There’s a reasonable chance that most of us, at some point in our lives, will experience fraud, in one form or another. As technology continues to advance and we store more of our personal data on phones, tablets or digital storage platforms like the Cloud, we become increasingly vulnerable to hackers and scams.
Whereas someone – short of breaking into a bank – would have once had to physically steal our post to access our financial statements, hackers can now find out previously private and confidential information with a few clicks of a mouse, a cleverly replicated email, or an invitation to re-enter a password or account details.
Now, as scams and hacks become more sophisticated – keeping up with the advancing rate of technological progression – so, too, do the efforts of professional institutions, like banks, hospitals and online companies that hold significant accounts of customer information, to uphold their commitment to data protection and prevent fraud taking place.
The news this week, that banks will be introducing an additional security check with online payments, is an important – and much needed – example of this change. Working in commercial disputes, I’ve seen – first-hand – just how open the current banking system has left people to being scammed, sometimes out of hundreds of thousands of pounds.
Many businesses rely on the CHAPS system to pay their suppliers and be paid by their customers. It was developed as a fast, secure and efficient way to make payments, with funds being transferred irrevocably the same day. But, there have been many instances where customers have directed their banks to pay an individual, only for the payment to be mistakenly paid to a fraudster’s account instead. This is usually because of a fraudster imposing as the person the customer intends to pay, and giving them incorrect bank details. Because, currently, there is no system in place to check that the sort code and account number match the name of the person you’re trying to pay, if you enter the incorrect information, the fraudster will receive it – and there’s little that banks can, or will, do to recover your money.
This is precisely what happened in a case I worked on a few years ago, Tidal Energy Limited v Bank of Scotland PLC. Tidal tried to pay one of its suppliers, but entered the wrong bank details and account number on a CHAPS form – although it did enter the correct name of the supplier. The Bank of Scotland didn’t check that the name and financial details matched up – it wasn’t obliged to by law – and as a result, a payment was made to a fraudster’s account, which was immediately withdrawn. The supplier’s account was not credited – and Tidal Energy lost a significant sum of money.
Similar cases have also hit the news, where individuals have lost entire house deposits as a result of entering fraudster’s bank details when they believe they’re paying their solicitors, or their builders.
It’s cases like this that have brought about this important, mandatory security measure, that’s been needed for several years. It’s great that, in representing clients like Tidal, we’ve been able to play a part in it. The impact will be huge: banks will have to do everything in their power to prevent a cycle of criminal profit.
In this age of increasing cyber fraud, customers ultimately use banks to protect themselves against theft and fraud – generally a bank account is perceived as more secure than stuffing cash under the mattress. It seems reasonable, then, to expect them to update their policies and use the full extent of their knowledge and power to protect what they have been entrusted with, rather than leave their customers vulnerable to fraud. Although it’s disappointing that the banking system has dragged its heels in implementing this simple measure, it’s encouraging to see that more is being done to properly protect us, and our assets.