The voluntary refund programme aims to address ‘no fault’ scams in which customers are tricked into authorising payments, but not all banks have joined
A new voluntary reimbursement scheme for consumers tricked into authorising scam payments came into force on Monday, but several major banks have so far declined to join the programme.
Fraud such as “authorised push payment” (APP) scams are on the rise, and increasingly make use of social media and information available via the internet to make the swindles difficult to spot.
Previously, banks only reimbursed customers if there was an obvious fault in the way the bank handled the payment.
As a result, out of £354m lost to APP-style scams last year, only £83m was repaid.
The scams affected some 84,000 bank customers last year.
The new scheme has been joined by eight banks, Barclays, HSBC, Lloyds, Metro Bank, Nationwide, RBS, Santander and Starling Bank, also covering the 17 brands those banks operate.
The largest banks pay into a central fund which any bank may draw on in cases where neither the customer nor the bank is found to be at fault. A long-term funding system is to be agreed by the beginning of next year.
Banks participating in the scheme will from Monday apply new criteria when deciding whether a customer is to be reimbursed in the case of fraud.
In cases where the customer was tricked into authorising the payment, they are to be repaid as long as they have taken reasonable care or if they have any element of vulnerability.
Refunds are to be paid within three weeks, or seven weeks in complex cases, although disputed cases that go to the Financial Ombudsman Service would take longer to be resolved.
Those found to have been “grossly negligent” will not be reimbursed.
Banks such as the Co-Op and Virgin have not yet joined, but have said they may do so in future, while TSB has offered its own guarantee to refund any “innocent” customers who have been defrauded.
Other banks argue such a guarantee would only encourage more scams.
Authorised payment-style fraud has become more complex and sophisticated in part due to the availability of detailed personal data online.
Scammers may make use of details gathered from social media accounts and search engines, but also data hacked from groups such as telecoms or internet services providers, and made available via criminal hacking groups.