How to get your money back after push payment fraud

Push payment fraud is the fastest-growing type of fraud in the UK. In 2017, there were 43,875 cases involving push payment fraud, with total overall losses of £236 million to customers and only £60.8 million repaid[1].  And, in the first half of 2018 alone, push payment scams saw £145 million stolen by cybercriminals.

So, it’s essential that victims of push payment fraud know what to do to help them get their money back.

In this quick guide, we provide some expert help on what you need to do to get push payment compensation.

Push payment fraud

Push payment fraud – also called authorised push payment (APP) – happens when cybercriminals trick people into sending them money. Because the individual thinks the cybercriminal is genuine, they authorise the handover of cash.

This money is then swiftly transferred to different accounts, often abroad, which makes getting it back almost impossible. So, it’s vital that people have someone to turn to so they can get push payment compensation.

Types of push payment fraud

Push payment fraud is carried out in many different ways, but ultimately fraudsters are looking to trick you into believing that you are making a payment to someone you can trust.

Typical push payment scams include:

  • Where criminals send fake invoices that look exactly like ones you are expecting (e.g. from your child’s school or a legitimate tradesperson)
  • Where fraudsters convince you to transfer money to them by pretending to be someone official, such as a solicitor (e.g. when buying a house) or the police
  • Where push payment scammers send emails pretending to be from a friend or family member asking for money.

Ultimately it’s about conning you into transferring your cash into fraudulent bank accounts.

The impact of push payment fraud

The money lost because of authorised push payment fraud can be devastating.

For example, a mother and daughter in Kent were tricked out of their life savings after unknowingly transferring £113,665 to a criminal, rather than their solicitor.

Another woman was conned into losing her mother’s care-home fees after a criminal claiming to be from her bank’s fraud team flagged up unusual transactions on her bank account. She was asked to move her balance to a new “protected” account. However, when she called her bank to check the transfer had gone through, they knew nothing about it.

Why were you targeted?

In some cases, the criminals involved might have called hundreds (or even thousands) of people in the hope of deceiving someone.

But often these scams are highly targeted and happen because your data has already been violated because of a data breach (or other cybercrime such as an email hack).

A data breach could have occurred at any organisation that holds your personal information. Criminals often use data breaches to access data and sell it on the dark web.

According to a report by The Independent[2], the personal data of UK citizens is selling for as little as £10 on the dark web. The data offered provides more than enough information for push payment fraudsters to convince you that they are genuine and defraud you.

In addition, some criminals will target the customers of banks that have poor security processes. This is because they know that inadequate practices can make it easy to trick customers into handing over money. This includes where banks fail to:

  • Keep their internal telephone/text/email systems secure
  • Keep their internal security protocols safe and secure, allowing fraudsters to easy access to them to commit fraud
  • Undertake proper checks on large transactions from clients who don’t normally transfer large sums
  • Undertake proper checks on transactions to accounts where there is no history of transactions
  • Stop transfers and freeze accounts when they are informed that fraud might be happening
  • Liaise with the fraudsters’ banks to chase down the money and/or find out who the money has gone to.

Protecting yourself from push payment fraud

There are steps you can take to protect yourself from push payment fraud. For example, you should never disclose your security details such as your PIN or full banking password to anyone (not even your bank). Likewise, you should never transfer money without being 100% sure who you are sending it to. Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine.

But this doesn’t help if you have already been conned.

How to get push payment compensation

There are a few ways to get your money back after a push payment fraud.

Firstly, if someone is convicted of a cybercrime against you, the court may order them to pay you compensation. Where the authorities are not interested in pursuing compensation, or where you do not want to make a criminal case, we can assist with a private prosecution. However, this isn’t always possible. First and foremost the scammer has to be caught, and that is rarely the case.

Secondly, you can ask your bank to compensate you after a push payment fraud. Historically, banks have avoided paying push payment scam compensation to victims unless there was a fault in their processes. They argued that they made it very clear that customers should never make a payment at the request of someone over the phone or email. So, because you authorised the payment, it was your responsibility, and they could not be held liable.

However, stronger protections have been introduced to help protect victims of push payment fraud. This means that your bank or credit card provider can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness.

Thirdly you can also complain to the bank that received your money (the bank that the fraudster used). This is a new rule that has been introduced to encourage banks to do more to identify when a fraudster is using their services.

It is expected that banks will reimburse somewhere between £30million and £40million more in push payment compensation in 2019 as compared to last year.

What if your bank refuses to give you push payment compensation?

Despite the new measures, the banks are still trying to limit their liability for push payment compensation. So, if you’re not happy with the response from your bank, you should refer your complaint to the Financial Ombudsman.

The Ombudsman understands that cybercriminals are becoming increasingly sophisticated and harder to spot. It knows that people are often manipulated into thinking that their money is at risk. So they will think carefully before deciding whether you have acted in a way that goes beyond what might be described as careless.

However, even where you do have a claim for reimbursement, fraud victims whose banks refuse to refund their losses can see the appeal process drag on for months. The average wait for those taking their case to the Financial Ombudsman Service is a staggering 215 days.

What if the Financial Ombudsman doesn’t help?

If you have been the victim of a push payment scam and the banks are refusing to help, you should contact Hayes Connor solicitors to find out if we can help you to recover any losses.

We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.

 The current banking system makes it all too easy for scammers to trick people into sending them money so it’s vital that you have someone you can turn to for help.


What should you do now?

 If you have been the victim of an attempted push payment scam, you must contact Action Fraud ASAP if you haven’t already done so. Action Fraud is the national fraud reporting service. However, if you have lost money as a result of the scam, you must also report it as a crime.

If you live in Scotland, you should call the Police on 101.

There are also some security measures you should take after a financial data breach to stop yourself from falling victim to further crime. These include:

  • Contacting your bank/credit card provider immediately
  • Freezing your card right away via your banking app if available
  • Changing your passwords and other security details
  • Implementing a credit freeze until the matter is resolved
  • Keeping an eye on your bank and credit card statements to see if there is anything you don’t recognise (and reporting these to your financial provider immediately)
  • Letting the credit reference agencies know of any activity that was not down to you
  • Registering with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

If you have been the victim of a push payment scam and the banks are refusing to help, contact us to find out how we can help you to recover any losses and to discuss your case in more depth. We can also help you if you became the victim of a bank scam as a direct result of a data breach.


For more advice on how to keep safe, follow us on Twitter and Facebook.

[1] UK Finance