A UK financial watchdog has put more pressure on banks to root out fraud, claiming they shouldn’t assume customer “gross negligence” is to blame.
Caroline Wayman, CEO of the Financial Ombudsman Service (FOS) said that in the disputes her organization is frequently called upon to settle, lenders often try to put the blame onto their customers.
However, unless they have the facts to back up their position, the FOS will usually rule that the financial institution has to pay up.
“Gross negligence is more than just being careless or negligent,” she wrote. “And as our case studies show, the evolution of criminals’ methods — in particular, their sophisticated use of technology and manipulative ‘social engineering’ — means it’s an increasingly difficult case to make.
Consumers in the UK lost £730m to scams last year, according to UK Finance. A third of these (£236m) were down to so-called “authorized push payment fraud” where the scammer tricks their victim into making payments to an account controlled by them.
According to Hannah Nixon, managing director of the Payment Systems Regulator, there were 43,875 reported cases of authorized push payment scams last year: 88% of victims were consumers, who lost an average of £2784 and the rest were businesses, who lost £24,355 on average per case.
The problem was exacerbated by the fact that banks had no measures in place to spot and block these fraud attempts, she said.
The regulator is now working on several initiatives to address the problem.
“These include guidelines to check the identity of people opening bank accounts to make it harder for fraudsters to open accounts that they use for scams; confirmation of payee, which will allow customers to verify that they are paying the person they want; and improved data sharing, which will mean banks can work together to respond to scams faster and more effectively,” said Nixon.
“We also tasked the industry to work with consumer representative groups to produce a code that the industry must adhere to when people report scams. This will give everybody greater protection against this type of fraud – and victims a much better chance of being reimbursed.”
Most security experts agreed with the FOS that banks should get better at tracking fraud.
“Banks should take more responsibility for defending against cyber-attacks and also assume the role of educator, as they possess the relevant knowledge of emerging threats, as well as the most effective defense,” said Webroot director of threat research, David Kennerley.
Trevor Reschke, head of threat intelligence at Trusted Knight, added that government also has a role to play.
“Banks must become more active in defending their systems and their customers, investigating instances to force proper attribution, and deployment programs to stop remote access and data theft from their systems,” he argued. “However, governments are often forgotten in this equation: as banks are critical national infrastructure, this should be an issue tackled at state level to stop the degradation of the financial sector as a whole.”