in how you protect vulnerable customers from APP fraud. Especially if they have Alzheimerâs or dementia
For example, on every inbound bank transfer we compare the name the sender entered when they sent the payment with the actual name on the account and store the result of this comparison.
Thatâs very interesting! I didnât know this was sent to the recipientâs bank, Iâd assumed that only the reference was sent. Is this for Faster Payments only, or does it also apply to BACS?
I really like that you state youâll never call me without pre-arranging it. Monzo get it.
Itâs so galling to get calls from other companies that instantly say âWe need to ask a few security questionsâ. They act so astonished when I say no.
Theyâve not mentioned it as of yet. I donât really get how it works to be honest. Itâs all a bit âflimsyâ with what the banks are expected to do and the rules the bank customers must follow:
Your bank could refuse to refund you if:
- You ignored warnings about scams when setting up and amending payees, or before making a payment
- You did not take care to establish that the person you were sending money to was legitimate
- You were âgrossly negligentâ â although this is very difficult to define
- Youâre a small business or charity and did not follow internal procedures for making payments
- You acted dishonestly when you reported the scam
Source: https://www.which.co.uk/news/2019/02/bank-transfer-scam-victims-to-get-refunds-from-may-2019/
Sounds like all a bank needs to do is stick a âMake sure this aint a scamâ sign when you pay a new payee and you cant get your money back.
Would be interesting to hear what the peeps at Monzoâs thoughts are.
Authorised Push Payment (APP) fraud can happen in lots of ways. Hereâs a video from Jim Browning showing an example of APP fraud that if you have 20 mins spare some of you might find interesting: https://www.youtube.com/watch?v=uo5JdX-CzoY
I donât believe the customer would be entitled to a refund if the bank participated in this new voluntary code.
The one example I can think of where a customer should get their money back would be in this scenario:
- Customer has some building work
- Communicates with contractor over email, agrees on final price, expects an email with payment details
- Contractorâs email gets hacked. Scammer emails customer(s) with altered payment details
- Customer transfers to the scammer
But should the bank really pay the cost? Or should it be the hacked company?
I hate these types of scammersâŚ
To a certain extent, I feel for both the banks and the customers. For a customer, itâs awful to get caught out by APP fraud; and for a bank, itâs very difficult to effectively protect against it because a lot of it is happening outside your control. You could add more checks on transfers, but that will annoy many legit customers making legit transactions, and in many cases the checks donât work because the scammer has given a good reason to lie to the bank.
If anything, what might help best would be to increase the clearance time for payments again, to give time for fraud to be reported and money to be returned before it is spent. But again, this is going to massively annoy legit customers who donât want their transfer taking three days to clear.
That said, in some cases banks do need to update their messaging. My mother has a Natwest account and theyâve told her that âWeâll only call you from this numberâ, which is all well and good except it can be - easily - spoofed. Luckily my mother knows not to speak to anyone phoning up about her bank account and that, even if she thinks it is a legit call, sheâll pop into the local branch to talk to them there instead.
I know this is becoming a much bigger issue. I had an issue and I popped into my branch to double check.
I think APP fraud could be where blockchain technology could actually help. What I mean by this,
- When you set up an account you generate a Genesis(or node) for block for your account(Hard coded account number and sort code)
2)Ever transaction that you have is attached to that blockchain(in its functionality as a digital ledger). A fraud check could then be implemented via a smart contract that you could easily deploy to the personâs Hexa(Good luck breaking that ) It could generate a nice secure method. The validation of the block would serve the customer and the bank. As the bank would have to validate the block. and any issue would be flagged.
Obviously just a thought ,Iâm developing and learning smart contracts for another purpose
Santander have made some changes to their app payment flow.
Now, when choosing between âpay nowâ and âpay laterâ thereâs a message to the effect of scammers will want you to pay now, choosing pay later gives you time to stop the payment.
And you now have to declare what the payment is for from a menu list.
Your right annoying with Santander using at work now have to choose reason why making payment. E.g pay invoice or instruction from colleague. Then having to tick a box on the next page before pressing confirm.
They should just say âpay a scammerâ and have done with it.