The text message began: “Hi Dad!”. The sender informed pensioner Graham Price* that their phone had fallen down the toilet, so they were using a temporary number while it was repaired. Chattily, they mentioned the number change had locked them out of online banking when they had an urgent bill to settle.
Convinced that he was messaging his son, Price offered to lend the money and was given the details of the creditor. He transferred £1,850.40.
The following day he discovered the texts had been from a scammer, and his money had vanished.
“He, or she, was so convincing I genuinely thought it was my son who needed help,” says Price. “I am 71, and the money I paid out in good faith was savings for winter fuel bills.”
He was taken in by an invidious scam which tricks parents into believing their offspring need help. Last year, £1.5m was lost to this racket between February and June, according to Action Fraud, the UK’s reporting centre for fraud and cybercrime.
It originally did the rounds on WhatsApp, but has increasingly spread to text messages, with victims like Price finding they are unable to reclaim their lost money.
This is set to change. The financial services and markets bill, currently being scrutinised by the House of Lords, will force sending and receiving banks to step up customer protections and refund victims when they inadvertently transfer more than £100 to imposters.
Under the plans, the banks must refund the entire amount, minus a £35 excess, within 48 hours. The Payment Systems Regulator is consulting on the scheme, due to be launched by the end of the year.
Meanwhile, the Lending Standards Board – a self-regulatory body for the banking industry – this month announced plans to force banks to develop more effective fraud prevention strategies.
And they are sorely needed. In the first half of last year, £249m was lost to authorised push payment (APP) fraud, which tricks victims into authorising payments to scammers.
The “contingent reimbursement model” (CRM) code, was launched in 2019 to refund those who have not been unduly negligent, but it is voluntary and only 10 payment providers have signed up. This means consumer rights depend on who they bank with – a fact not lost on scammers who target customers of non-member banks. Those that do subscribe compensated fewer than half of customers last year, some losing life-changing sums.
Price’s bank, Barclays, has told him he is not eligible for a refund because he was too quick to pay the money.
Fraud is the most commonly experienced crime in the UK as criminals exploit the “faster payments” system, which moves money in real time.
Savvy consumers are likely to check out well-publicised scam texts, such as those purporting to be from HM Revenue and Customs or courier firms, but may lower their defences when they believe their child is in need.
The “Hi Mum!”/”Hi Dad!” con pre-empts suspicions about the unfamiliar phone number by typically informing parents that an accident has damaged the phone’s sim and asking them to note down the temporary alternative.
The tone is relaxed and chatty, and scammers pick up on cues to convince victims they are family. “Your eldest, cutest one!” answered one imposter when a mother asked which of her children was texting.
In Price’s case, the scammer responded plausibly to chit-chat and waited for Price to offer the money rather than asking for it outright.
Most parents are used to unexpected requests from offspring. For Price, no alarm bells rang. He only discovered he had been defrauded when he visited his son and asked about his phone repair. When the fraudster mentioned a second outstanding bill, Price knew to ignore it.
The CRM code requires signatory banks to refund victims if they had reasonable grounds to believe that it was a legitimate transaction. The trouble is, what looks unreasonable to a security-trained bank official at HQ may seem perfectly reasonable to the victim in the heat of the moment.
Barclays argues Price did not verify the identity of his “son” before engaging with him, and overlooked a generic pop-up warning on the payments page that says requests for money may be a scam.
“In these situations, scammers try to play on your emotions and your instinct to help someone you care about,” says the bank. “Remember, before you make a payment, check it is who you think it is by giving them a call on a number you trust.”
Halifax, the beneficiary bank, also denied responsibility. It says: “We can confirm the receiving account in this case was not opened fraudulently, and had passed all the relevant identity and verification checks.
“The account had also been operating normally prior to the fraud taking place. We acted immediately to block the account and took appropriate action with the account holder following our own investigation.”
The Payment Systems Regulator proposals will force beneficiary banks to shoulder half the liability for refunding victims. Currently the burden falls squarely on the sending bank, meaning there is little incentive to police suspicious accounts or attempt to recover stolen funds.
However, its plans have been criticised by the Commons Treasury committee for outsourcing the running of the new scheme to Pay.uk, the faster payments system operator, whose customers are banks, not consumers, and which has no regulatory powers. This, it says, is a conflict of interest which will be a “recipe for non-compliance”. The PSR, however, insists its proposals will ensure banks will only be able to use the faster payments system if they follow Pay.uk’s soon-to-be-tightened rules.
Meanwhile, the Lending Standards Board, which oversees the CRM code, announced it will oblige banks to take tougher measures to prevent fraud in the first place. By December this year, signatories will be expected to monitor payments to identify accounts at higher risk of money laundering, and to take more account of psychological grooming. They also want the financial and telecoms sectors to work together to eliminate loopholes exploited by criminal gangs.
Chief executive Emma Lovell says that while “reimbursement can repair the financial impact, it is still very much a lose, lose outcome”.
“Victims,” she says, “lose because they feel the after-effects and trauma of being scammed, and society loses as organised criminals reap the rewards of theft.”
Price believes he had no reason to suspect the texts. He says: “Halifax accepted the money, and the fraudster withdrew it immediately. They are, in effect, supporting illegal financial transactions.”
He has taken his case to the Financial Ombudsman Service, which can order banks to pay up.
* Name has been changed
Comments (…)
Sign in or create your Guardian account to join the discussion