Every other day it seems I get an email asking me to “reschedule my package” and pay an unpaid shipping fee; of course, this involves giving up personal bank details that will then be used to defraud. Or there are text messages purporting to be from your bank, or phone calls from unusual numbers.
Figures from the Banking & Payments Federation Ireland (BPFI) show that fraudsters stole almost €85 million as a result of frauds and scams in Ireland last year. Card fraud accounted for more than 95 per cent of fraudulent payment transactions by volume (or €33.4 million). Most of this was driven by online card fraud or “card not present” fraud, where a criminal uses the victim’s compromised card information to make an online purchase.
Unauthorised electronic transfers (primarily payments through mobile and online banking) are another big issue, accounting for about €33 million in fraud losses last year.
Unfortunately, if you do fall victim to theft and fraud, you may not always get your money back.
A cautionary tale
Here’s a cautionary tale from a reader who signed up to Dutch bank Bunq, only to have his account emptied within hours of opening it.
On June 20th of this year, he applied to open the account to benefit from the bank’s 1.56 per cent offering. It was subsequently opened on June 29th and he lodged €10,000.
“I transferred money in that morning, it arrived in the account around lunchtime and it was gone by about 4pm,” he says.
Although he had not authorised any transfers, “nevertheless somebody gained access, set-up a second account in my name, split the money to bypass one-day transfer limits and transferred the lot to an unknown party”.
The only notification he received from Bunq was to tell him that his balance was low – not that such large amounts had been transferred so quickly from his account.
“I was confused by that, so I checked the app and discovered the balance was zero.”
The hacked funds were sent to an account in the name of Maria Victoria, and “to add insult to injury”, our reader also received a bill from Bunq for €8.99, as the hacker upgraded his account to a paid tier in order to create the second account.
When he realised what had happened, he quickly got on to Bunq, and also notified the Garda fraud team.
At first, he was concerned that he might have inadvertently given information away in emails he received, but Bunq support confirmed that these were legitimate, so he is still unsure of how the criminals gained access.
We checked with a spokeswoman for the Dutch bank who said that fraud at the bank is “at very low levels thanks to our advanced systems”. Not much comfort to our reader, however.
He has recently been told that Bunq cannot refund the lost funds.
According to the spokeswoman, this is because “it depends on the counter bank to secure the funds”. And our reader has been told that Bunq have been unable to do so.
“For securing the funds and the pace of progress we’re highly dependent on other parties, such as, for example, the bank the money was transferred to,” says the spokeswoman.
The reader is now left short of his €10,000 and continues to query it with the bank – and awaits an update from the Garda investigation.
Scammers are undoubtedly getting more sophisticated. In recent days, AIB warned its customers about a scam in circulation that looks increasingly authentic, as the scammers are using legitimate names and job titles from AIB staff – as well as apparently real email addresses – when they contact customers.
The scammers are selling legitimate looking investments, but when the bank customers fill out all the relevant documents, they are then asked to transfer their money to an account, which they later realise does not belong to the financial services firm and their money has been stolen.
It’s not the only bank to warn customers about possible scams.
During the summer, Bank of Ireland issued a warning about a “Hi Mum/Dad” text scam, whereby fraudsters sent fake messages, purporting to be from a member of the family with a lost or damaged phone, who needed access to money. An attempt was then made to collect personal card and online banking details.
“Contact the bank as soon as possible so that BOI can do everything possible to block or recover the payment. We also advise customers to contact the gardaí to report the fraud— Nicola Sadlier, Bank of Ireland's head of fraud
The bank has also warned about customers receiving phone calls purporting to be the bank, out of the blue, saying there is a problem with your account and looking for authorisation codes.
It says familiar tactics include fraudsters posing as banks, utility companies, toll operators and government agencies.
Other popular scams include card skimming, whereby the data on the black magnetic strip on the back of your card is copied using a device called a skimmer; and lottery scams, whereby you’re told that you’ve won a prize, but in order to get it you will have to pay a fee or give your personal banking details.
Scammed? What can you do
If you fear that your account or card has been attacked, freeze it if you can, and get in touch with your bank immediately. You should also try to take screenshots of any texts or emails you have received, or messages on your account.
Nicola Sadlier, head of fraud with Bank of Ireland, advises: “Contact the bank as soon as possible so that BOI can do everything possible to block or recover the payment. We also advise customers to contact the gardaí to report the fraud, but our fraud team make sure that all cases reported to BOI are reported on to gardaí in any case.”
AIB says getting in touch promptly can sometimes mean that it can stop a fraudulent payment from processing.
A quick search online will give you all the relevant numbers/email addresses you’ll need for the various banks.
Sometimes you may not be sure whether you have been approached fraudulently or not. To this end, BOI now has a “check your text” service, which allows you to check whether or not a text is genuine. To access this, you need to copy the text you wish to verify, then paste it into a new message. You add the word CHECK before the text, and then send it to 50365.
What are your rights if you do lose money from your bank account due to fraud? Are you always entitled to get your money back?
It seems there is no blanket policy on this, with banks treating each claim on an individual basis.
A spokeswoman for AIB says that where customers have been scammed, it will “deal sympathetically with them on a case-by-case basis”.
A spokeswoman for PTSB says “decisions regarding refunds are assessed based on the individual case details”.
Sadlier says that at Bank of Ireland, once a fraudulent payment is identified, it will attempt to recoup money by contacting the receiving bank or merchant.
She says that through fraud prevention, the bank has stopped about 70 per cent of all attempted fraud so far this year.
‘There have been some instances where customers have acted against the advice and warnings of bank staff and sent money to a scammer’— AIB
“In the remaining cases, where a fraud was successful, all efforts were made by our teams to recover funds for customers.”
If a bank can track down where your money went to and get it back, you should get it back. But what if it can’t?
“Cases where it is not possible to recover all funds are assessed on a case-by-case basis depending on the specific circumstances of the fraud,” Sadlier says.
Where it can also get trickier, is if you have “helped” the fraud by sending on personal bank details – even if done so inadvertently.
As the BPFI notes, if you give away your payment card or PIN details, “you may be held liable for any unauthorised transactions”. So replying to an email or text could prove then to be very a costly mistake.
As AIB notes: “There have been some instances where customers have acted against the advice and warnings of bank staff and sent money to a scammer.”
What is the regulator’s view?
A spokesman for the Central Bank of Ireland says that, under European law (mainly PSD2), customers should only be liable for unauthorised payments up to a maximum of €50. But here’s the kicker.
“The customer will be liable for the full amount of an unauthorised payment transaction in cases where it is proven that they have acted fraudulently, did not use the payment instrument in accordance with the terms governing its issue and use, or acted with gross negligence,” the spokesman says.
Now you might read that as assuming that should mean that in most cases – unless you gave away your personal details, accidentally or not – you will be entitled to your money back. However, the gross negligence term can be unclear. Payments group Bunq, for example, says Dutch law does not provide a clear example of what the term should mean. Moreover, in its fraud policy it says you can be grossly negligent “if you encountered something suspicious or dangerous but did not act on it”.
But how to prove that? Could that mean you got an alert about a withdrawal on your account but didn’t notice this, so didn’t act on it?
This legal framework then may mean that legitimate victims of fraud may lose their money – if the bank’s “case by case” approach doesn’t work out in their favour.
Remember, if you have been the victim of a fraud and you didn’t get your money back or you’re not happy with how your bank dealt with your case, you can engage with their complaint process. And if you’re still not satisfied at this point, you can bring it to the Financial Services and Pensions Ombudsman.