Banks still failing fraud victims in three quarters of cases, Which? Money reveals

New data shows banks are still treating fraud victims unfairly, as the regulator sets out plans for mandatory reimbursement 
Chiara CavaglieriSenior researcher & writer

Mandatory reimbursement for authorised fraud victims can’t come soon enough, as banks are still wrongly denying refunds to victims in three quarters of cases reviewed by the Financial Ombudsman Service, Which? Money can reveal.  

This week, the Payments System Regulator (PSR) laid out proposals requiring banks and building societies to reimburse victims of authorised push payment (APP) fraud in all but exceptional cases. The new proposals come after steady campaigning by Which? on behalf of victims.

Losses to APP fraud, where victims are tricked into sending money to accounts controlled by criminals, reached £583.2m in 2021. This was up 39% on the previous year, and overtook card fraud losses (£524.5m) for the first time.

According to UK Finance, victims of unauthorised payment card fraud are legally protected against losses and refunded in 98% of cases, however victims of APP fraud have to rely on a voluntary industry code

Which? has repeatedly warned that the voluntary approach isn’t working, because APP fraud has continued to soar and victims face a reimbursement lottery, even in cases involving highly sophisticated fraud tactics. 

In 2021, only 46% of APP fraud losses were refunded and new data obtained by Which? suggests that the banking industry has failed to improve the way it assesses fraud complaints. 

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy

Banks still wrongly denying fraud victims 

Last year, we reported that the Financial Ombudsman Service (Fos), a free service that settles disputes between financial firms and their customers, had ruled against banks in 73% of authorised fraud cases resolved in the 2020-21 financial year. 

The latest data reveals that banks still have a lot to learn, as the number of complaints jumped from 7,770 to 9,370, and the uphold rate (cases where the Fos ruled in favour of the consumer) increased to 76% in the 2021-22 financial year. 

There are early signs that banks’ fraud prevention measures are improving - the uphold rate has fallen to 59% for authorised fraud complaints in the first quarter of the current financial year. However, Which? will be monitoring developments to see if this trend continues.

Financial yearNumber of authorised fraud complaintsResolved authorised complaints (uphold)
2019/203,6003,000 (72%)
2020/217,7705,600 (73%)
2021/229,37010,200 (76%)

 Note this data is unpublished and therefore hasn’t been verified in the same way as published Fos data. Covers all authorised fraud not just APP (most authorised fraud complaints are about APP, but some complaints are about card payments only, and some complaints are a mix of both).

What will mandatory reimbursement look like? 

When Which? launched a super-complaint in 2016, we highlighted the glaring gap in fraud protection for bank transfers. While the voluntary CRM Code introduced in May 2019 was a significant step forward, we argued that regulatory oversight would lead to fairer outcomes. 

In November 2021, the Government said that the PSR would be able to require banks to reimburse APP scam losses under measures in the Financial Services and Markets Bill, marking an important campaign win for Which?

The PSR has since published a consultation to make this a reality, broadly proposing the following:

  • Requiring reimbursement in all but exceptional cases – so more victims will get their money back.
  • Improving the level of protection for APP scam victims – so there is greater consistency in protections for all victims, irrespective of who they bank with. 
  • Incentivising banks and building societies to prevent APP scams – because responsibility for allowing fraudulent payments is the responsibility of both the sending and receiving banks or building societies. 
  • In line with protections for other payments and financial services, reimbursement would be on all payments over £100, and subject to an excess of no more than £35.  

The PSR is also leading on a wider set of changes that would lead to the publication of data on how well firms are protecting customers from summer 2023 and continue to the widespread rollout of Confirmation of Payee – the name checking service designed to help prevent APP scams and misdirected payments. 

Rocio Concha, Which? director of policy and advocacy, said: 

‘This plan from the PSR is a hugely positive step and could be a game changer for scam victims, ending the reimbursement lottery and ensuring the overwhelming majority get their money back swiftly when they are targeted by APP fraudsters. The regulator must ensure fraud victims receive treatment that is fair and consistent, and hold banks to account with strong enforcement measures if they are falling short.’

Filling in gaps in fraud protection and intelligence 

While mandatory reimbursement is a significant boost in protection, the industry needs to ensure that all fraud victims get the support they need. 

Which? recently surveyed victims of fraud and found that many people failed to tell their banks about the incident because they didn’t think the bank would do anything about it (18%), or they felt too embarrassed to report it (16%). 

Only 19% of victims took their fraud complaint to the Fos, and 32% said this is because they had never heard of it. And only a quarter (24%) contacted Action Fraud, the national fraud reporting centre. Of those who didn’t report, 23% said they didn’t know they could report it to Action Fraud at all, while 17% said they didn’t think Action Fraud would do anything about it. 

Which? is also aware of worrying gaps in protection for payments that aren’t covered by the voluntary code. Our survey found that many victims sent money to criminals via cryptocurrency (20%), foreign bank accounts (19%), e-wallets such as Apple Pay, (17%), and forex wallets (6%). In these cases victims aren’t always protected against losses, because the code only applies to bank transfers made to UK accounts to another person.

Which? is calling for a broader range of payment methods to be covered under the Financial Services and Markets Bill to ensure that victims don’t slip through the cracks.

More on this

Related articles