This month Ben Dures (Scott Moncrieff & Associates) and I discuss the law and how to protect yourself against financial scams and the steps you should take to recover lost funds.
According to the Financial Services Compensation Scheme, financial scams are becoming more sophisticated, and as more people move to online banking, extra vigilance is needed. Although in most cases your bank or building society will reimburse money taken from your account without permission, this is not guaranteed. Below we look at the law in this area, and what practical measures can be taken to avoid falling prey to the scammers.
Getting Your Money Back
The good news is that under the Payment Services Regulations 2017 (PSR’s) you should get your money back, unless the bank can show that you have consented to a transaction. This may sound obvious but in practice it can be difficult for the bank to establish, as it involves several factors.
First, the bank must show the payment was authenticated. Authentication is the procedure which allows the bank to verify the identity of its customer, or the validity of the use of a specific payment instrument, including the use of the customer’s personalised security credentials. This can be done in a number of ways (e.g. chip and PIN, card number, CVV and expiry date etc.). In many cases involving scammers, the payment was authenticated, because the scammers obtained your details. So, to the bank, it looked legitimate.
Second, the PSR’s require consent to each and every transaction. So because you gave permission for one transaction, does not automatically mean you gave permission for any that followed.
In most cases, if you can show prove that on balance of probabilities, you neither carried out the transaction yourself, nor gave consent to it, that should be sufficient for you to get your money back.
However there is a potential sting in the tail.
Safeguarding your details
Under most banking terms, if the bank can show that you’ve failed to take reasonable care of your security details and this has allowed the scam to take place, then may refuse to reimburse you. They must show that you were grossly negligent, which is quite a high threshold. However, it is also often a matter of interpretation, which can give rise to disputes. So for example, if you are tricked into giving this information to someone who sounded very plausible, is that gross negligence? Often the test will be what the hypothetical reasonable person might have done in the circumstances, but arguably this doesn’t take into account individual vulnerability. What about sharing details with family members or carers, who then remove money without consent? On a strict interpretation you should not share your details with anyone, but in many situations this is a necessity.
The bank should also take reasonable care, so should be alert to suspicious looking transactions, and have methods for flagging these and verifying they are genuine. For instance there may be unusual activity on the account. If the bank has failed to notice something that it ought reasonably to have picked up on, and a suspicious transaction has gone through without anyone checking it with you, then on the face of it the bank has been negligent and this has caused you loss. In these circumstances, it ought to refund you.
The Financial Ombudsman Service (FOS) deals with disputes between banks and their customers and if you cannot resolve your issue direct with the bank, a complaint to the FOS is usually the best place to start, rather than taking the matter to court. The best advice however is to take steps to avoid being scammed in the first place.
Security tips to avoid a financial scam
A phisher is clever in their techniques and will try and gain your trust through psychology and perceptions, be aware of the latest scams as your first line of defence.
Passwords are used every day and they are the first line of defence against malicious attacks. Choose unique passwords for your online accounts and if you have too many to remember use a password manager to help you store them safely.
Only make online payments on secure websites, the URL must have a padlock and https. When making payments use secure connections and avoid using public WiFi.
Credible companies, such as banks and Microsoft, will never ask for personal information (usernames, passwords, account numbers) through an email. Beware of poorly written emails, overuse of jargon or emails without contact details. If in doubt end the call and then call them back to make sure it is a legitimate request.
Understand the risks involved in opening links from an untrustworthy source. Don’t click on a link unless you have checked it is from a reliable source. If necessary, check with the recipient before opening.
Email sender address
The display name on an email can be set to appear to be someone you know, but the email address itself is often a giveaway so don’t forget to check before you respond.
Get into a habit of regularly checking your online accounts so you can respond quickly to any suspicious activity.
Beware of threats, blackmails and warning emails. A genuine threat will usually be replaced or used in conjunction with a phone call.
Ignore emails that look too good to be true, emails offering prizes or easy money are often a trap. Be suspicious of appeals and requests for money and always check the veracity of a charity and only donate directly through a website with a secure domain.
Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam. Review your privacy settings on all social media, don’t publish your date of birth and make sure only friends can view your posts and pictures.
Ensure all your computers are using the latest version of all software, including internet browsers. Many phishing attacks exploit systems that are not updated.
There are many good reasons to use antivirus software. Install an enterprise level AV solution, regularly monitor the status and ensure that it is kept up to date.
Web and spam filter
Use a web filter that blocks malicious websites and install a spam filter that can prevent emails from reaching the inbox of employees.
By using a desktop as well as a network firewall you will drastically reduce hackers infiltrating your systems.
Email authentication is a technical solution where your mail server checks that emails are not forged and flags the emails accordingly or even rejects the messages.
As financial scams become more prevalent it pays to be cautious, vigilant and use common sense.
If you have suffered a financial scam and need legal advice contact Ben Dures on 07940 887494 | firstname.lastname@example.org, for a no obligation chat. If you would like more information about IT security and how to safeguard yourself against cyber attacks please contact Lucy Blake on 01603 451810 | email@example.com.