Online and mobile banking is becoming more popular, but unfortunately the chances of getting scammed are growing too.
Most of us feel comfortable managing our bank accounts online. The internet has become such an integral part of our daily lives that we think nothing of logging on to move money around and pay bills.
But how safe is our money in this brave new world and have we become too complacent about the potential risks?
Are we doing enough to protect our money or can more be done to step up security within the banks?
The depressing answer is the criminal fraternity has never had it so good. It’s quite possible for fraudsters to steal our money and new technology, such as mobile phones, is providing them with a range of tools for the job.
How fraudsters operate
Fraudsters can steal your money in two main ways. The first is by accessing your account after obtaining security details through methods such as 'phishing' emails that request you ‘confirm’ information such as passwords.
Secondly, a fraudster may contact a victim, by phone or email, and persuade them to transfer money. For example, they pose as the police investigating a fraud at the bank and telling the victim to move cash to a supposedly safe account.
As well as simply withdrawing cash from your account they can also set up new payees to whom they can send money.
Cases have been reported in which thousands of pounds have been transferred out of accounts within hours.
Richard Emery, a retail and bank fraud consultant, says that criminality associated with online banking is totally different from buying goods and services online because of the issue of liability.
“If I make a decision to transfer £1,000 to someone that turns out to be a fraudster then I have no recourse on my bank because I made the decision to transfer the money,” he explains.
Banks hit by a super complaint
However, campaign groups don’t believe banks are doing enough to protect their customers from such activity.
Consumer group Which? has made a super-complaint to the Payment Systems Regulator asking for it to investigate the scale of bank transfer fraud and how much this costs customers.
The organisation wants the proposal of new measures – as well as greater liability for banks - to ensure bank users are better protected when they are tricked into making a transfer.
Alex Neill, director of policy and campaigns at Which, insists banks must do more to tackle bank transfer fraud and safeguard their customers from the increasing number of phone and internet-based scams.
“We all now regularly use bank transfers to pay for things, but what most of us don’t realise is that if you’re conned into paying out money to a fraudster you stand to lose all of your money, unlike when you use your credit or debit card," she says.
Her comments are backed up by the group’s research that reveals 60% of people didn’t realise they wouldn’t receive protection from their bank if they were scammed into making a bank transfer.
Eight in 10 people said they had used bank transfers to make payments and, worryingly, one in 10 had, or knew someone that had, made a bank transfer payment to a fraudster’s account.
What does the banking industry say?
Katy Worobec is director of Financial Fraud Action UK, whose members include banks, as well as credit, debit and charge card issuers. It is leading the industry’s charge against the problem of fraudulent payments.
She insists the banking industry is committed to tackling the problem. “Banks take fraud extremely seriously and use advanced security systems which last year stopped £8 in £10 of attempted remote banking fraud,” she says.
Worobec points out that banks are legally obligated to fulfill a request to transfer money even if they had warned the customer they were at risk of a potential scam. “All banks will always work to recover stolen money, and last year recovered 40 per cent of funds taken through remote banking,” she adds.
Customers rightly expect banks to carry out transactions they have authorised, she adds, pointing out that banks will provide compensation – albeit on a case-by-case basis. “A blanket approach is equivalent to asking an insurance policy to pay out for theft when the front door was left wide open,” she says.
What should the banks do?
Fraud consultant Richard Emery has recommended a package of measures that he believes will improve security for banking customers.
These include a requirement to validate a payee’s account name, as well as their sort code and account number – surprisingly not currently required.
He also wants to see enhanced verification checks on individuals opening up accounts and a greater focus on detecting those that are being used to receive funds transferred as the result of scams.
Emery also believes there should be a greater cooperation between banks when it comes to investigating potential frauds.
Customers would also benefit from more comprehensive notification from their banks when it comes to activity on their accounts – namely voicemail, text and email alerts.
Finally, he is proposing that banks should allow customers to opt for an automatic 24-hour delay between creating a new payee and the releasing of substantial funds to them to allow time for a scam to be detected and stopped before the money goes.
How can we protect ourselves?
Of course, that’s for the future. What can we as customers do to protect ourselves before any such proposals can take effect?
The first task is to make sure that your anti-virus software is up to date as this is the first line of defence. You should also avoid putting personal information that may be useful to fraudsters, such as your birth date, on social media.
The second rule is to be vigilant at all times. Never click on links in emails that purport to be from your bank. If you want to double-check if a message is genuine, ring your bank on the number printed on your statement.
Make sure you type your bank’s full website address into your browser, make sure there is a padlock symbol and the address starts with ‘https’ to ensure the connection is secure.
It’s also worth having a savings account that’s totally separate from your current account so if a fraudster gains access to one he doesn’t automatically get into the other as well.