A crimewave is sweeping the UK as thieves open accounts using fake ID – and then steal your money
For 35 of the past 36 years, you were more likely to fall victim to a bag-snatcher or a burglar than to any other type of criminal.
But last year that changed. For the first time, fraud and cyber-crime were “the most commonly experienced offence”, official figures revealed last week.
Of the 11.8m crimes recorded in England and Wales in the year to September, just under half related to fraud or computer misuse. Theft, which had topped the survey every year since it began in 1981, accounted for 3.6m offences.
It is a clear sign of just how much crime has moved from the real world into the virtual one. It might be high time for banks to tighten up their security systems by investing in cybersecurity solutions from companies such as Radware (to know more, go to the website) or others that can help them secure their virtual data.
While banks and building societies boast that they block about 60% of fraud attempts, this means – worryingly – that 40% are successful.
One of the fastest-growing and cruellest scams involves conmen contacting often elderly victims by phone and persuading them to transfer their life savings to “safe” accounts to protect them. The fraudsters pretend to be from the police or their victims’ banks, and often know a worryingly large amount of their personal details.
By the time the account holders realise what has happened, the criminals have usually transferred the funds overseas and out of reach of the UK authorities. Banks often refuse to refund them because the customers willingly made the transfer and the banks simply followed their instruction, as they are obliged to do.
However, there may be another route for victims to seek redress. Fraudsters can open current accounts to receive the illicit cash transfers. What checks are banks and building societies obliged to carry out to prevent crooks from masquerading as legitimate customers?
If they let a thief open an account with fake identification, and that account is then used to receive innocent people’s money, should the financial institution take some of the blame for the theft?
James Daley, managing director of the consumer group Fairer Finance, said: “If a customer authorises the transfer of money to a fraudster, the bank will generally refuse to pick up the bill. But if the account into which the money was paid was set up using false names and addresses, there’s a strong case to be made that the bank of the fraudster should be held liable.”
Ray of hope
This month a customer finally won a refund three years after he sent 3,400 to a fraudster’s TSB account. The bank paid up only after he obtained a police report showing fake documents had been used to open the account.
The victim, who banked with Barclays, complained to the Financial Ombudsman Service (FOS) in 2015 after the banks refused to return the 3,400. But the dispute resolution service, which is funded by the industry, found in the bank’s favour because he had authorised the transfer.
The FOS would not change its mind, even after it was presented with the police report last year. It was only when the victim obtained the report and passed it to TSB that a refund was promptly paid.
The bank said: “[Our] identification process has been strengthened further and we are continually making improvements to our fraud control framework.”
The FOS explained: “We can usually only look at complaints from a consumer about their own bank.”
Are banks doing enough?
Banks may be fuelling the cyber-fraud epidemic by failing to carry out adequate checks on customers’ identity, according to Sir Peter Burt, the former boss of Bank of Scotland.
Last October, Burt raised his worries directly with Andrew Bailey, chief executive of the Financial Conduct Authority (FCA). In his letter to the City regulator, which has been seen by Money, Burt said: “My major concern remains the deficiencies in too many banks’ account-opening procedures, because they simply accept forged documents as sufficient proof of identification.
“Introducing relatively simple checks to independently confirm the identity of the individual opening an account can be done quickly and easily and should not cause difficulty to (most) law-abiding people.”
Banks have to follow guidelines, approved by the Treasury, on the level of checking to carry out before allowing a customer to open an account. The aim is to ensure the new accounts cannot be used for the purposes of fraud and money laundering. Burt considers these checks to be “inadequate”.
In the letter to Bailey, he said: “Nowadays it is relatively easy to create forged paper documents and indeed it is relatively easy to acquire a fraudulent passport.
“The advantage of putting the onus on the banks to avoid opening fraudulent accounts is that it requires no system changes whatsoever – merely changes to their account-opening procedures, and such a change could be implemented immediately by the FCA.”
Burt first raised his concerns in Money two years ago. He said then: “A bank that opens an account where money is being transferred by a fraudster is an accomplice to a fraud. It is not a question of whether or not a bank can recover the money . . . it is a question of whether or not a bank is permitting a fraud to take place by not knowing who their customer really is.”
The FCA said new laws might be needed to require greater scrutiny when opening accounts because of rising cyber-crime.
Daley at Fairer Finance said: “If primary legislation is needed to sort this out, it’s something that urgently needs some airtime in Westminster.”
Should police pass more information to victims?
Yes, according to Daley. “The police have a crucial role in helping more people to get justice,” he said. “Banks are never going to admit they let a fraudster open an account, especially if it potentially leaves them liable. But the police can complete the circle and ensure the customer has a route to getting their money back.”
The police do not automatically inform banks, or fraud victims, if they discover accounts were opened using fake documents. Each individual force can decide what information to disclose, according to City of London police, which oversees efforts to tackle financial fraud.
West Midlands police investigated the case of the man who won a refund from TSB. The force said: “Detectives informed the fraud and underwriting department at TSB of the investigation and it provided information to assist officers with their inquiries. At this point it became apparent that the account had been opened with false details.”
TSB said: “We’ve searched our records and, while we can’t rule it out, there is no evidence to suggest the police contacted us in relation to the use of false identification in this instance.”
Commander Chris Greany, the National Police Chiefs’ Council lead for victims of fraud, told Money: “Forces will make decisions on what information to disclose case by case, based on the circumstances of each incident. Where appropriate and permitted by law, forces will share information relating to fraud and fraudulent activities with banks and other partners to ensure that action can be taken to prevent any further criminal activity.”
What checks do banks carry out?
Banks have to follow guidance drawn up by the Joint Money Laundering Steering Group, an industry body, and approved by the Treasury. This states that banks are responsible for “identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source”. In his letter to the FCA, Burt suggested changing the word “or” to “and”.
“This would mean banks could not rely simply on forged documentation but would have to do external checks and maintain an audit trail with reliable and independent sources,” he said.
The FCA told Money: “We do not specify in detail the steps banks should take to protect themselves and their customers from fraud. We instead place a general requirement on firms we regulate to tackle the dangers posed by financial crime.
“Banks must be prepared to defend their approach to us: our supervisory staff are certainly able to challenge the adequacy of arrangements that banks have in place.”
How can I find out where my money went?
Your bank will not tell you the name of the holder of a bogus account because of data protection rules. However, you can discover the location of the bank your money went to using the sort code provided by the crooks.
Use this online tool: fasterpayments.org.uk/consumers/sort-code-checker.
Why won’t the ombudsman help?
The FOS said that when investigating disputes of this nature, it did not have the power to look at the actions of any bank that received stolen money. So although a victim might have evidence that an account had been opened by crooks, as in the TSB case above, it was not something it could consider.
This is why the FOS refused to change its verdict on that case, even after the victim had presented evidence from the police that the account had been opened using fake ID.
What do the banks say?
Katy Worobec, director of Financial Fraud Action UK, which collates crime data, said: “Preventing fraud is a priority for all banks. While 6 in 10 of attempted fraud was blocked in the first half of last year, banks are continuously investing in advanced security systems to stop fraudsters.
“They will consider incidents of fraud on a case-by-case basis and fully in line with their legal duties. Additionally, there is an independent appeals process available to any customer unhappy with the outcome of a fraud claim through the Financial Ombudsman Service.”
What does the government say?
The Treasury said banks drew up their own policies on checking customers’ ID, within the framework of the Joint Money Laundering Steering Group’s guidance.
It added that the guidance played a key role in the UK’s anti-money-laundering regime and allowed banks to take a targeted and proportionate approach.