To ask Her Majesty’s Government what further action they propose to take, and for banks to take, to prevent fraud perpetrated on bank customers.
My Lords, in 2016, we set up the Joint Fraud Taskforce, including law enforcement, banks and government, to tackle fraud. It has already delivered on initiatives such as the banking protocol, which prevented £38 million falling into fraudsters’ hands and led to 231 arrests in 2018. The Joint Fraud Taskforce must build on its successes and not just make it more difficult for fraudsters to operate but to bring them to justice.
My Lords, I thank the Minister for that reply, but I am thinking more of action that banks could take. Let us hope that the, frankly, poor, often dismissive and hit-and-miss response by banks to defrauded customers truly is on the brink of change—and not before time. Since I tabled my Question, my bank, TSB, has issued its fraud refund guarantee, promising not to claim that customers authorised a payment when they fell for a scam. Will the regulator oblige all banks to follow suit?
A new voluntary code comes into force next week, offering the so-called confirmation of payee next year. Will legislation be brought forward if the voluntary code proves ineffective?
The voluntary code that comes into effect next week will in fact extend to all banks the facility to which the noble Baroness just referred, which has been undertaken by the TSB. As from next week, as long as you have done everything that you should and it was not your fault, you will get your money back. Vulnerable victims will get their money back even if they have not exercised due care. I welcome this not just because it gives added protection to customers, but because it means that the banks will have to pick up the bill, which will add to their incentive to reduce, so far as possible, incidents of fraud.
The noble Baroness then referred to confirmation of payee. She is quite right: at the moment, an electronic payment is processed on the basis of the sort code and the account number. As from later this year, banks will have confirmation of payee—in other words, they will check the name. That means that it will be difficult for fraudsters to intercept funds designed, for example, for solicitors on conveyancing, and misdirect them.
My Lords, the country is well aware of the extent to which scams and frauds have been successful in recent years, and it is an acute problem. I accept that the Government and the banks have made some progress with the voluntary code, but will the Minister undertake that, if that does not provide satisfactory protection for our people, the Government will legislate to ensure that victims get repaid?
It is exactly because the Government were not satisfied with the progress being made that the former Home Secretary asked HMRC to inspect the police response to fraud. It responded on 2 April with 16 recommendations that the Government, together with banks and the police, are in the process of implementing. There is a range of recommendations, including a more co-ordinated national response and more support for the customer. Action Fraud is also introducing a more responsive service so that if you report a fraud, you will get feedback from the banks; that was not necessarily the case before. I am not sure whether we need more legislation; we need to see how the initiatives I referred to work through.
My Lords, my noble friend referred to the policies adopted by banks. This morning, I received a completely unannounced phone call from Barclays, asking me questions relating to my account details. Is it not possible for banks, where they know that they will contact customers in relation to the contents of their accounts, to send them an email or a letter beforehand rather than calling on an ad hoc basis?
If I got a telephone call from the bank, I would hang up and then ring back. An additional measure will be introduced later this year for larger payments and payments where the banks think that there is a risk, in that they will have what they call multifactor authentication. In that case, they would text my noble friend saying that a payment was going through and asking him to confirm it. In the case my noble friend referred to, as I said, my instinct would be to hang up and ring the number on the back of my card.
My Lords, it is beyond me why this code remains voluntary, creating an opportunity for banks to opt out of the system if they so wish when it offers only the most basic and minimal protection against fraudsters. Anyone going into a bank to move money by wire transfer, which I do for safety’s sake, is asked a series of questions about the payee; the bank also takes other steps because it knows that the responsibility will fall on it and that it is required by law. Should not the same strength be put behind online banking?
We should welcome the steps forward I announced. Three initiatives are being taken by banks: confirmation of payee; the interception or interrogation of large sums; and the voluntary code. I will reflect on what the noble Baroness said and see whether there is a case for legislation, but we are making good progress with the steps I announced.
My Lords, are we not getting this the wrong way round? All, or most, frauds have one thing in common: the money is received and processed by another bank account, usually in the UK. Should we not make the receiving bank—the bank that has handled and processed the stolen money—automatically liable for the loss? If we did, banks would have a real incentive to stop accounts being used by fraudsters. We do it for credit cards.
Again, that is a very helpful suggestion. This is not my specialist subject but it seems that it is too easy, in some cases, to open a bank account. That account is then emptied instantly by whoever has committed fraud and no one is left to seek compensation against. I like the noble Lord’s suggestion that, where they have not undertaken due diligence to establish the real identity of the person opening an account, the banks should be held liable.