Banks aren’t facing up to tech fraud

My old boss, Bob Diamond, used to call the UK clearing banks (including Barclays, our mutual employer at the time) the “Big Dumb Banks”.  He had a point.  Back then (in the late ‘90s) they suffered from chronic “fear of missing out”, resulting in serial spending sprees on brokerages, investment banks and asset managers to juice the bottom line.  Most of them didn’t work. With the possible exception of HSBC, the BDBs today are shadows of their former selves as a result.

Even after the multiple failures of two decades, the taste for self-mutilation continues. Today’s glittering object of desire seems to be retail financial technology.  You can see why—the challenger banks are reason enough—and in some respects the BDBs have no choice.  But one thing is evident: they are still BDBs and they are still spending money on the wrong stuff.

it is time to man the Luddite barricade

Tech has been moving faster than most people’s ability to understand it for some time now.  One is ashamed to complain, fed by the more or less unchallenged position that technology is good, that opposing it is bad and likely to make you look a bit of an idiot.  But I have seen something recently that makes me think it is time to man the Luddite barricade.

My plumber explained to me how he had had £10,000 stolen from his bank account via his mobile phone.  At first it sounded familiar: the fraudster—posing as a BT engineer—gained illicit access to his mobile phone after persuading him to download an app.

He thought he was getting a broadband speed tester and indeed that is what it appeared to be.  This type of fraud is known as “upstreaming”, according to fintech types.  The plumber had been in touch with BT about his broadband, so the call did not seem suspicious.

Having got in, with the speed test dials doing their normal thing, the criminal was searching the phone for his bank account. Suddenly it came up on the screen in front of the alarmed eyes of my plumber.  By now he was trying in vain to turn off the phone.

If the fraud was bad, the bank’s response was worse

The twist in this tale that shook me was how the fraudster used the plumber’s mobile phone camera to take his picture and activate a new payee (the fraudster) using “biometric” approval.  Bye-bye £10K. The boasts about biometric approval technology on bank websites don’t mention this as a possibility.

If the fraud was bad, the bank’s response was worse.

It took a full week to contact my plumber after he had notified it of the fraud.  The manager of the branch that he visited told him wearily that he didn’t have time to look at it and that all of his working day was now taken up with fraud cases.  Once they heard he had downloaded an app, they virtually dismissed him. Note that over 100 billion apps were downloaded from the Google Play store last year and this one had appeared on the menu like any other.

Having asked for restitution from his bank, they managed to refund three of his ten thousand missing pounds – (that’s three pounds, not three thousand).  Their letter was blunt: “We confirm that we have now taken all of the steps we are able to take to attempt to recover your fraud loss. This is therefore our final correspondence on this matter.”

Naturally, my plumber wrote to the bank asking them to reinstate the rest of his missing money. It took them just over eight weeks to say no.  He then went to the financial ombudsman, who said that the case would take up to four months to be heard.  Two weeks later, the ombudsman investigator reported that the bank, “as a gesture of goodwill”, had agreed to reinstate his missing £9997.00.

fraud hazard seems to be a residual concern

Consumers, regulators and bankers alike need to consider this seriously.  For the consumer, if banking on a mobile phone is so easy for a fraudster to access, why take the risk?  For the regulator, how can a bank see-saw between “no” and “yes” in the space of three weeks when presented with such a case?  It almost seems like they are making it up as they go along, which—of course—they probably are.

As for bankers, it looks like risk management disciplines might be applied a little more firmly to so-called fintech.  With fintech fast-tracked by marketeers and accountants for its bottom-line benefits, fraud hazard seems to be a residual concern—a price for the banks to pay for progress, but only if forced to.  (My plumber would not have argued his case had I not urged him to do so.)

The steadily rising incidence of on-line fraud is well-evidenced on the Financial Ombudsman’s website.  Banks are hopefully learning from the frauds committed against their customers, although in the case of my plumber their interest was low enough to suggest that it was commonplace.  This suggests a stubborn resistance on the part of the BDBs to acknowledge fintech’s failings.

In time, no doubt they will be addressed.  For now, though, maybe ditch that facial recognition software on your phone.

Peter Krijgsman is a former Editor-in-Chief of International Financing Review, and former Global Communications Director for Barclays Capital.

Comments are closed.