We get the quality of government and legislation we vote for, not often what we think we deserve, or actually deserve. Pandering for votes is endemic in most democracies. Is that a reason or an excuse to accept doing nothing even in the face of reality?
Would that improvement be measured by impacts on P/L or on customer satisfaction as it now stands?
Is that a reason to rush about and generate nothing but an announceable?
This looks like generalisation. Yes, a specific bank may have done the wrong thing in a specific situation in the (recent) past. That doesnât mean that all banks will always do the wrong thing.
That is in practice right. With so many bills to pay, I donât want my bank checking in with me about every single bill payment. This would lead to customer fatigue and perhaps even approval of fraudulent transactions, in the same way that customers just click Accept on even quite unpleasant End User Licence Agreements and other agreements such as when signing up to a new web site because they just click through without reading.
Thatâs why I proposed some specific dollar limits with safe defaults and user control for when transactions might require separate verification.
Yes. As it stands today, this looks like flick-passing the problem to the banks - so that politicians are seen to be âdoing somethingâ and politicians canât be blamed when things inevitably go wrong, those wrong things either being the unintended consequences of the changes that the banks make or being failure to prevent fraud despite the changes.
A more considered approach is that all three of: government, bank, customer have to be part of an effort to reduce fraud.
Iâm not advocating for doing nothing. I am advocating:
- Donât blindly follow the UK.
- Donât punish party B for the crimes of party A (which should be or is barely legal).
- Donât sign a blank cheque (metaphorically speaking) i.e. know what changes we are agreeing to.
Letâs have some concrete and specific proposals (like making 2FA capability mandatory and mandatorily apply it for all transactions above $X) and see whether they are desirable and acceptable.
You donât think all this wasnât considered over the course of a 6 year campaign in the UK ?
A lot have done the wrong thing in the very recent past, more than 3 Banks and more than that for other financial institutions have done it in the very recent past. It becomes a generalisation because in general they ( a whole lot of them) have been caught doing the wrong thing, in fact criminal things. So itâs ok to call a thief an innocent party because they only did it once and they had meant to do it? But not only once in the case of these businesses but multiple times.
Perhaps just updating their customers with more current warnings would be a start ?.
For example : Hereâs the latest log in page for ING Bank in Australia.
Their last scam warning was in June 28 last year ! They need to take it far more seriously and do more. But as others have mentioned here, even in the face of daming RC findings and huge fines that go into government coffers instead of the victims, the Banks show no real interest in stemming the tide of this grotesque fraud.
Ha ha. Yeah, OK.
As that scam warning seems to have no relevance to banking, perhaps it should simply be removed.
To take your point though ⊠can scamwatch.gov.au provide a clean (safe) RSS feed of banking-related scams and then internet banking web sites can pick up the latest item from the feed and display it to the user?
Perhaps it was. If so where are the results of this deliberation? I cannot see any specific plan only a general direction to make banks responsible. If you have gleaned more specifics from Which or other contributors to the question please tell us about it.
That would help prevent fraudulent transactions how would it help prevent authorised transactions?
As this is all about authorised push payments, you are right in questioning what two factor authentication would do. In my view, useless.
It might help to prevent stupidly authorised high-value transactions, thereby reducing the total annual cost of fraud, since you wonât be bugged to use 2FA except for high-value transactions i.e. itâs a reminder to be non-stupid. (As an example, if you are using the bankâs app, or a standard app, for 2FA then the app can explicitly query you as to whether you are sure the other party is not a scammer.)
We donât want to prevent non-stupid authorised transactions. Right?
It wonât help to prevent stupidly authorised low-value transactions - but you get to decide what is âlowâ and what is âhighâ e.g. based on what you can afford to lose to a scammer.
All that is based on rational behaviour, of thinking carefully about spending large sums of money. Victims have had their thinking overtaken by strong emotions; greed, love, lust, pity etc. How are they going to suddenly switch to acting rationally in mid transaction?
I can picture the expert fraudster enhancing their manufactured credibility by insisting that the victim uses 2FA.
âYou canât be too careful with large sums of money you knowâ
Such a nice man, always looking after my interestsâŠ
Maybe a prompt from 2FA allows niggling doubts that it might be too good to be true to bear fruit.
If itâs a currently popular scam rather than a custom scam (like a romance scam), maybe it outright confronts the customer with the exact scam that the customer is about to fall for (picking up on the idea of an RSS feed from scamwatch.gov.au).
If the worst that happens in response to this push is getting badgered by the 2FA app then I donât think we can complain too much. You are still free to ignore what it is telling you, still free to be stupid.
Hereâs the latest link that discusses this issue
https://www.which.co.uk/news/2022/03/bank-transfer-fraud-victims-lose-28000-an-hour/?utm_content=other-stories&utm_medium=Email&utm_source=ExactTarget&utm_campaign=4138527-M_MW_EM_140322_A&mi_u=215777815&mi_ecmp=M_MW_EM_140322_A
Sadly that is just a rehash of the previous material demanding that the banks ought to pay. It gives no justification nor any detail on how the banks are expected to deal with the problem. The possibility of unintended consequences is not mentioned. As before, Which wants to poison the well by warning us of âvictim blamingâ with no explanation of why the persons suffering loss bear no responsibility and banks ought to bear it all.
I though the example of the father who paid a bill for a putative son and then later that day spoke to the real son to discover he had been scammed was especially absurd.
So going back to the question of whether the proposal has been polished and improved during the 6 years it has been under discussion; the answer seems to be no.
Scepticism is often healthy as it can cause others to think more deeply about problems and solutions, but when there is no solution included scepticism becomes fatalism in that there is never a satisfactory solution.
Can you offer some proactive or even reactive ways forward? Or are you dismissive there is a problem to be solved, or that however remote the possibility, could be solved or at least improved on the status quo?
Perhaps you glossed over this statement ?
Banks are routinely rejecting refund claims unfairly. Our exclusive investigation in November 2021 revealed that the Financial Ombudsman Service (FOS) ruled against banks in up to eight in 10 cases about APP fraud.
I had a read of the policy research paper from Which?
I find it astounding that the most obvious simple thing that can be done by mandate was consigned to the very last pages. Estimated by the payments regulator to prevent 70% of the problem.
That is mandate confirmation of payee. The sending side has to send the full account details of number and name, and the receiving side must validate this full information. And reject the transfer if the details do not match.