Scam Victims Count on New Protection

30 May 2019

Author: Claire McCloskey
Practice Area: Banking & Finance


Customers tricked into authorising transfers to criminals in authorised push payment (“APP”) scams should find it significantly easier to recover lost funds under a new code that came into force on Tuesday 28 May 2019.

Up to now, victims of APP scams haven’t received the same level of protection from banks as customers whose money has been stolen from an account without their knowledge. Figures from UK Finance, the banking trade body, indicate that over £354 million was stolen through APP scams in 2018 of which only £83 million of that was recovered and returned to victims.

Push payments scams commonly involve the perpetrator of the fraud masquerading as someone the victim knows or can identify, such as a conveyancing solicitor or contractor. The element of personal judgment involved in authorisation of the transfer has rendered banks much less sympathetic to victims and, generally up to now, reimbursements have only been made if there was an obvious fault in the way the payment was handled by the bank.

The new voluntary code sets out fresh criteria for a bank or payment provider to consider when determining whether a customer should be refunded. It is anticipated that anyone who has taken reasonable care or is vulnerable in any way, is much more likely to receive a refund. Where neither the bank nor customer is at fault, the eight banks who have signed up to the new code can draw the refund from a central fund. The banks who have committed to implementing the code immediately are:

  • Barclays
  • HSBC (including First Direct and M&S Bank)
  • Lloyds (including Halifax, Bank of Scotland, and Intelligent Finance)
  • Metro Bank
  • Nationwide
  • RBS (including NatWest and Ulster Bank)
  • Santander (including Cahoot and Cater Allen)
  • Starling Bank

The new rules will not apply retrospectively, which means that former victims are not entitled to ask that their case be reopened or revisited. The code will also impose certain vigilance obligations upon customers, for example, to heed warnings made by a bank during the payment process and not to act in a “grossly negligent” fashion.

For now, the code is voluntary and eight banks have committed to implementing it immediately. It is hoped that the remainder will follow in the immediate future, bowed by the weight of consumer pressure and the magnitude of the risk APP fraud carries.