Why are Britain’s banks blaming customers for online banking fraud?


(Alex Sherwood) #1

Here’s a pretty shocking story from The Guardian which was prompted by this comment -

Neville is one of the hundreds of thousands of people who have lost money to fraudsters in recent years, a victim who quickly found out that the reassurances given when you sign up to online banking are worth nothing. On Monday RBS’s Ross McEwan caused a storm when he claimed that it is not banks’ responsibility if customers are defrauded in such circumstances. The bank boss – who as part of his role also runs the NatWest brand, which has 24 million retail customers – said he didn’t think the bank had “a duty of care” to victims. They should accept the blame and not expect automatic refunds, he argued.

Emphasis mine.

Following on from that -

Log on to make an online bank transfer and you are asked for the account number, the sort code, and the account holder’s name. What you won’t know is that the name is irrelevant. You can put any name on the transfer – try Mickey Mouse – and the payment will still go through. This, and the advent of the faster payments system, which allows stolen money to be moved through various accounts unchecked in minutes, has enabled fraudsters to get away with it. The banks have long known this is going on but have done nothing to stop it.

Even putting the liability to one side, there must be an opportunity for Monzo to do better than this?!


Web / Online Banking 1
#2

Pretty sure somewhere the regulator is going to make the name a checkable piece of data. So the name, sort code and account number will have to match.

Not sure if there was a deadline for this however.


(Richard Grey) #3

This could be a tricky one for the banks. For example, the name you might know a person by, might not be the name on their bank account. Lots of people in the UK use their middle name as the name they’re known by.

Should the banks check the name on all payments, I am presuming that this would put a lot of payments on hold whist this name gets checked, and I’m willing to bet that the majority of these payments would be legitimate.

This would in-turn be an extra process that has to be paid for, and we all know how much traditional banks like passing on costs! :wink:


#4

That or I think when you put the details in you will see the name of the account.


(Richard Grey) #5

I don’t think that will be possible with GDPR and Data Protection rules. However, with the advent of PSD/2 it will be interesting to see how much banks will talk to each other for transaction such as this, and what information they will share.


(Tommy Long) #6

The entire sort code/account number flow is archaic and bad. We need a new flow for the 21st Century, which is where Monzo comes in.


(Hugh) #7

The “name” is pretty irrelevant for fraud checks I would suggest. It is literally just a place holder that adds a more human readable aspect - like identifying a phone number against a name in your contact book.


(Richard Grey) #8

I don’t think fraud has anything to do with it. The original point I was making is that people are often known by other names. Putting an incorrect name in as the receiving party name might put it into a queue for manual processing.


(Hugh) #9

Exactly - which is why the name field has very little relevance.
I’m not sure that’s a good solution either - as it would end up delaying large numbers of payments!

AI would be pretty good for this… Looking for names of organizations (ie. Thames Water) labeling personal account with the wrong sort code, large sums of money going into an account from multiple previously unconnected sources. Then, those transactions can be flagged and dealt with. Unfortunately, big banks aren’t so good at adopting new technology… If I remember correctly, Monzo already uses AI to approve transactions and will probably do so for FPI on the CA.


(Sy) #10

Personally I agree with Ross. People should not expect an automatic reimbursement particularly when certain types of fraud are well publicised and the customer should be aware and take steps. If they are negligent or complacent they should be partially liable as a result.


#11

Agreed. It’s impossible to legislate for stupidity.

I’ve had more than one customer who has been fleeced by the so-called tech support scams and have had the money repaid by their banks. Why? Their bank has absolutely nothing to do with their stupidity.

If people can be conned into losing their money then let them. Let them learn from their mistakes