Santander UK – Written evidence (FDF0094)
What processes does Santander have in place to a) recognise and b) stop suspicious or fraudulent payments? In this case, what steps did Santander take to try to prevent Paul from transferring funds to a fraudster?
Protecting customers from fraud is a top priority for everyone at Santander and we invest heavily in prevention and detection.
In this case our detection systems alerted us to unusual payments from Mr Chase, which prompted us to discuss them with him in more detail. Our dedicated fraud contact centre contacted Mr Chase, but despite specific conversations around potential scams Mr Chase chose to provide inaccurate information to us regarding the reason for the payments, which resulted in them being released.
Our detection systems and dedicated fraud contact centre include static and dynamic warnings for customers looking to make payments, alerting them to the risk of the scams associated with the type of payment they are looking to make.
We also have a dedicated “break the spell” team who intervene with some of our more complex and high value cases, speaking to customers to try and disrupt the social engineering and manipulation that the fraudster has used against the customer and prevent the customer from making payments.
Despite the steps we take to protect customers, it can still be difficult to prevent fraud if a customer has been socially engineered by the fraudster, and we are not provided the correct information about a proposed payment.
What more could have been done to recognise that Paul was being manipulated by Fraudsters? For example, does Santander have the technology to recognise when there is a shared call taking place?
Alongside the measures referenced above Santander is actively investigating new technology that can indicate that a payment may be fraudulent, such as call line open detection.
APP fraud is a widespread problem that requires cross-sector collaboration to solve. There are additional measures that the financial services sector is already developing, such as increased data sharing between banks. We also believe that the sector could consider how it can introduce additional friction to some payments, such as the high value ones made by Mr Chase.
Ultimately the most effective way to prevent fraud is to stop fraudsters from accessing potential victims. In this particular case, we understand that the fraudsters used social engineering to persuade Mr Chase that they were official representatives of Santander. They likely did this by using personal or financial information gained via techniques such as smishing or phishing, or from social media.
It is vital that the firms that facilitate these scams, such as social media or telecom companies, are held to account and incentivised to do more to prevent fraud from taking place. We support the amendments to the Online Safety Bill to this effect and encourage Government to introduce these measures at the earliest possible moment.
Please can you explain why Paul has only been refunded half of the money that he had stolen and whether there are ever circumstances in which a victim of a sophisticated APP fraud would be entitled to full compensation?
Santander had initially agreed to reimburse Mr Chase 50% of the first payment, but not the second and third payment based on the interaction and questions asked by the Bank prior to them being sent.
Upon receiving more information regarding the customer’s individual circumstances during the Financial Ombudsmen review, we refunded the customer in full, alongside paying 8% interest on his loss from the date of the transactions until the date of the refund and a further £500 compensation.
We had already revised this decision before being contacted by the Committee.
Santander is one of the original participants in the Contingent Reimbursement Model (CRM) code and continues to fully support its purpose. This year we have given a full or partial refund to customers who were victims of APP fraud in over 95% of cases and 76% by value.
23 August 2022