For every minute you spend reading this article, another £2,300 is lost to fraud in the UK.
If you’re tricked into transferring money to a scammer, pleading with your bank to cover the losses is your only hope of obtaining redress. But if bank bosses had their way, social media sites, where they say the majority of such fraud attempts originate, would have to pick up a share of the tab.
Last year, £1.2bn of customers’ money was lost to scammers according to figures released this week, with nearly 3mn people falling victim.
Marginally lower than 2021 levels, the banks deserve plaudits for detecting and preventing a further £1.2bn of fraud. But the cost of investigating and policing suspicious transactions is mounting.
One large high street lender says fraud is now a more significant cost than its branch network.
Scammers are highly adept at exploiting the biggest weakness in the banking system — human emotion. Increasingly elaborate deceptions are designed to provoke greed, fear or panic with more than £485mn stolen via so-called authorised fraud in 2022.
Under the current rules, there’s no automatic right to a refund — customers have to prove they did enough to question the fraud attempt.
However, the reimbursement rate for refunding victims tricked into authorising scam payments has risen to 59 per cent — with banks returning £285mn of the £485mn stolen from customers in 2022.
Good news for victims, but as banking bosses are at pains to point out, rising costs are ultimately being met by their customers and shareholders, not those of the tech and telecoms companies.
The government’s new fraud strategy promises to funnel more taxpayers’ money into fighting what is now the UK’s most common crime, but there’s scant hope of tracing and reclaiming the billions being lost. International criminal gangs can move money through the financial system far faster than under-resourced national crime-fighting authorities can keep up with.
To make a meaningful dent, we need a much bigger focus on fraud prevention — and this is where the tech platforms must be forced to step up.
Nearly 80 per cent of scams originate online, according to research by banking trade body UK Finance.
It stopped short of naming and shaming the worst offenders, but said social media platforms accounted for around three-quarters of this total.
Fraudsters can also exploit online marketplaces, dating apps and messaging services as well as spoofing telephone numbers to facilitate the impersonation and deception at the root of so many scams.
Tech and telecoms companies might claim they are doing their bit to fight fraud, but they need to do much more if the sums lost to fraud are ever to fall meaningfully.
“Relying on the banking sector alone to reimburse the victims of fraud means the online platforms that facilitate the majority of fraud have no financial incentive to stop it,” says David Postings, chief executive of UK Finance.
In fact, some could even be profiting from it — though the long-awaited online safety bill will contain a legal duty for platforms to prevent paid-for fake ads from appearing online.
Last week, when the UK government unveiled details of its fraud prevention strategy, it dashed hopes that tech and telecom companies would be forced to contribute to the costs of reimbursing victims, proposing much weaker sounding voluntary agreements instead.
Clearly, there is a misguided nervousness about upsetting big tech companies, but what about the misery inflicted on millions of consumers battling to get their money back from banks?
“There’s also more [the online platforms] could do using their own data to screen out fraudulent bad actors behind purchase scams and investment fraud,” says Postings, noting £67mn and £114mn were lost to these scams respectively in 2022.
The glacial pace at which social media sites respond to fraud reports has caused me to tear my hair out, as I’ve written here before.
Yet the imperative to involve the tech sector in the fight against fraud should be all the greater as AI (artificial intelligence) offers terrifying new ways for the scammers to defraud us.
Using AI to clone someone’s voice “would be pretty easy” according to Postings. You’ve probably heard of the “Hi mum” WhatsApp scam, where parents are tricked into sending money to scammers messaging pretending to be their children in distress. In the future, could fraudsters use AI to clone our voices and phone our relatives instead?
The faces of celebrities such as Martin Lewis, Deborah Meaden and Sir Richard Branson are commonly used by scammers pumping fake investment schemes online. Could future AI-generated incarnations involve convincing calls or voice messages from celebrities? It’s a chilling prospect.
I also worry that scammers could use AI to gaslight more victims into falling for romance fraud — £31mn was lost last year, with the average victim duped into making eight separate transfers over an extended period of time.
AI could also be used for good, helping to detect and prevent fraud. Often, banks’ internal systems stop suspiciously large transactions, yet even when customers are warned of fraud risks, some are unwilling to take the banks’ advice and insist they want to send the money.
Banks now have a legal obligation to make the payment within 24 hours. They want this to be extended to 72 hours, giving the police and other agencies more chance of breaking the spell — and the fraud strategy promises secondary legislation will be forthcoming.
As well as shutting down scams faster, UK Finance wants tech companies to collaborate and share more data with banks. This would help clamp down on activities like money muling, where criminal gangs recruit and direct huge groups of individuals to launder the proceeds of online crime through networks of compromised bank accounts.
With more than half of people in the UK using mobile banking apps, the ability to transfer money online has never been easier. There was a 33 per cent rise in mobile banking fraud last year, with £34mn lost as criminals used compromised bank account details to gain access to our cash.
I’m also alarmed by the growing number of reports of banking apps being accessed by criminals who have stolen mobile phones.
Of course banks, tech companies and regulators need to do more, but we also have a duty to protect ourselves.
Spend a few minutes this weekend adjusting your phone settings to hide notifications when your phone is in lock screen so text-generated security codes cannot be viewed by anyone who swipes your handset. Setting up a Sim card lock is another sensible precaution.
And always start from the position that any online messages you receive asking you to click on a link or input personal data are a scam, and apply the same careful logic to adverts on online platforms.
Simple advice, perhaps, but £2,300 a minute shows the fraud prevention message isn’t getting through.
Claer Barrett is the FT’s consumer editor and the author of ‘What They Don’t Teach You About Money’. email@example.com Instagram @Claerb