Ask Jenny Ross: Should bank reimburse the full £10,000 my dad lost to WhatsApp scammers?
Question: Scammers contacted my father on WhatsApp pretending to be me, and manipulated him into sharing his bank details. They accessed his account online and stole almost £10,000. Because I sometimes help him with his finances (he has memory loss and poor mobility) he didn’t think twice about sharing his login details. His bank only refunded £5,000 as a ‘gesture of goodwill’. It said it makes it clear that customers shouldn’t give bank details to anyone, and said my father should have set up two-factor authentication to block fraudsters. Is this fair?
Answer: I’m very sorry that your father had to go through this. Unfortunately, he’s not alone in having been targeted in this way. Which? found that one in five social media scams reported to its scam sharer tool between March 2021 and January 2022 involved WhatsApp.
But impersonating a child asking for money from their parents is just one of the seemingly endless list of techniques fraudsters are using to trick us into parting with our cash.
UK Finance, the trade association for the banking and financial services sector, estimates that £1.3 billion was lost through fraud in 2021. The majority (£583.2m – a year-on-year increase of 39 per cent) came from ‘authorised push payment’ (APP) fraud, where victims are tricked into sending money to criminals. Nearly 40 per cent of all scams involved impersonation.
Given the scale of APP fraud, most major banks have signed up to the Contingent Reimbursement Model Code (CRM), a voluntary code of practice which instructs them to reimburse victims who are not at fault. The sophistication of scams can make many scams astonishingly difficult to spot. Yet less than half of all money lost to authorised fraud is returned to victims, and Which? research has found that banks often drag their feet when it comes to paying back victims the full amount – as you have experienced.
The CRM Code also states that banks should be reimbursing “vulnerable” victims when they haven't been able to protect their money. That a long-term customer like your father, who suffers memory loss, never uses online banking and has handed over some control of his finances, accessed their account to transfer thousands of pounds overseas should have raised alarm bells at his bank. He also seems to have missed out on two-factor authentication (such as a password plus a code sent to a mobile app or via text message), despite registering for online banking. You should use these points to challenge its decision and their following of the CRM Code.
If the bank upholds its original decision to only reimburse half of the money your father lost, you can escalate your complaint to the Financial Ombudsman Service (FOS). The FOS will take into consideration both sides of the argument and if it agrees with your points of contention it will instruct the bank to pay the full amount. Between July and September last year, the FOS upheld 60 per cent of such cases in the victims’ favour. From what you’ve said about your case, I think there’s a good chance that the FOS will decide in your favour.
As a result of the inconsistent and often unfair treatment of scam victims, the government announced its intention to bring in new laws to enable mandatory reimbursement for all APP victims who are not at fault. Which? thinks this is a huge step in the right direction, and should lead to better outcomes for victims.
Even then, there are some steps we can all take to avoid being caught out in the first place. The first is to remember that your bank will never contact you out of the blue asking for personal information.
The second is to make sure you aren’t being pressured into making a decision. Scammers, who want your money as soon as possible, will often hurry you into doing things: don’t let them. Take your time to check whether the person or organisation who has contacted you is who they say they are.
Jenny Ross is editor of Which? Money
Want to join the conversation? Please or to comment on this article.