The Lending Standards Board (LSB), which provides independent oversight over personal and small business borrowing in the UK, says banks must compensate innocent victims of the so-called Authorised Push Payment (APP) scam.

APP happens when con artists deceive a bank customer into sending them a payment under false pretences to a bank account controlled by the fraudsters.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Banks and building societies are required to reimburse a customer when they have been the victim of an APP scam through no fault of their own, the LSB says.

Game plan of an insidious con

Careful and Sophisticated people, and even small businesses, have fallen victim to the ingenious hoax. It begins when the mark receives an online invoice that looks exactly like, say, a bill from their supplier or child’s school.

After paying the “invoice,” the victim will find out—much later, in many cases—that it was in fact an online form directing their payment into the fraudster’s bank account.

As transactions made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realise they have been conned.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Payments for work done by tradesmen or contractors—say, a carpenter or builder who’s been working on your house—are frequent targets of this cunning rip-off.

The tricksters could also pretend to be from your bank’s fraud team.

They’d send an official-looking email to warn you that you’re the intended victim of cybercriminals, and that you need to move your money to a safe account immediately. Needless to say, the “safe account” is one owned by the criminals.

Victims often lose very large sums

The fake invoice trick targets mostly small businesses; it’s done by intercepting supplier payments. This scheme is similar to the attacks made on individuals, but the victims are businesses.

Using a combination of interception and social engineering techniques to obtain information, the cybercriminals are able to convince businesses to change bank account details, getting their victims to replace the account number of the legitimate suppliers with their own.

Property purchase is another favourite target of the lucrative swindle.

This type of fraud occurs when crooks intercept the email chain between sellers, buyers, estate agents and solicitors. Once the communications are intercepted, the cybercriminals change the payment information related to transfer of funds so that payments are diverted to the fraudsters’ account.

With property transactions, the sums involved are likely to be large and literally life-changing for the victims.

The heavy toll of bank transfer scams

The amount of money stolen by criminals through bank transfer scams has risen by 40% in a year and is running at more than £1m a day, according to official UK data.

Scammers stole £616m from UK bank customers during the first six months of 2019, according to banking body UK Finance. Of this total, £207.5m was lost to scams in which people were duped into authorising a payment to an account controlled by a criminal.

This was up 40% on the £148.2m figure for the same period in 2018, although UK Finance said the year-on-year numbers were not directly comparable.

The financial industry’s response

The financial industry has responded with the Contingent Reimbursement Model Code (CRM Code).

Launched on 28 May 2019, it provides important protections for consumers where they fall victim to APP scams. To date, eight payment service providers have signed up for the programme.

The voluntary code was developed by the APP Steering Group and is aimed at reducing the occurrence of APP scams, and the impact that these crimes have on consumers, micro-enterprises and small charities.

A separate consumer-facing document was published to promote awareness of the Code, informing consumers of the various ways in which they can reasonably protect themselves from falling victim to an APP scam.

Reimbursement assured under certain conditions

The Code requires that where a customer has been the victim of an APP scam, Firms should reimburse the customer.

However, Firms must be able to demonstrate that in all the circumstances at the time of the payment (in particular the characteristics of the customer and the complexity and sophistication of the APP scam) the customer made the payment without a reasonable basis for believing that:

  • the payee was the person the customer was expecting to pay;
  • the payment was for genuine goods or services; and/or
  • the person or business with whom they transacted was legitimate.