If you’ve ever been unjustly completely locked out of your finances for an extended period, it’s a bizarre experience and a wake up call. I once had a purely online bank ask me to prove my identity by mailing a copy of my passport.
The only issue was they were asking me to prove I was someone else (they sent an email to me, but referencing someone else’s name in the email).
They then locked me out because I didn’t respond fast enough and took that as suspicious activity.
When I tried to explain I couldn’t prove I was someone I was not, they tried to skirt the fact they had messed up.
Point being - banks need to protect our money, but banks make lots of silly mistakes that can ultimately harm the people they are trying to protect
This is a great reason to not put all of your financial eggs in one basket. You hear stories around here all of the time about people's businesses being ruined by Google's automated abuse systems and lack of customer support. There might only be one Google, but there are a lot of banks. They might all have similar policies, but at least it is less likely they will all try to screw you over at the same time.
If you have rainy-day savings for at least six months of expenses (as everyone is advised to do), there is no reason you cannot split those up.
IMO, the best place to keep that rainy day savings is in gold coins that are well-hidden in your house. It'll keep up with inflation, easy to transport or grab in a pinch, cannot be taken by your bank, and are very quick to liquidate into cash for a single-digit percentage spread.
> If you’ve ever been unjustly completely locked out of your finances for an extended period, it’s a bizarre experience and a wake up call.
Happened to my mother-in-law for she was sharing a family name with someone who had his account locked (she only learned that it was due to that reason and mistake months later).
One solution is multiple bank accounts.
For a small account, a unicorn like Coinbase can be used too: keep a few thousand USD/EUR at Coinbase and have a debit (not credit in this case) card which you can refill at any time from Coinbase (doesn't have to a debit card emitted by a Coinbase partner: it can be, say, from bitpanda too and then you just refill bitpanda from Coinbase).
This "fintech" / crypto backup is my middle finger and backup plan in case the bank decides to freeze my account for a while. It doesn't work for everything but at least it fixes the "cannot buy groceries / cannot fill up the car" pressing issues.
BTW nobody needs to believe in crypocurrencies to do that and nobody needs to go all in either: you can just use these companies as some kind of bank, with a little amount as emergency, just in case the proverbial shit hits the fan of your real bank.
Someone opened a bank account using my email. Bank rejected the fault on google who created a duplicate account and I was somehow accessing the other person email.
Yeah sure buddy, they stopped their bullshit when I claimed I was going to contact the local authority.
Reminds me of getting someone's phone bills in my email (say it's foobar@gmail.com) because they thought their e-mail is foo.bar@gmail.com (GMail ignores dots in email addresss). I emailed the phone company telling them I'm not that guy, and they replied saying "Well as you can see we sent the mail to foo.bar@gmail.com, and that's not you".. OK genius, how did it arrive in my inbox, then?
After 3 more of these I just set up a rule to immediately trash emails from them.
A family member works in banking phone support and the scams people get caught by are unbelievable. Every week people are convinced by scammers to give their bank cards to a taxi that arrives at their house (supposedly sent by the bank), they transfer 1,000s of euro to foreign bank accounts (supposedly at the request of the bank to safeguard the funds), they lie to the bank (somehow convinced by the scammers), etc.
That's a symptom of law enforcement having dropped the ball for over a decade. There is no way in hell anyone would dare send a taxi "sent by the bank" to pick up scam proceeds in a society with a functioning law enforcement system because the scam victim would be a honeypot most of the time and whoever shows up would be arrested & jailed (and likely rat out the rest of his crew).
From my understanding, the scammers themselves are typically a half/whole continent away, in a jurisdiction that doesn't care too much and is easily bought by money. Meanwhile the people picking up cash are sometimes not even connected to the scam, they can be Uber drivers who were requested to pick up a package, as was the case when a man in Ohio tragically shot someone sent by scammers [0]. Unfortunately the Internet has made it really easy to do things like this without stepping foot in the country
At least in the UK many (most?) scams operate via a robocall claiming you owe taxes/a bill/etc and you need to bank transfer the money to a local UK account of a money mule.
The money mules are either knowingly doing it or recruited on social media/etc thinking it’s a job and they’re running payroll by receiving and forwarding money.
Law enforcement should be proactively attacking this supply chain by posing as willing money mules - not only they’d potentially be able to unravel the whole network but at the very least act as an effective DDoS on the practice and making that method unprofitable for the scammers.
I sat in a taxi once when he received a call purporting to be from HMRC about his taxes. I think I managed to intervene forcefully enough to make him understand that no, HRMC would not ask him to call back via Vyber or whatever, and no they'd never ask him to send money without actually sending a letter.
But this only after he had called them back while I was listening in - that was when I interrupted.
A big problem is so many people have situations ongoing with HMRC (as did that taxi driver) that it seems plausible to them, because it's all confusing anyway, so make the call a bit scary and people seem to shut off all critical senses.
I stressed to him that if he got any calls like that again and was unsure, to always hang up and call the numbers on the HMRC website, and hopefully he got the point...
> because the scam victim would be a honeypot most of the time
The pool of potential victims is the entire population with a bank account, meaning at least the majority of adults.
The percentage that would fall of it and agree is certainly not 100%, but it is definitely higher than I personally expected years ago.
That still results in a ton of possible victims.
Give such a large pool, how can a police honeypot be the scam victim “most of the time”?
Scammers need to reach the victim somehow. How they do this currently is either robocalls (call every single potential number in a loop), social media or advertising.
If every disconnected number leads to a police-run honeypot that would play along (easy with the carriers' cooperation), police running bait social media accounts to get scammers to approach them, and proactively crawling scam-prone keywords for any scam ads to follow up on, the scammers will likely all get arrested before they'd even reach a single real victim.
Most importantly, the mere fact this is happening would have a deterrent effect and effectively put a stop to such scam operations because even ignoring the risk of arrest, it's simply not profitable if the majority of your scam attempts go to law enforcement who simply wastes your time.
What I find surprising about those scams are that people believe that a bank that for two decades have tried to avoid providing ANY in person service or show the slightest interest in you, would suddenly provide that level of service and support.
Try buying property for the first time. After having successfully wire transferred the 3% deposit to the escrow company, we tried to transfer the remaining amount of the down payment, and the bank just refused. They wouldn’t tell us in detail why but it seemed that a third party analysis service had flagged it as risky. We had to first wire transfer to another bank account with our lender (a different bank from where we had our cash to close), and that bank finally allowed the transfer to the escrow company.
It felt really scary when we first were denied the ability to transfer our own money. Each wire transfer takes days, not minutes, and there were moments where it seemed like the money didn’t exist at the sending or receiving bank, so it made closing in 21 days a lot harder and more stressful than we expected.
I only realized after leaving the US how insanely slow transfers are there. In Hong Kong, transfers are basically instant. In Japan they often finish within 10 minutes. HSBC HK's daily transfer limit (not FPS) for me is about 3m HKD ~ 385k USD.
I've transferred 30k within seconds to IBKR before.
Your typical ACH transfer takes 3 days, but it seems like some banks have set up some kind of agreement or system by which transfers are pretty instant. Between the bank where I have my personal checking and the bank where my sister and I share an account, transfer is instant. There's a newish means of logging into one bank through another, and once you establish that relationship it enables this kind of transfer.
> I've transferred 30k within seconds to IBKR before.
30 K EUR using instant SEPA tx?
Transferring EUR to IBKR takes about one to two days for me so YMMV.
As for the daily limit, it really depends on the bank and how much you have there: at one bank of mine I can tx up to 125 K EUR from the banking's website myself. At another bank I'm stuck at 5 K EUR max (!) and the option to raise that limit to 25 K EUR ain't working for me.
Some of those limits are insidious because they risk causing people to trigger fraud checks for structuring/smurfing (doing multiple transfers below the reporting limits to avoid them), so by setting low limits they risk causing innocent users to inadvertently engage in behaviours that'll cause problems.
The root cause of the issue here is that enforcement against scams no longer exists, so banks have no choice but to take matters into their own hands to try and prevent their customers from falling victim to one.
In a functioning society scams wouldn't be as prevalent because law enforcement would take prompt and proactive action (which also acts as a deterrent and reduces the number of scams further) and thus banks wouldn't need to do this because getting scammed would be such a rare occurrence.
Of course banks would not want to go kafka, but members of parliaments decided so and regulators forces banks in the turn. So point the finger at the regulators.
It's not just scams. There could be many reasons why a bank would freeze "your" money. There have been many cases, some recent, and some recently in developed/first world countries without due process, of governments telling banks to freeze someone's money because you did something the government didn't like.
If you give your money away, then it's not really your money. If the other person doesn't given it back, are you going to force them to? Are you going to tell the regional controller of force to them them to do so? What if it's that entity that doesn't like you?
The bank should offer some sort of e-learning training which a customer can click through that shows all the relevant sorts of scams and why their money is being held up. If the customer confirms that they believe they are not a victim of any of these scams (etc.); and they confirm their identity (etc.); then the money should go through.
The bank cannot decide on your behalf what you do with your money.
The customer should confirm "I know this is a scam, release my money anyway, I take full responsibility". It's necessary to release the bank from any liability in this sort of situation. From the article it sounds like a scam.
As I understand it, UK banks (where this article is written) will soon be required[1] to reimburse victims of Authorised Push Payment fraud (some banks are signed up for a voluntary code at the moment) outside of "gross negligence" by the customer, so they can't just allow customers to waive liability. Making transfers now involves multi step questionnaires with big scary warnings about scams at every stage.
> Making transfers now involves multi step questionnaires with big scary warnings about scams at every stage.
I keep screenshots of banking websites warning about scams and phishing attempts as well as screenshots of articles in online newspapers about phishing attacks being on the rise. It's pure insanity.
Here are more links and now downvoted discussion comment about this. There is indirect cost of protecting vulnerable and large part of the society needs to be ar this cost, if they want it or not:
I've read loads of stories where people will click through all these protections , tick the box saying they know it's not a scam and lose all their money. Then they go crying to the media complaining that the bank didn't refund them.
You can't solve human stupidity. There is always people who will trust others. And sometimes I wonder are those even actual scams. If you just lie honestly enough and then other party out of their full free will send money over. As it was such a nice person...
My bank just introduced this. To transfer money you must now select a reason why and this is used to show a description of related scams and how to avoid them, e.g. how to spot fake invoices and investment scams. I'm happy they did since it will save some people, most likely elderly people, from being scammed.
> The bank should offer some sort of e-learning training
People are stupid. Like, really stupid. The people who would get scammed even more so. This would not help, as these people would simply not listen or understand, no matter how patiently or simply you tried to explain to them.
> The bank cannot decide on your behalf what you do with your money.
Turns out they can (or rather, the government can decide on your behalf). What you're describing is libertarianism, which is not that popular generally speaking.
The only way to solve this that I can see is if the bank could confirm:
1) that the account being payed into belongs to the friend (so they can ask the name from the customer, and say 'that is [not] the name on the account')
2) confirm the tax liability (eg the Austrian gov provided a limited time hash-based URL where the bank could check a limited amount of the friends records; somewhat like sharing driving license details with car rental companies)
To me, this would not be intrusive, assuming that there was a ledger (blockchain) in which the accesses were recorded and the bank was under a massive penalty (compensation to customer and penalty charge paid to the state) for any unnecessary accesses.
> 2) confirm the tax liability (eg the Austrian gov provided a limited time hash-based URL where the bank could check a limited amount of the friends records; somewhat like sharing driving license details with car rental companies)
Why should this be required? If I want to send money to my friend because I like them and want to give them money, then the bank should have no role beyond verifying that I am sending it to the person I intended. I shouldn't only be able to send money to address an immediately provable tax liability.
Sounded okayish until the part where they froze his account after he decided to close it out of frustration. Imagine saying you don’t want to deal with them only to find a pacifier in your mouth. Kafkaesque indeed.
I read that as him trying to move his money to another bank that would allow him to make the transfer. His current bank suspected this and wouldn't let him even close his account. So they confiscated his money to prevent someone else supposedly stealing his money - pretty Kafkaesque I think
I see no difference between what John actually said, and what John would say if he was a victim of a scam. Scammers do convince their victims that they are friends, in far away places. Sometimes they spend months building up this false friendship before asking for money. A giveaway is that you've never actually met the person. A simple "I've known him since childhood" or "I've met him in real life" would have cleared that up.
You're moving the goalposts. You said you saw no difference between what he said and what victim of a scammer would. You've inferred from the article what you imagine he said. The article has the 20 years bit, and yes, we have no evidence he told the bank, but neither do we have evidence he didn't, and your only basis for assuming one and not the other is your own biases.
It's fair to question whether he gave them that info, but not for just assuming he didn't.
Swedish TV recently sent an investigative episode on these phone bank scams.
"Swedish" people in Spain send out mass SMS to people with a fake purchase order and phone number. Call the number you get to the scammers that say "Looks like your account got hacked if you did not order this, we will transfer you to your bank"
The "transfer" is to another scammer who gets the person to transfer money from their account (who they think is hacked) to a "safe account" (the scammers account)
So the scams are getting more and more sophisticated.
So I DO understand the bank thinking this is a scam. That is a large sum of money. Usually requires an invoice.
- "“Conversations with their fraud team by phone and text over a period of several hours became progressively more Kafkaesque, including the bizarre suggestion that Zoom conversations with my friend could have been generated by scammers using AI,” he says."
For him to call that suggestion "bizarre" indicates how badly out-of-touch and vulnerable he is to standard 2020's fraud techniques.
But banks should never be allowed to demand private communications; it's a gross indignity and a violation of the very fundamental right of private correspondence. The professor is not wrong to compare to that East German society.
- "but still demanded to see my Austrian’s friend’s tax bill, and past examples of our correspondence."
> Warn him of the possible fraud, let him sign some form of agreement
Unfortunately, banks that used to take this approach have been stung by people who listened to the warning, signed the agreement, got defrauded, sued the bank /and won/.
> For him to call that suggestion "bizarre" indicates how badly out-of-touch and vulnerable he is to standard 2020's fraud techniques.
I think we're missing a lot of context to say that here. It really depends on whether it was a quick one-off contact about just this issue, or their weekly one hour call. He may be well aware of the tech and know why it doesn't apply in this case.
I felt like the [mock?] indignation that it might be possible to clone a persons voice - at telephone compression levels - showed that the person did not have sufficient grasp of the situation to know if they were being scammed. The article says "Having had several telephone calls to establish it was actually her asking for help" and then later that it was "Zoom" sugguesting that it was Zoom audio-only calls.
What would be the harm in having the Austrian government confirm the debt here, supposedly the friend, the customer, and the bank all know about it already. Or indeed what would be the harm in sharing the communications -- why would you not want to.
Being set against it would suggest something like the messages saying "don't share these messages" which would be a massive fraud flag.
We don't learn if the "Edinburgh academic" was ripped off or not.
Aside, anyone have an insight into how do you suddenly get a "tax bill" from the Austrian government for 15k Euro?
> how do you suddenly get a "tax bill" from the Austrian government for 15k Euro?
You may be mixing unrelated facts. The academic was trying to help his friend "cover a cashflow problem", no more specifics. The bank asked to see the friend's tax bill, but also correspondance with their accountant. The article does not say why the bank asked for these. They could be asking purely to confirm the friend's identity.
Nonetheless, you could get an out-of-nowhere €15k tax bill from Austria, if a family member died and bequeathed you a house worth €700k, as the Grunderwerbsteuergesetz will make you immediately liable for €15,000 (first €250,000 @ 0.5% = €1,250, next €150,000 @ 2% = €3,000, final €307,143 @ 3.5% = €10,750). You'd probably want to keep such a house rather than sell it immediately to meet the comparatively small tax demand, so if a friend can solve your cashflow problem, it's much better all round. https://www.lexology.com/library/detail.aspx?g=6edcfe00-26cb...
Personally, if my friend was having a hard time and I were to gift them money, and the bank demanded proof of my friend's hardship, not just remind me to double-check I'm not being scammed, and validate that I had the correct destination bank account... I'd also tell them to fuck off and then change banks. They do have to report high value transfers to the government, but that's then for the taxman or police to ask me directly why I moved the money; not the bank, and not for determining if I'm being scammed or not.
> Aside, anyone have an insight into how do you suddenly get a "tax bill" from the Austrian government for 15k Euro?
Extra income from contracts and failed to set aside enough? I've had big tax bills before, it's not that unusual, and I'd get the temptation of dipping into money set aside if subsequent income has been lower than expected. But tax authorities do tend to be flexible about repayment plans most places. Maybe that's not true for Austria.
The bigger issue there for me, though, is that a scammer is not going to hesitate to fake a tax bill. Why the bank think that would prove anything suggests to me they haven't thought this through very well either.
No, nowadays many official documents come with a URL (often in the form of a QR code) linking to a digital copy of the document stored on a governmental server.
I have literally never seen this. I don't doubt it can happen, but for that to work it'd rely on the fraud team to 1) know exactly what a letter from the Austrian tax office should look like to notice if there isn't a URL if those letters do have one, 2) if the scammers were to include one, it'd require them to be certain enough about the URL that pointing it to a suitable fake one would be insufficient.
I'm not convinced the fraud team wouldn't be easily fooled, in other words.
Not that I'd want to try; but for someone already breaking the law there's little reason not to.
You're trying to tell me you genuinely believe they'd find and hire a consultant in Austria to assess the authenticity of a document? Where would they seek out someone for this hypothetical task there's no way they'd actually bother with?
The thing is, if this involved voice cloning, seeing past examples of their correspondence would do very little. Past correspondence would rule out only the scenario where he is actively lying to the bank about this being an old friend...
It seems like even if their concern might have some legitimate basis to it, they don't think through the scenarios very well.
Nope, they can charge an excess, and there is a cap.
> any payments consumers claim are scam
Nope, only actual scams. The consumers have to provide all suitable details and help the bank report the scam to the police if appropriate. They can't just say "I was scammed", provide no other details, and expect a refund.
> Banks will be required to refund most victims of bank transfer scams – known as "authorised push payment (APP)" fraud – from 7 October 2024, under new rules confirmed today (Tuesday 19 December). But you'll still need to be cautious when making a payment, as banks will be able to refuse refunds where you haven't been "sufficiently careful" – and they can charge an excess on claims.
> You WON'T be eligible for a refund if your bank decides you were "grossly negligent". According to the regulator, this is a "very high bar" and involves acting with a "significant degree of carelessness". So you'll still need to take care when making payments.
> Vulnerable customers will get extra protections. This is defined as "someone who, due to their personal circumstances, is especially susceptible to harm – particularly when a firm is not acting with appropriate levels of care". Banks will have to assess this on a case-by-case basis, taking into account all the facts around any claim.
> The consequence is that the cost of stupid, scammed, customers is passed to all customers, including those that do not send money to scammers.
What you conveniently left out in that cost calculation are the thousands of elderly and mentally ill people falling victims of such scammers. And who are these "stupid" people you mention anyway? Everybody knows social engineering is getting harder and harder to identify, considering how technology advances (spoofing SMS/caller ID, deepfakes, AI etc)
The fraud can be tackle other ways than making banks to pay for the fraud. There are tons of ways like extra confirmations of the payment, thresholds on daily payments, payment delays or just having a setting in your bank account that you are allowed to make "high risk" payments.
But if you want to make the society to pay for vulnerable people, victims and friendly fraud, if we want to protect the eldery and others, these people can take an insurance against scams if they feel they are a vulnerable group. This is not a health issue, this is not a physical threat. This is not an epidemic. There is a cost of giving free insurance to these people, and a lot of them won't be eldery but the abusers fo the system. This was discussed in the article of Financial Times, and based on the news link, there is also a massive indirect cost for people by creating the unbalanced system of fraud reimbursement.
1 out of 8 UK people commit fraud, so banks can now prepare feel the cost of this new form of friendly fraud:
Yeah, I realise now that I read your reply my message was just questioning the broad blame on so called "stupid people", without discussing the responsibility part of it. I absolutely agree the banks should implement more preventive measures to combat fraud where possible. In many cases, fraud is obvious from the bank's perspective but might not be from the victim's, for many reasons.
I would say it's an insurance scheme. It should be billed separately as such and people should be allowed to opt out as we let them for option trading.
The only issue was they were asking me to prove I was someone else (they sent an email to me, but referencing someone else’s name in the email).
They then locked me out because I didn’t respond fast enough and took that as suspicious activity.
When I tried to explain I couldn’t prove I was someone I was not, they tried to skirt the fact they had messed up.
Point being - banks need to protect our money, but banks make lots of silly mistakes that can ultimately harm the people they are trying to protect