In a recent investigation, worrying vulnerabilities have been discovered in online banking security systems that could help criminals defraud customers.
And Which Consumer Charity? This underlines that banks need to do more to protect their customers and says that reimbursement must be made compulsory for victims of transfer fraud.
‘Serious failures’ – TSB reported to the regulator as Scottish banks fall under fire for security issues with online account security
The Financial Conduct Authority (FCA) has been concerned about Edinburgh-based TSB Bank’s online banking login processes, which, along with Edinburgh-based Tesco Bank, is one of the worst banks in the UK to investigate online banking security vulnerabilities that could help criminals defraud customers.
Head of Money at Which, Gareth Shaw? In a new commentary for The, she says that some banks are wrongly refusing refunds and that it is important to make improvements.
“In recent years, financial firms’ marketing campaigns have focused on portraying themselves as caring and compassionate, a theme that has only become more commonplace in recent months,” he says.
But what happens when you become a wire transfer fraud victim?
Scammers use heinously sophisticated techniques these days, into which all of us might collapse – criminals hack your contractor or lawyer and demand money from you at the exact time you decided to make a wire transfer. Or, they inject a false message into a sequence of valid texts from your bank using readily available tools.
“Most banks and building societies have signed up to a voluntary code agreeing to reward consumers who have fallen victim of this form of fraud. Following a super-complaint from Which? in 2016, this code was implemented as we took steps to ensure better consumer security.
However, by seeking to abolish whole categories of fraud, some of these purported guardians of our money are now apparently considering watering down the requirements of the voluntary code for refunds.
“Our research today shows that lax security measures at some banks and building societies could allow criminals to carry out these types of crimes, and trying to reduce fraud protection is exactly the opposite of what banks should be doing,” he said.
“The voluntary code was originally based on the assumption that the victim should be compensated, and only in a limited number of cases should banks turn away a customer,” he said.
Some banks, however, wrongly refuse to reimburse. They blame the consumer for missing the sometimes insufficient notices on their websites in some instances we have analyzed. And it’s not only us that think this is too harsh – the body that regulates the code, the Lending Standards Board, agrees that certain banks and building societies may not obey the rules they agreed to.
The security given to customers, which is to ensure that they get their money back, is profoundly compromised by this.
Indeed, statistics from the Financial Services Authority of the United Kingdom show that of the £ 126.5 million lost in approved push payment (APP) fraud in cases assessed under the Code in the first half of 2020, just 38 percent of the amount was returned to customers, while a Payment Systems Regulator investigation found that in just one percent of cases, a bank completely paid customers.’
The industry and the payments regulator, the Payment Systems Regulator, are aware of the refund rates of all the major banks that have signed up to the document, but neither reveals them. We don’t know why, but it looks like the banks are helping each other from the outside, instead of siding with their clients.
TSB is the only bank that is willing to step out of line on the fraud issue. It has not entered the voluntary code, but still has its own guarantee to reimburse customers who are victims of fraud. As a result, its rate of refund is close to 100%.
He said, “The voluntary code, where a bank can pick and choose which rules to apply with impunity, is not working and an urgent overhaul is needed,”
“There needs to be even more accountability. The industry needs to publish how much cash each ban prohibits