More than half of people (55%) incorrectly believe the recipient’s name is checked when sending an electronic payment according to research carried out by Adaptive Lab for Payments UK.
That’s a nightmare if you happen to send your life savings to a fraudster via a bogus account they’ve set-up, and there was an anomaly in names used that should have sounded an alarm. Like payments made to someone in error, the respective banks will try to help resolve the situation but essentially, the responsibility rests with the sender.
That’s understandable for basic errors, but should a victim be solely responsible when they send money to a bank account that is held by a fraudster and what can be done to protect them?
False Sense of Security
Despite awareness campaigns by the police and others, many are often unaware of the extent to which criminals use fake names, companies and bank accounts to steal and launder money. They also believe that advanced technology such as that used to monitor credit card transactions with pinpoint precision is routinely deployed to protect their own accounts in the same way. For example, a transaction that is out of character will invariably result in the credit card account being blocked and the bank making a telephone call to customer. This absence of knowledge creates a false sense of security for customers and a huge opportunity for fraudsters who know that a UK bank account adds an air of respectability.
To protect themselves, customers should set-up their own online alerts and when making electronic payments of any kind, they should follow the advice given by Payments UK, always double checking details before setting-up or changing a payee mandate, and sending money.
However, a clever villain that uses advanced techniques such as fake identities, cloned company details or an accomplice inside an organisation to open a bank account, is hard to detect even when fake details become known.
Fraudsters make a fortune every year from fooling victims into transferring money. In the United States, the Financial Crimes Enforcement Network (FinCen), identifies e-mail compromise fraud as a growing trend and since 2013, there have been approximately 22,000 reported cases this kind involving $3.1 billion. The FinCen note explains how fraudsters do this and what financial institutions should do to identify suspicious transactions and help prevent customers falling victim to email enabled frauds.
Know the Threat
Educating the public about the threat of fraud and changing their behaviour was the central call for action made by the Fraud Advisory Panel in their latest report, ‘The Fraud Review 10 Years On’. A vital change is to make people check details before they act. The UK leads the world in the field of free online databases the public can check to find out lots of information about the person or company they’re dealing with. These are only useful tools to prevent fraud, money laundering and corruption if people can (1) Find them and (2) Use them to conduct some due diligence. For example, click here for a list of some of those websites and see how easy or difficult they are to locate and use.
The investigators reading this post will know how to use these and other open source data sets to spot suspicious people, companies and bank accounts but inexperienced individuals and naive investors may not.
Furthermore, the most able detective is unlikely to know whether the bank account being used in a transaction was opened by a fraudster using fake particulars, has been dormant or experienced suspicious activity. Financial institutions that identify actual and suspected fraud have this information and many will share it with partners and use it to protect themselves from fraud. https://www.idscan.com/whats-new/
There are various mechanisms for sharing this with trusted partners including the Police National Fraud Intelligence Bureau. Businesses can benefit from this shared data by subscribing to services such as CIFAS and Experian which use the information to identify credit and fraud risk.
Customers Don’t Know What Banks Know
In addition to educating customers, we need to engineer solutions they can use to protect themselves. Warning the public by naming and shaming criminals is a strategy that has been used in the United Kingdom but it has limitations in this context. Banking privacy and data protection legislation, operational needs and company policies mean a victim of fraud is unlikely learn the full nature of the crime they were subjected to. Similarly, obtaining details about a fraudster who stole one’s identity and used fake documents to open an account can be a lengthy process that may reap no benefit.
Customers Don’t Have The Technology
Technical solutions that identify errors, anomalies and suspicious transactions are well tested in the payment card industry and could be applied in other settings. The complex algorithms would have little difficulty identifying that a bank account number did not match the name on the account, suggesting an error was made and flagging a report to the bank or customer.
The simplicity of this automated solution and its success in tackling credit card fraud may account in part, for the reason why 55% of people believe the recipient’s name is checked when making online payments.
Account holder verification software has been developed to help protect customers in a different way. Paym, a new online service introduced by the payments industry, helps customers that register and use the application to avoid sending money to the wrong payee by showing the account holder’s name before confirming a payment. It requires both parties to register via an App and speeds-up the process of making payments by using the payee’s telephone number.
Paym puts additional responsibility upon the customer to verify money is transferred to and from the right accounts and will doubtless prevent numerous errors. A voluntary Code of Practice, published by the Payments Council sets out best practice for handling misdirected payments.
What impact Paym it will have on preventing customers sending money to the bank accounts of fraudsters, remains to be seen and until then, the individual is responsible for doing their own due diligence.