Under the CRM code, banks commit to protecting and
detecting potential Authorised Push Payment fraud.
Following a house move, Mrs M had set aside funds from the sale in her First Direct bank account with plans to invest the money in premium bonds and other savings accounts. Shortly after the move, Mrs M was contacted on the phone by someone claiming to be from First Direct’s ‘fraud team’. The caller informed her that her accounts were at risk and instructed her to urgently move her money to a ‘safe account’ that had allegedly been set up in her name to protect her funds.
In fact, the caller was a scammer, the account was in the scammer’s control, and Mrs M was about to be defrauded out of a large sum of money. The caller instructed Mrs M to make the first payment of £10,000 directly into the ‘safe account’ followed by two more payments of £10,000, this time to another account of Mrs M’s held with a different bank; she was then told to also pay these two payments into the ‘safe account’.
The final instruction the scammers gave was for Mrs M to pay £10,000 into her daughter’s building society account and then to transfer that money in four sums of £2,500 each to the ‘safe account’ set up as part of the scam, which she did.
The first instalment of £2,500 from Mrs M’s daughter to the ‘safe account’ was processed successfully, but subsequent payment requests were blocked by the building society’s fraud prevention systems. After over two hours on the phone with the scammer, Mrs M began to feel uncomfortable and suspicious so-called First Direct to report suspected fraud.
After reporting the fraud, Mrs M was refunded the initial £10,000 she had transferred directly from her First Direct bank account to the ‘safe account’ as well as the subsequent payments totalling £20,000 that she sent via her account with a different bank.
Mrs M’s daughter returned the remaining £7,500 that had been blocked to her First Direct bank account; however, the building society was unable to recover any of the £2,500 that had already been processed and delivered to the ‘safe account’ set up by the scammers. This meant that Mrs M had lost £2,500 because of the scam.
First Direct did not recognise the loss under the CRM code as their responsibility and put the responsibility for the refund of the outstanding £2,500 with Mrs M’s daughter’s building society. Unhappy at First Direct’s approach, Mrs M contacted FOS to investigate.
After investigating the complaint, the Ombudsman highlighted the Lending Standards Board’s CRM code guidance, particularly the section covering ‘multi-generation APP scams’, or ‘friends and family scams’. The Ombudsman stated that Multi-generation scams “…typically involve a customer…being convinced to transfer funds to a family member who in turn is asked to further forward them onto the scammer’s account ”.
The Ombudsman concluded that Mrs M’s transaction fell under First Direct’s responsibilities under the CRM code as she believed she was acting on the legitimate instructions of her bank. On realising that the transaction was fraudulent, Mrs M reported this to her bank and so First Direct had the responsibility to investigate and respond to the scam.
Following its investigation, FOS concluded that it was ‘fair and reasonable’ for Mrs M to be fully refunded by HSBC trading as First Direct and directed the bank to honour the full refund together with interest. Mrs M was also awarded an additional £150 compensation for her stress and inconvenience.
Sarah Spruce, Head of Professional Negligence at TLW Solicitors said of the Ombudsman’s decision:
“Banks signed up to the LSB’s CRM code have committed to providing enhanced protections for their customers to keep them safe from exactly these sorts of scams that Mrs M innocently fell victim to. The way that the Ombudsman approached this case highlights why banks need to fully understand what does and does not fall within their responsibilities under the CRM code.
Mrs M was involved in a sophisticated scam, which took advantage of multiple accounts in order to try and avoid fraud detection and could have resulted in a much more devastating conclusion; but ultimately the protection under the CRM code resulted in the full refund of her savings.”
Authorised Push Payment (APP) Fraud is an increasing and sophisticated form of cyber-fraud where scammers convince their victims to authorise genuine bank transactions via impersonation and other social engineering schemes. The money is then moved by the scammers, often to an overseas account, and can become very difficult or even impossible to recover.
In Mrs M’s case, the scammer impersonated her bank on the telephone call and convinced her that moving her money was the only way to keep it safe.
The specialist Authorised Push Payment (APP) Fraud team at TLW Solicitors can help you make a claim for compensation if you have been conned by fraudsters. We understand the processes involved and the time limits to be followed. We have robust case management systems meaning that we keep progressing with your case and keep you fully up to date.
We work on a ‘no-win, no-fee’ basis meaning that, if your case is unsuccessful, we will not charge for the time we have spent.
If you, a friend, or a family member has fallen victim to an Authorised Push Payment scam call us on 0800 169 5925, email firstname.lastname@example.org or complete one of the forms below for a no-obligation conversation.
It is important to get advice as soon as possible as strict time limits can apply.
Meet Sarah, who heads up our experienced Authorised Push Payment Fraud Claims team.
Sarah and her colleagues are on hand to help with your claim.
“The way that the Ombudsman approached this case highlights why banks need to fully understand what does and does not fall within their responsibilities under the CRM code.”