Push payment fraud victims 'not automatically negligent'

Its intervention comes ahead of a planned industry code setting out how banks and other payment system providers should deal with APP fraud cases.

Chief ombudsman Caroline Wayman said that it was "understandable" for banks to take the view that they were not responsible in cases involving the acts of a criminal third party. However, this "doesn't mean usual standards don't apply", she said.

"We … often hear from banks that their customers have acted with 'gross negligence' – and this means they're not liable for the money their customer has lost," she said.

"However, gross negligence is more than just being careless or negligent. And as our case studies show, the evolution of criminals' methods - in particular, their sophisticated use of technology and manipulative 'social engineering' - means it's an increasingly difficult case to make," she said.

The FOS has dealt with over 8,000 cases involving people who complained to their banks about frauds and scams over the past financial year, according to its latest complaints report (18-page / 548KB PDF). These ranged from disputed card transactions and cash machine withdrawals, to more complex cases of online banking fraud and identity theft, it said.

APP frauds occur where a victim is conned into authorising a transfer of money from their bank account into an account which they believe is controlled by a legitimate payee, but which is actually controlled by a fraudster. There were almost 44,000 reported cases of APP fraud in 2017 according to trade body UK Finance, costing businesses and consumers a combined £236 million.

The Payment Systems Regulator (PSR) is to publish an interim industry code next month, based around a 'contingent reimbursement model' which will set out the circumstances in which consumers who have acted appropriately should expect to have funds lost to an APP fraud reimbursed. The PSR has said that this model will be developed in such a way as to minimise the number of scams in the future by encouraging consumers to remain vigilant, while also protecting victims.

The Financial Conduct Authority (FCA) is currently consulting on potential changes to its handbook which would require receiving banks and other payment services providers to handle any complaints about APP frauds in line with the regulator's usual complaints-handling rules. Eligible parties would then be able to refer their complaints to the FOS should the receiving bank not respond, or if they are unsatisfied with the response.

Civil fraud and asset recovery expert Rachelle Issa of Pinsent Masons, the law firm behind Out-Law.com, said that the latest complaints data from the FOS, when viewed alongside the PSR's November 2017 report on APP fraud, showed that these frauds were "on the rise".

"According to the PSR's report, 19,370 cases of APP fraud were recorded in the period January to June 2017 - this rose to 43,875 cases in 2017, and cost businesses and consumers £236m, according to the FOS," she said.

"With the interim industry code setting out the rules for a contingent reimbursement model due in September 2018, this data comes at a particularly helpful time as it shows that change is clearly necessary if the UK is to win the fight against APP frauds and that more needs to be done to reduce harm to consumers and businesses who fall victim to such frauds. The dedicated steering group developing the industry code will no doubt take this new data into account in their work," she said.