Banking Scams

Scams can appear in many different forms, targeting both experienced investors and average retail customers alike.

As the saying goes, if it sounds too good to be true, it probably is!

Although it is true that scammers are increasingly taking advantage of new technology, be aware that phone scams are also on the rise, although the methods being used are getting more sophisticated.

Some common scam types are described below. However, please be aware that this is not an exhaustive list, and scammers are constantly developing new techniques. If you come across a different type of banking scam please let us know. For more information about the latest types of scams, you may wish to refer to the Financial Investigation Unit's website.

Money transfer scams

Although money transfers are an easy and convenient way of sending money to someone electronically, they are risky when you send money to someone you don’t know. This is because transferring or ‘wiring’ funds is like sending cash. It is a quick process, and once the money is gone it is almost impossible to reverse a transfer or trace the money, which is why it is exploited so frequently by scammers.

To ensure you don’t fall victim to this type of scam, never wire money to a stranger or someone you have not met in person. This could be, for example, someone claiming to be a foreign government official, a seller insisting on a wire transfer for payment, an online love interest asking for money, someone advertising a holiday rental, or anybody claiming to need help in transferring large sums of money.

You may be promised huge rewards or what appears to be an easy way to make money. Alternatively, the scammers may take advantage of your generosity by posing as a genuine charity in order to fraudulently collect money, or play on your emotions by claiming to be in jail or hospital abroad requiring financial assistance.

Payment card fraud

There are many types of card fraud aimed at stealing your credit or debit card details, which involve either the theft of the card itself, or of the sensitive information held on the card. This could occur if you are not present at the time of the transaction, for example, when making a purchase over the internet, or if the card is out of your sight, say in a restaurant. Alternatively, the scammer could make you think you are talking with a trusted organisation and trick you into providing the information, or even illegally copy the information from the magnetic strip on the card and create a ‘cloned’ card with your details on it.

Debit and credit cards each have their advantages, and are suited to different situations. A major advantage of using credit cards over debit cards is that the level of protection offered is generally higher, namely when something goes wrong with a purchase, or if your card details are used fraudulently. Although most debit card providers are starting to offer a form of protection when you make purchases using your card, there is no legal obligation for them to do so.

Remember never give out your bank account or credit card details unless you are certain of who you are dealing with, and never let your card out of your sight. However, if you have already given the fraudsters this information, you should tell your bank immediately.

Contactless card payment fraud

Contactless payment allows you to make a payment of up to £100 per transaction, without having to provide a PIN, by tapping or waving your debit or credit card over a card reader. Although contactless payment generally makes transactions quicker, you should be aware of the fraud risks associated with contactless card payment fraud.

Top five tips to reduce the risk of being a victim of contactless card payment fraud:

  1. Never hand your card to someone else before or whilst making a payment. This is to reduce the risk of skimming, where someone can copy data from your card’s magnetic strip.
  2. Always check the amount on the card machine matches the price of the goods or service you are purchasing before tapping or waving your card against the card reader.
  3. Ask for a receipt to make sure you are charged the correct amount. 
  4. Check your card statements regularly to look for unusual transactions.
  5. If your card is lost or stolen, someone might be able to make contactless payments using your card. Therefore, it is even more important to report your card as lost or stolen to your card provider as soon as you notice it is missing so that it can be temporarily blocked. You can find the contact details for your card provider by searching online. Alternatively, if you have internet access to the account to which the card is linked such as through a mobile banking application, you may be able to block it this way.

Even if your transaction is below £100, you do still have the option of inserting your card into the card reader and entering your PIN when making a payment.

Most debit and credit cards have a contactless payment option, however your card provider may give you the choice to opt into or out of this facility. You should get in touch with your bank or card provider if you would like to alter this.

Mobile payment security

Contactless payment is also possible using your smartphone, or other device, such as a tablet or smartwatch. However, unlike using a debit or credit card, you are able to make payments of over £100 (although for transactions over £100 you would have to enter your PIN into your smart device). Using a smart device may be more convenient for you, however you should be aware of the additional risks associated with making payments in this way. 

Top five tips to reduce the risks from using a smart device for payments:

  1. Use two-factor authentication on your smart device, such as a PIN combined with a biometric method i.e. fingerprint, facial recognition or an iris scan. This decreases the chance of someone else making a payment without your permission, in the event your smart device is lost or stolen.
  2. Avoid clicking on links on your smart device from unknown and unfamiliar sources. Taking this step lowers the risk of your device being infected by malware that may lead to your password or private information being stolen.
  3. Only add a new card to your smart device using a secure network, a VPN or using your 3G or 4G cellular network, instead of a public Wi-Fi. This reduces the chance of someone intercepting your personal information.
  4. Turn off the ability to make payments using a device if you think your personal information may have been intercepted.   
  5. Refer to the top five tips for contactless card payments, as these will also apply to smart devices.

‘Phishing’ scams

This is when scammers attempt to obtain your private, sensitive information, such as usernames, passwords, PIN, credit card details, and sometimes money, by pretending to be from your bank or other financial institution, a company you regularly do business with, or from your social networking site. They may do this via email, web page, text message or phone call. The scammers will give you some reason why they need this information, and then use the details to access your account. Frequently the reason used is that there is a problem with your account, and in order to increase the chances of a response, the message may imply a sense of urgency or an immediate risk to your bank account or credit card if you fail to answer.

Phishing emails often include official-looking logos, and might also include convincing details about your personal history, which the scammers were able to find on your social networking pages. They might also include links to ‘spoofed’ or ‘cloned’ websites, which appear to be the financial institution’s own genuine website, and which if followed, ask you to enter personal information.

Remember, if you receive any emails (or text messages) which appear suspicious, the best thing you can do is to delete them straight away.

The Commission is often made aware of scams targeting local residents, a common one being ‘voice phishing’, otherwise known as ‘vishing’. This is where a scammer telephones an individual to say that there has been a fraudulent transaction on their account. For security reasons they are advised to phone the bank back. The victim puts down the receiver and then dials their own bank. However, unbeknown to the victim, the fraudster stays on the line, to intercept the outgoing call. An accomplice then ‘answers’ the call and, believing that they are talking to their bank, victims will often disclose account numbers and passwords directly to the fraudster, who uses the information to steal money from their accounts. Once the funds are transferred out of the customer’s account there is little chance of recovery. If you are contacted in this manner we would advise you to call your bank back using a different telephone, for example, if contacted on a landline then use a mobile telephone to make the call. Alternatively, wait at least 20 minutes before returning the call on the same line. The delay should ensure that the original call had been properly disconnected and the fraudster and their accomplice are no longer on the line.

As part of a national fraud awareness campaign, the British Bankers' Association has produced a list of eight things a bank will never do:

  • Ask for your full PIN number or any online banking passwords over the phone or via email
  • Send someone to your home to collect cash, bank cards or anything else
  • Ask you to email or text personal or banking information
  • Send an email with a link to a page which asks you to enter your online banking login details
  • Ask you to authorise the transfer of funds to a new account, or hand over cash
  • Call to advise you to buy diamonds, land or other commodities
  • Ask you to carry out a test transaction online
  • Provide banking services through any mobile apps other than the bank's official app

Authorised Push Payment Fraud

Authorised Push Payment (APP) fraud happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences, to a bank account controlled by the fraudster. 

This can be as simple as fraudsters requesting payment for goods that do not exist, invoices being issued for services which have not been carried out, or if, for example, an individual’s online banking has been hacked or intercepted.

If you have been scammed, getting your money back can be very difficult, because this type of payment is instant, which means that it is almost impossible to cancel.  And, the fraudster can quickly move the stolen money elsewhere before they are caught.  

New rules

The UK Financial Conduct Authority has published new rules which allow victims of APP fraud to complain to the Payment Service Provider (“PSP”), which is often a bank that received their payment. These new rules came into force on 31 January 2019.

This means that where victims were previously only able to complain about the scam to their own bank(or other PSP), they are now also able to take their complaint to the bank (or other PSP) which received  the transfer. 

In addition, under these new rules, if the receiving bank (or other PSP) is in the UK, victims can refer their complaints to the UK Financial Ombudsman Service, if they are unsatisfied with that bank’s decision.

This also applies to victims who hold accounts in the Bailiwick of Guernsey as they can complain to a UK receiving bank (or other PSP) or to the UK Financial Ombudsman Service.  A link to the Financial Ombudsman Service website can be found here.

If the receiving account is at a bank in the Bailiwick of Guernsey or in Jersey, the victim could complain to that bank and, if unsatisfied with the bank’s decision, they could then complain to the Channel Islands Financial Ombudsman who may be able to consider their complaint.  A link to the Channel Islands Financial Ombudsman website can be found here.

Top 5 tips to protect yourself when you receive a payment request
  • Is it unusual? – Is the payment being requested earlier than expected, or for a different amount to that previously discussed?  Was the contact outside of office hours, or was it unusually urgent or demanding?
  • Email details – Has the payee bank account details changed?  Check for any subtle changes in the address, such as a letter being omitted or substituted.  Is the email from the same person you have been communicating with?  Is their name, email signature or company logo correct, and of the quality you would expect from a legitimate company?
  • Tone and grammar – Are there spelling errors that you wouldn’t expect? Are the sentences structured incorrectly?  Is the email addressed to you specifically, or is it generic?
  • Pressure – Is the caller or email pressuring you to make a decision to take immediate action?
  • Do your own checks – If you have any doubts at all, you should contact the company directly using publicly available details, not those on the email or left on a voicemail, to confirm its legitimacy.  A trustworthy person should not make you feel embarrassed or guilty.
What to do if you think you have been a victim of APP fraud?

Information on what to do if you think you have been the victim of a payment fraud can be found here.

Reporting a scam

Find out more information about how to report a scam!

Further information

If you want any further information on the subject, you may find the following resources useful: