Recent figures compiled by banking industry group UK Finance have revealed that over £500 million was stolen from customers of British banks in the first half of 2018.
Of this £500 million, £145 million was due to authorised push payment (APP) scams – referring to when people are duped into sending money to a fraudster’s account.
While it is often a bank’s policy to refuse refunds to customers who fall victim to these schemes, financial institutions need to demonstrate a concerted commitment to addressing this problem head-on.
According to Aspect Software, if banks are to keep their customers on-side, they must focus on nullifying the methods that criminals use.
Of the overall amount of money stolen, £358 million was lost to unauthorised fraud – which refers to transactions made without the knowledge of the victim.
While this represents the majority of stolen funds, UK Finance confirmed that two-thirds of unauthorised fraud is thwarted by financial institutions, meaning that banks are having some success in this area.
APP, however, represents a different challenge entirely, with regulations meaning that banks are often well within their rights to reject refunds for this type of fraud.
Cameron Thomson, VP Northern Europe & Worldwide Subscription Sales at Aspect, said: “Banks turning down compensation claims due to a customer’s own errors is understandable to an extent.”
“However, banks – like so many other businesses – are customer-focused institutions with a responsibility for those in their care.”
“People are being hit by increasingly sophisticated social engineering schemes and related scams, including SIM swap hacks or posing as a highly convincing text message, email or web page purporting to be from the bank.”
“A certain level of common sense from customers should rightly be expected, but the growing skills of fraudsters in appearing legitimate mean that it has become unrealistic to expect every customer to distinguish a fraudulent request from a genuine one.”
While Thomson considers it crucial that banks reaffirm their efforts to teach adequate security hygiene to their customers, he also believes that it is time that financial institutions stepped up their efforts to detect techniques such as SIM swap or social engineering campaigns, before taking the necessary steps to reinforce data security measures and shore up the accounts most at risk.
He added: “Humans will always be the weak link in the security chain, so banks should be doing everything in their power to mitigate the impact of errors made by individual customers.”
“This means that financial institutions should have fraud-detection capabilities in place that are able to keep them abreast of the latest scams as well as automatically flag and escalate instances of issues such as SIM swap or particularly successful social engineering schemes.”
“Banks might not be compelled by regulations to refund customers, but there’s a possibility this could change very soon, and demonstrating a steadfast commitment to customer welfare will always be positively received.”
Thomson concluded: “Key to this is also a willingness by banks to work closely with regulators to work out the best possible course of action to tackle APP.”
“The issue of compensating defrauded customers can be a sticky one, so engaging in open discussions with regulators can go a long way towards ensuring that we arrive at a positive resolution to the APP conundrum.”