“Some of the best entrepreneurs out there are scammers.”
So says Mark Steward, the UK financial watchdog’s director of enforcement, who was grilled by MPs this week about soaring levels of online fraud.
Whenever I write about this topic, the comments section fills up with remarks like “I’d never fall for this” or “How stupid would you have to be?” But the sad truth is that regulators have been fighting a losing battle against fraudsters during the pandemic as they find new and inventive ways to con millions out of unsuspecting consumers.
Worse, it’s a complete lottery whether the victims of these crimes will ever get their money back, as UK banks which signed up to the “no fault” refund code have wildly varying interpretations of how it works.
This week, MPs on the Treasury select committee rightly carpeted financial regulators about this — but is there any hope things will improve?
The pandemic has been like Christmas for criminals. Steward says the number of scam warnings the Financial Conduct Authority issued in 2020 was double the level seen in 2019, and is on course to double again in 2021.
Many were about investment fraud, including highly convincing cloned websites of financial providers and private banks designed to snare wealthy FT readers just like you.
As criminals adapt the fraud playbook, the investment returns on offer are coming down (since anything that appears “too good to be true” is an obvious red flag). They will string you along for months, appear to pay dividends, and convince you to plough in even more cash — until they vanish.
You might be directed to a cloned website via a fake online advertisement. Quite rightly, there is a growing consensus that tech and social media platforms who profit from selling these ads and hosting content must help to fund the fraud fightback.
Steward says the FCA’s enforcers are targeting online platforms that fail to check if “financial promotions” have been issued by a regulated firm. Google is so chastened it has even offered to refund £600,000 the FCA spent on its own fraud prevention ads last year.
I hope this game of Whac-a-Mole yields results, but as the number of dodgy websites proliferates, the regulator has adopted a policy of “warn consumers first, investigate criminals later”, adding suspect sites to its ScamSmart list as soon as they are spotted.
Mel Stride, chair of the Treasury select committee, fears the new approach “puts the fire out, but doesn’t grab the arsonist”; Steward maintains it will reduce the number of victims. In a Line of Duty moment, he stressed work to identify the OCGs (organised criminal groups) behind the scams continues in earnest.
Inventive fraudsters have capitalised on every opportunity the pandemic has given them, using fake texts about online parcel deliveries, Covid-19 jabs and tax refunds to “phish” for details that can later be used to clean out their victims.
“Authorised” fraud, where consumers are duped into transferring money to criminals, hit record levels in 2020, with £479m lost by nearly 150,000 victims. Fewer than half ever get any money back.
The majority of UK banks have adopted a voluntary code to refund “no fault” victims of such crimes, but MPs pressed the payments systems regulator Chris Hemsley about why it is being so inconsistently applied.
He admitted the number of victims who managed to get any money back ranged from as few as 30 per cent of cases at one UK bank to 75 per cent at another. It’s even higher at TSB, which has a “fraud guarantee” and refunds the vast majority of victims. This yawning difference in reimbursement rates is totally unacceptable.
Fraud victims who disagree with their bank’s decision can appeal to the Financial Ombudsman Service (FOS) which (unsurprisingly) is being inundated with claims.
Currently, a whopping 73 per cent of disputed bank fraud cases are found in the customers’ favour. This is a statistic that should shame the banking industry — the average across all complaints the FOS handles is 32 per cent.
The volume of complaints means it is currently taking the FOS up to nine months to start investigating fraud cases, causing further anguish.
So how does your bank measure up? There’s no way of finding out as banks don’t want to make the figures public. Yet this is vital information for their customers. The lack of scrutiny also means there is no pressure on the laggards to step up their fraud prevention efforts — so it’s high time the regulator toughened up.
It’s unacceptable that customers face such a lottery getting their money back, but nor do I think it is acceptable that banks are on the hook for all the losses when social media sites, online platforms and telecoms providers get off scot free.
Very much part of the problem, they need to be part of the solution.
The menace of “number spoofing” is a chilling example of why. I was contacted by a 31-year-old reader this week who is battling with her bank after losing £18,000 to an “authorised” scam.
She received a call purporting to be from her bank’s fraud department, saying her account had been compromised, and she needed to move her money fast. She asked: “How do I know you’re really my bank?”
“Well done, you’re so right to ask that question,” purred the professional-sounding fraudster on the other end of the line, inviting her to check that the number he was calling from was the same as the one on her bank’s website. It was an identical match. Reassured, she followed his instructions.
She was also told fraudsters were attempting to apply for credit in her name. The easiest way to stop this? Take out a personal loan. This was paid into her account within minutes — and cleared out. So as well as losing her life savings, she now has a sizeable debt.
The first time she heard about “number spoofing” was when she spoke to her bank’s actual fraud department. The bank is disputing her eligibility for a “no fault” refund on the basis she should have known, hung up and redialled.
However, the warning messages she saw online made no mention of spoofing. Telecoms regulators in the UK say the earliest it can be stamped out is the end of 2025. How many more will have been conned by then?
Picking up on the regulator’s remarks about the entrepreneurial cunning of criminals, a week before she was scammed, our reader clicked on a (fake) text that appeared to be from Royal Mail. She was expecting a parcel, so paid a small sum to arrange delivery). Could the criminals have used this to work out who she banked with? You bet.
The complexity of online fraud shows the urgent need for banks, regulators, tech and telecoms companies to work together to better protect consumers.
Cross-industry groups like Stop Scams UK are a good start — but the reality for victims is that trying to claw any money back is just as traumatic as losing it to the scammers.
Claer Barrett is the FT’s consumer editor: claer.barrett@ft.com; Twitter @Claerb; Instagram @Claerb
