Recently published data shows that more than £500m has been stolen from customers of British banks in the first half of this year. £145m of that was due to authorised push payment (APP) scams, in which people are conned into sending money to another account. I’m sorry to say I’ve just added to that figure.
A few weeks ago I used social media to complain to my bank about a delay in obtaining bank statements. This has happened on a few occasions, and when it does I often struggle to meet my monthly accounting deadlines. On this occasion, my bank acknowledged the delay and promised to escalate the matter to customer services.
A few hours later, Tom from MetroBank customer services called to apologise, and to offer me a solution to my problem. I could move my account from one banking service to another (business banking to business online plus) and this would mean, among other things, speedier access to bank statements every month. We had a long conversation about how this would work, discussing terms and conditions, and much more, The person on the other end of the phone was full of empathy, knew the products inside out, and was confident my problems would be solved. We went through some security procedures and the new account was put in place. In a few hours everything would be moved across, I’d have my statements and I could complete my work.
Sadly, Tom was not an employee of the bank, Tom was a thief. What was positioned as a simple switch from one account platform to another turned out to be a switch of a completely different kind. When I checked on my account later that day, it was empty. I felt sick to the pit of my stomach, and phoned the bank immediately. I was past around various departments for over 30 minutes, during which time the fraud team closed down for the weekend. I eventually got my account locked down – though this didn’t achieve much seeing as it was now empty, and I was told to go to my bank branch on Saturday morning to get a new bank card and have everything reactivated. My head was spinning, I felt angry, sick, I felt awful. I’ve let myself and my family down, and put us in a very vulnerable position, just before we head off on holiday. Perfect timing! I told Carole and Keira the news, and though their kindness towards me speaks volumes, I confess that in a way, it makes me feel even worse. How could I have done this to us? How could I be so stupid? I’m telling myself it’s OK, I fell foul of a beautifully executed professional fraud. I’m trying to forgive myself, but it’s not easy.
It is well known that victims of APP fraud rarely get their money back, and after a few phone conversations with my bank, they’ve made it clear this is on me. I can’t and won’t deny my share of responsibility, however I am disappointed with their response. The bank’s systems and processes leave customers vulnerable to attack, and I am taking my case to the ombudsman. In the meantime, I have learned a few very important lessons through this process, some of which may help you in future. You might want to take a minute just to ponder these questions:
Does your bank operate distinctly different telephone and online banking security methods? In my case both systems are almost identical – making it very easy for fraudsters to pretend to be taking you through security when in fact they are obtaining the information they need to access your account. My personal bank operates two entirely different systems (including voice recognition over the telephone) making it much harder for fraudsters to succeed.
Does your bank fraud department operate 24/7 or limited hours? In my case they close at 5.30pm every day and are closed all weekend. I think this leaves customers vulnerable.
Does your bank operate unusual activity flags and blocks? A friend of mine was recently defrauded in the exact same way as me, only their bank noted unusual activity (the account being emptied) and blocked it. My bank does not operate this safety net. Despite that fact I have never before emptied my account, they didn’t see fit to place a hold on things and check in with me.
Does your bank adhere to the same security standards it demands of you? When I called my bank for an update they disclosed account information to me without taking me through full security clearance, even though I was the subject of an active fraud case.
Does your bank seek video evidence to support prosecution? In my case – my bank knows that once the money was taken from my account, it was withdrawn over the counter at the other end of the transaction, yet I am not currently aware of any attempt being made to obtain/view the security camera footage to identify the perpetrators.
Do you currently use any form of social media to interact with your bank? If you do, then please be mindful, you’re being watched by Tom and others who may seek to do you harm.
I’m telling you all this for two reasons. I want to raise awareness of just how commonplace this activity is, and make others aware just how easy it is to fall foul of it. Thanks for reading, and take care.