Advice for victims of online fraud

[benchwarmer 625]

Close your current account and move to another bank.

Not so much because of the risk of fraud but because you now have a 'record' as far as your bank is concerned.

About six months ago I was caught by a typical online scam from someone pretending to be Microsoft. 

Recently I wanted to help a friend who is struggling financially, remaining anonymous so as not to embarrass him.  I met another friend who mentioned that he'd given him some money for winter clothes and agreed that I could use his bank account to maintain anonymity.  It was a four-figure sum.  The bank spotted that I hadn't paid into his account before and promptly locked me out.

I phoned the bank and they passed me on to their fraud investigation department who interrogated me.  I answered their questions truthfully but declined to name the intended recipient, and they refused to sanction the payment or to unlock my account until the next day.  (If I'd lied and said it was for a secondhand car I'd probably have got away with it.) The most concerning aspect is that the bank evidently regarded my friend as a fraudster unless proved otherwise; he uses a different bank, but could my bank pass it on?  Very worrying.

The bank acknowledged that they'd taken this action because I was on a 'high risk' list of which I was unaware.  As I see it, the bank had done its job by warning me and had thereby exempted itself from a refund if it turned out to be a scam.  But at the end of the day it was my money and they had no right to withhold it. 

Fraud is a huge problem as we all know, but this kind of surveillance is going too far.  And it's only just begun . . .

 

Edited December 13, 2022 by benchwarmer

[Indy 3,314]

47 minutes ago, benchwarmer said:

Close your current account and move to another bank.

Not so much because of the risk of fraud but because you now have a 'record' as far as your bank is concerned.

About six months ago I was caught by a typical online scam from someone pretending to be Microsoft. 

Recently I wanted to help a friend who is struggling financially, remaining anonymous so as not to embarrass him.  I met another friend who mentioned that he'd given him some money for winter clothes and agreed that I could use his bank account to maintain anonymity.  It was a four-figure sum.  The bank spotted that I hadn't paid into his account before and promptly locked me out.

I phoned the bank and they passed me on to their fraud investigation department who interrogated me.  I answered their questions truthfully but declined to name the intended recipient, and they refused to sanction the payment or to unlock my account until the next day.  (If I'd lied and said it was for a secondhand car I'd probably have got away with it.) The most concerning aspect is that the bank evidently regarded my friend as a fraudster unless proved otherwise; he uses a different bank, but could my bank pass it on?  Very worrying.

The bank acknowledged that they'd taken this action because I was on a 'high risk' list of which I was unaware.  As I see it, the bank had done its job by warning me and had thereby exempted itself from a refund if it turned out to be a scam.  But at the end of the day it was my money and they had no right to withhold it. 

Fraud is a huge problem as we all know, but this kind of surveillance is going too far.  And it's only just begun . . .

 

I’ve had a similar issue with my business banking, I got a call from a guy claiming to be part of their data team to update mu business details, (turned out to be genuine) but I declined his phone call and logged onto my account which sends me any issues on my account mail. Nothing there.

I got a letter from said bank telling me they were going to block all my business accounts if I didn’t call the number on the letter and go through the process. So I called the services number on my business card to confirm it wasn’t a scam! They passed me onto the departed and it wasn’t a scam but if I didn’t answer certain questions not only business related but personal they stop my accounts and block them….. som questions I said I would not answer as they were nothing to do with my business but my personal details which I didn’t want logged on a banks database! They got stroppy and I said I would close my accounts and move my business, which my accountant has done, the new bank was superb, no issues and now happy again.

But the main issue was they threatened to block my accounts if I didn’t give full info! I put it to them that if they blocked my accounts without just reason I would put it to my legal guy and all money and any negative effect on my business would be placed into his hands. I was left fuming that potentially they would cause my invoicing and payments to be stopped with no just cause and to threaten this to justify getting my personal finances & details to market was very unprofessional.

Edited December 13, 2022 by Indy

[benchwarmer 625]

4 hours ago, Indy said:

But the main issue was they threatened to block my accounts if I didn’t give full info! I put it to them that if they blocked my accounts without just reason I would put it to my legal guy and all money and any negative effect on my business would be placed into his hands. I was left fuming that potentially they would cause my invoicing and payments to be stopped with no just cause and to threaten this to justify getting my personal finances & details to market was very unprofessional.

There's a theme emerging here - banks playing fast and loose with data protection laws by threatening or actually blocking accounts and refusing payments for declining to answer their questions in full.    

The whole thrust of my interrogation was that it was a scam unless I could prove otherwise; declining to name the recipient of the funds was assumed to be suspicious.  I had to try and prove a negative, which as we know is impossible.  Welcome to dystopia.

Edited December 13, 2022 by benchwarmer

[Indy 3,314]

3 minutes ago, benchwarmer said:

There's a theme emerging here - banks playing fast and loose with data protection laws by threatening or actually blocking accounts and refusing payments for declining to answer their questions in full.    

Indeed and you need to stand up to them, as otherwise it can lead to a lot of personal data being logged and we know that banks have had massive breaches recently. I couldn’t believe they actually wanted my and my wife’s full personal tax statements! They asked my pension details and if I had any other assets like rentals! I was utterly peed and very angry, not with the lady going through the questions as she was only a data collector but the bank got a very forceful and abrupt email to my business manager,I’ve had nothing back not any reason for it nor any apology, but funny enough I find a report yesterday that the same bank has been fined millions from the FCA for non conformance! 

[TheGunnShow 5,989]

16 hours ago, Indy said:

Indeed and you need to stand up to them, as otherwise it can lead to a lot of personal data being logged and we know that banks have had massive breaches recently. I couldn’t believe they actually wanted my and my wife’s full personal tax statements! They asked my pension details and if I had any other assets like rentals! I was utterly peed and very angry, not with the lady going through the questions as she was only a data collector but the bank got a very forceful and abrupt email to my business manager,I’ve had nothing back not any reason for it nor any apology, but funny enough I find a report yesterday that the same bank has been fined millions from the FCA for non conformance! 

Which bank is that, by the way? I had someone make a dodgy purchase on my credit card (must have somehow fished my card details online as their purchase was from Walgreens!) but I caught it very quickly and to be fair to Halifax, the card was cancelled and I was reimbursed very quickly indeed.

[Indy 3,314]

5 minutes ago, TheGunnShow said:

Which bank is that, by the way? I had someone make a dodgy purchase on my credit card (must have somehow fished my card details online as their purchase was from Walgreens!) but I caught it very quickly and to be fair to Halifax, the card was cancelled and I was reimbursed very quickly indeed.

It was the Spanish bank Ant & Dec advertise……not sure if I can actually mention them by name! Lucky I’m married to an FD who controls all aspects of my business finances, she was adamant not to give them any outside business details,  as she said the bank has no right to as for this amount of information and to threaten to block business accounts without me giving them the information made us both utterly annoyed….we’d been with them for over 13 years of trading! I have received any email from my complaint which is utterly unacceptable but like I said we’re moving the account to Virgin business.

[TheGunnShow 5,989]

11 minutes ago, Indy said:

It was the Spanish bank Ant & Dec advertise……not sure if I can actually mention them by name! Lucky I’m married to an FD who controls all aspects of my business finances, she was adamant not to give them any outside business details,  as she said the bank has no right to as for this amount of information and to threaten to block business accounts without me giving them the information made us both utterly annoyed….we’d been with them for over 13 years of trading! I have received any email from my complaint which is utterly unacceptable but like I said we’re moving the account to Virgin business.

Yeah, heard a lot of shockers about their customer service.

[Thumbbass 319]

Slightly off on a tangent, but my other half had her card details stolen, a number of fraudulent purchases were made before the card was stopped.

The bank send a list of transactions so you can highlight the ones which were fraudulent (or at least they did then, prob 10 years ago). Using this information and the purchase amounts I was able to find around 4-5 of 10 items this person had bought on they websites used. One was a surf board, another a double buggy and some golf equipment. All unique item values. Each one was available from the same person on Ebay and all listed at similar time. I offered to collect one and got an address in London. I wasn't stupid enough to go myself, however gave all of the information to the police and heard nothing back.

The banks cover the financial loss and these people continue to commit what they see as a victimless crime with virtual impunity. I'm not surprised banks are much stricter now as a result.

Edited December 14, 2022 by Thumbbass

[Canary Wundaboy 1,359]

18 hours ago, benchwarmer said:

The whole thrust of my interrogation was that it was a scam unless I could prove otherwise; declining to name the recipient of the funds was assumed to be suspicious.

I mean, just to the layman, that sounds suspicious. 

[benchwarmer 625]

9 hours ago, Canary Wundaboy said:

I mean, just to the layman, that sounds suspicious. 

I see your point, but I frankly didn't trust the bank not to involve him in a fraud investigation.  He has enough problems already.

I was 100% sure that fraud was not involved but couldn't prove it.  I had to tell the same story four times, twice by phone and twice in person at the branch.  Two wanted to block the payment while the other two were willing to accept it; one of them was the bank manager, who eventually prevailed. 

At the end of the day it was my money not theirs.  The bank had a duty to warn against potential fraud and to advise that a refund would therefore not be paid in the event of a scam.  It should not have been able to withhold funds.  Safety culture is going too far; an entirely risk-free world is a) unachievable and b) not worth living in.

Edited December 14, 2022 by benchwarmer

[Naturalcynic 652]

But surely if you’ve been the victim of identity theft and/or fraud and your bank was aware of that fact, you’d want them to be extremely cautious about approving any unusual transactions from your account.  I’m sure if they just ignored the fact and allowed multiple fraudulent payments to be made, you’d all be up in arms about their negligence.

[Canary Wundaboy 1,359]

17 hours ago, benchwarmer said:

I see your point, but I frankly didn't trust the bank not to involve him in a fraud investigation.  He has enough problems already.

I was 100% sure that fraud was not involved but couldn't prove it.  I had to tell the same story four times, twice by phone and twice in person at the branch.  Two wanted to block the payment while the other two were willing to accept it; one of them was the bank manager, who eventually prevailed. 

At the end of the day it was my money not theirs.  The bank had a duty to warn against potential fraud and to advise that a refund would therefore not be paid in the event of a scam.  It should not have been able to withhold funds.  Safety culture is going too far; an entirely risk-free world is a) unachievable and b) not worth living in.

But in additional to the bank having a duty to warn about potential fraud they also have legal obligations under money laundering regs. That's one of the reasons you have to declare to whom the money is going.

[benchwarmer 625]

On 15/12/2022 at 10:14, Naturalcynic said:

But surely if you’ve been the victim of identity theft and/or fraud and your bank was aware of that fact, you’d want them to be extremely cautious about approving any unusual transactions from your account.  I’m sure if they just ignored the fact and allowed multiple fraudulent payments to be made, you’d all be up in arms about their negligence.

Yes, that's the stereotype - "if you've been caught once you're more likely to be caught again" - but in my experience fraud has made me more than averagely cautious.  I had my laptop wiped and changed my email address.  I never answer the phone unless I know who it is and don't call back unless I can identify it as genuine.

Victims of online fraud (as I was) are often older folk who are caught out because their knowledge of tech is fairly basic, not because they're inherently stupid or gullible.

This was the first time I'd tried to make a single payment since the scam, and I'm pretty sure that because of my 'record' a bot automatically picked it up and defaulted to 'suspicious' mode. Even after it was approved and processed by the branch, my account was locked again when the payment tried to go through, but after speaking to a human being on the fraud team they soon unlocked it. 

The most widespread and sophisticated online scams involve payments to accounts outside the UK, and the system should be able to discriminate between these and ordinary domestic current accounts when assessing the degree of risk. This in turn should inform the line of interrogation, which at present seems to be "guilty until proved innocent".

My advice if you get scammed is: be aware that if you report it to the bank or the police you'll be singled out for the indefinite future and could have your account repeatedly locked, be subjected to intrusive questioning, not believed and have legitimate payments refused. The police told me they could take no further action because the fraudsters were based outside the UK, and with hindsight it simply wasn't worth it for a relatively small amount of money.  Is this 'high risk' list shared with other banks or organisations?  Who knows?

Edited December 16, 2022 by benchwarmer

[benchwarmer 625]

3 hours ago, Canary Wundaboy said:

But in additional to the bank having a duty to warn about potential fraud they also have legal obligations under money laundering regs. That's one of the reasons you have to declare to whom the money is going.

But if the regulations applied to this particular payment why didn't the bank say so?  It would have been so much easier for them as well as for me.  I'd have accepted it and found another way.

Edited December 15, 2022 by benchwarmer

[Canary Wundaboy 1,359]

37 minutes ago, benchwarmer said:

But if the regulations applied to this particular payment why didn't the bank say so?  It would have been so much easier for them as well as for me.  I'd have accepted it and found another way.

Money laundering regs apply to all payments via your bank. 

[benchwarmer 625]

On 15/12/2022 at 14:41, Canary Wundaboy said:

Money laundering regs apply to all payments via your bank. 

Yes I understand that.  What I meant was that the bank didn't mention it at any stage so presumably the payment was compliant.

Edited December 16, 2022 by benchwarmer

[littleyellowbirdie 2,586]

On 15/12/2022 at 16:07, benchwarmer said:

Yes I understand that.  What I meant was that the bank didn't mention it at any stage so presumably the payment was compliant.

Do you mind me asking, what sort of transfer were you making? SWIFT?

[benchwarmer 625]

2 hours ago, littleyellowbirdie said:

Do you mind me asking, what sort of transfer were you making? SWIFT?

FPS (Faster Payments Service)

[littleyellowbirdie 2,586]

4 minutes ago, benchwarmer said:

FPS (Faster Payments Service)

In that case, surely the destination bank account has to be with a licensed bank and for the holder to be identifiable from the account details anyway? Isn't identity basically covered by the fact it's a legit UK bank account that has to conform to all the UK regulations without you having to give their name to comply with money laundering regs?

I agree with you that it seems weird that they'd need the account holder name, money laundering or not.

Edited December 17, 2022 by littleyellowbirdie

[benchwarmer 625]

1 hour ago, littleyellowbirdie said:

In that case, surely the destination bank account has to be with a licensed bank and for the holder to be identifiable from the account details anyway? Isn't identity basically covered by the fact it's a legit UK bank account that has to conform to all the UK regulations without you having to give their name to comply with money laundering regs?

Yes. Both were UK high street banks.  The transfer form had a space for the name of the account holder as well as the number, to make sure that the number was correct, but that was all. 

Edited December 18, 2022 by benchwarmer

[littleyellowbirdie 2,586]

8 hours ago, benchwarmer said:

Yes. Both were UK high street banks.  The transfer form had a space for the name of the account holder as well as the number, to make sure that the number was correct, but that was all. 

It could simply be that the computer systems are programmed for it to be a mandatory field. Also, when you think about it, account name is an additional check against accidentally paying to the wrong person from a typo. If the payment accidentally goes to the wrong account from an error in the account number by anyone along the chain, the account name is a good check to recover the error.

[benchwarmer 625]

On 18/12/2022 at 08:22, littleyellowbirdie said:

It could simply be that the computer systems are programmed for it to be a mandatory field. Also, when you think about it, account name is an additional check against accidentally paying to the wrong person from a typo. If the payment accidentally goes to the wrong account from an error in the account number by anyone along the chain, the account name is a good check to recover the error.

Yes, and I'm fine with that.

But after I was scammed in May, it appears that the bank's computer system was programmed to block indiscriminately any FPS payments I try to make.  Evidence: this was my first FPS payment since then, and even after it was approved and processed in the branch and I'd been assured by them that the issue was resolved, my account was locked again remotely when the payment tried to go through. 

Bank staff may have had no choice except to act as they did, but the presumption that the payment was fraudulent unless I could prove otherwise was deeply unpleasant and the wider implications are disturbing.  It has faint echoes of the sub-postmasters scandal.  We're sleepwalking into a robot-controlled dystopia. 

Edited December 22, 2022 by benchwarmer