I fell victim to a banking scam and reported it to my bank within a couple of hours, but the transactions had already gone through and I have lost £12,650. Four months later, I’m still waiting for my bank, the Co-operative, to decide on a resolution. Without help from my family, I would be destitute. I have been unable to work for a year due to severe depression and anxiety. I’ve been recently diagnosed with autism and am awaiting a claim for the employment and support allowance. I have explained all this to the bank and told them of the distress it is causing. I had hoped the autism diagnosis would help me to understand and tackle my mental health difficulties so that I could work again, but this has smashed my confidence.
JK, Newcastle upon Tyne
This scam started with a call from a conman pretending to be from the Co-operative Bank’s fraud team, who knew enough of your personal details to trick you into trusting him. Over several hours, he persuaded you to transfer money held with Virgin Money and Halifax to your Co-op account, claiming it would evade a cyber-attack. Virgin blocked the transfer of £10,000. You were therefore told to transfer your £14,720 help-to-buy loan, held with Halifax, in two instalments. The first £10,000 went through, but Halifax blocked the second payment. The Co-op was, apparently, not so vigilant and allowed you to pay the £10,000 transferred from Halifax and the £2,600 already in your savings account to the fraudster.
You say you struggle with phone calls because of autism, and it was your parents, who arrived during the call, who realised it was a scam.
It’s concerning that the Co-op, unlike the other two banks, did not question this uncharacteristic activity. And it’s woeful that a signatory of the contingent reimbursement model (CRM) code, which pledges to refund blameless fraud victims, has left you in limbo for so long.
The code is clear that vulnerable customers, of which you are evidently one, should be repaid in all circumstances. Only when I questioned its adherence to the code did the bank action a refund. It says: “We have apologised and refunded the money, and we will be offering recompense for our delay.”
Reader TM wants to know what happens to the money stolen from customers like JK. “If I instruct my bank to pay £20,000 into the scammer’s account, my bank will have a record of the deposit,” he writes. “I’m assuming that the receiving bank will know who owns that account and, once alerted, will be able to act.”
One of the reasons the CRM code was agreed in the first place was to incentivise banks to collaborate more effectively to trace stolen funds. A major obstacle is the piecemeal way in which banks communicate with each other. In the US there is an online portal for the purpose – here, they have to rely on email.
Fraudsters are cunning. They know the security protocols banks follow, and they know how to get around them. That’s why they evade checks by paying students to allow gang members to use their bank accounts to receive stolen cash.
Chances are, your £20,000 would be paid into such an account and then swiftly transferred on through a chain of other accounts, often overseas, until the trail is muddied.
It’s also possible for scammers to steal a stranger’s identity and open a bank account in their name, especially since online account applications do not always require physical proof of ID.
Enough personal information can be harvested via social media, Companies House, the Land Registry and ancestry websites to impersonate a victim and to satisfy ID checks.
Vigilance, by customers as well as by banks, is the only protection, so bear in mind that personal information heedlessly flung into cyberspace can, quite literally, be worth its weight in gold.
Email your.problems@observer.co.uk. Include an address and phone number. Submission and publication are subject to our terms and conditions
