Tweet
My mobile device was stolen one Saturday, in June 2022.
Following theft of the device, I was subject to fraud whereby the perpetrator obtained a £10,000 loan in my name from a pay day lender (L), using sensitive personal information contained within my emails. The loan application satisfied an affordability check, with authentication and confirmation provided to the lender by way of email and text message (no verbal conversations). The borrowing was then released and deposited to Bank (X) at 03.39am on a Sunday morning. The perpetrator attempted to gain access to Bank (X) through the mobile banking application. Over ten attempts were made through the course of the early hours, with all attempts failing. There was an attempt to password reset the mobile banking access around 05.00am. Still, all attempts failed to gain access to Bank (X) where the borrowing was deposited.
Unfortunately, the fraudster was able to gain access to another second account, Bank (Y), with another banking institution, due to the password being closely related to information I had contained within my emails. Bank (Y) was used as a 'top-up/weekend spend account' that held Bank (X) as a payor within the application.
Once Bank (Y) was compromised, the fraudster 'pulled' funds from Bank (X) and topped up the account. In total within Bank (X), there were 13 transactions that failed to debit, with 7 successful, debiting Bank (X) and crediting Bank (Y). Once funds credited Bank (Y), the fraudster used the proceeds to acquire high value computer items with retailer (Z). The goods were collected for same day collection, from a store some 30 miles from my home. (I was not aware of the collection/location/goods purchased items until 4+ months after the incident), I will touch on this later.
As I understand, it is likely Bank (X) had a daily spend limit and once that was reached, no further transactions could take place. On this assumption, at the point of transactional activity taking place, the fraudster was able to obtain and transfer just less than half of the loan proceeds, with the other half transferred to a savings account in my partners name at the point of realisation we had been victims of fraud (which was the evening following the theft after checking our joint account, Bank (X)). The residual, unspent proportion of the fraudulent loan was returned to the lender in November 2022.
Initially, I raised complaints directly with Bank (X) and (Y) and Lender (L), with both banks not reimbursing the disputed transactions as could not see I had been subject to fraud, furthermore, the transactions/transfers were deemed authorised. After month's of limited information being provided by Lender (L), they concluded "After further checks with the banks and a review of the account, we have concluded you will remain liable for the loan." I then tried to request reimbursement through the Chargeback scheme with Bank (Y). Bank (Y) responded to the claims within 1 hour and 1 minute, declining each of the three requests, again, stating they were authorised.
Unhappy with Bank (Y)'s decision, I referred my complaint to the Financial Ombudsman Service (FOS) against Bank (Y), for not reimbursing the transactions under the Chargeback. At this stage, my understanding was that the complaint should be directed at Bank (Y) where the transactions debited to retailer (Z). It was during the investigation by the first case handler at the FOS who advised me of the nature of the goods purchased and the location of collection from retailer (Z). This was solely the extent of information I was provided, I requested a copy of the collection report from the FOS, but this was declined to be shared by retailer (Z) and the FOS due to 'receiving the information in confidence'. My opinion on this is that it contains omissions and failures on retailer (Z)'s part, for failure to carry out proper I.D checks prior to releasing goods. Either this, or that it contains details of the persons who acquired the goods under false pretences and they have not consented to the share of their data. I am still continuing to obtain the collection report, both from retailer (Z) under a Subject Access Request and the FOS, under the Freedom of Information Act. If the FOS continues to withhold the data, I have asked for them to confirm what exemptions have been applied in doing so. A long story short, the FOS case handler concluded that they could not see how I was subject to fraud and did not uphold my complaint against Bank (Y) in reimbursing the transactions. I rejected this decision and asked for an ombudsman to review the information and they also concluded the same outcome. On their advice, I submitted complaints against Bank (X) where the proceeds deposited and lender (L) where the loan was provided from.
A second case handler and different member of staff at the FOS was appointed to look into and investigate both of these complaints. Another long story short, the second case handler has concluded that they cannot see how I did not take part in the loan application or transactions taking place in Bank (X). Despite the plethora of information I have provided, they have looked at the regulations and determined what is 'fair and reasonable' and have concluded that Bank (X) and Lender (L) both acted fairly and reasonably. I have questioned and questioned how it was fair and reasonable for Bank (X) not to have intervened to place the account on inquiry despite the 20 lines of transactional activity within the account at times that would be considered outside of normal patterns of activity, furthermore questioned why the £10,000 hitting the account on a Sunday at 03.39am did not raise a red flag internally to place the account on hold/block it, or question the credit. I have questioned why the lender took the application on a face value bona fide basis despite the time it was being applied for. I have raised points that if the lender had 100,000 applications all being applied for during a Monday-Friday 9-5 and mine was the only one on a Sunday would this not need to be treated with greater caution? The answer was still "no, a loan can be applied for at any time of the day."
I have rejected the case handlers decision. I have hit a brick wall, once that I hit nearly a year ago. I don't know where to turn and running out of options. I have studied the payment service regulations but cannot find something to use which can be put forward to say Bank (X) failed to protect me from financial harm or Lender (L) failed to carry out proper due diligence. To give some background on my own personal ethics and governance, I am university educated, a qualified finance professional and have worked in finance for over 10 years. It is likely I may lose my home in the not-too-distant future due to the effect this has had on myself and family.
At this point, it is worth noting that the case handler at the FOS commented that they cannot take into account any activity with retailer Z in drawing their conclusions. Whilst I deem the report to be the 'smoking gun' in this mess and one that may highlight and add weight to my case that I played no part in the fraud, they cannot take it into consideration against my complaints towards Bank (X) and Lender (L). That being said, I still want to obtain the report in the unfortunate event I need to go to small claims court, which I am not sure where to even start on that. The next steps on this is that I have rejected the case handlers conclusion and it will now move to an ombudsman to review. I have requested a hearing with the FOS to highlight further points, this is where I need some help.
The questions I have are:
- What points can I put forward in a hearing that is going to make the FOS understand I am the victim in this? Is there anything I can raise with regards to the underlying data in Bank (X) or Lender (L).
- Whilst my complaint is under investigation by the FOS, what are my obligations with regards to repayment of the loan?
- Is it correct for interest to be applied to the loan whilst still under review with the FOS?
- Can a loan truly be applied for at any time of the day or is there something within the FCA rules that provides guidelines for further checking at an unreasonable hour of loan application?
- Should Bank (X) flagged the £10,000 credit for further review?
- Can I prove liability on Argos, if so how and where do I go?
I appreciate the above is by no means a short summary, but it is extensively shorter than the detail I have put together over the last year.
I would be sincerely grateful for any advice and guidance on what to do next.
Regards,
Fraud Victim
Following theft of the device, I was subject to fraud whereby the perpetrator obtained a £10,000 loan in my name from a pay day lender (L), using sensitive personal information contained within my emails. The loan application satisfied an affordability check, with authentication and confirmation provided to the lender by way of email and text message (no verbal conversations). The borrowing was then released and deposited to Bank (X) at 03.39am on a Sunday morning. The perpetrator attempted to gain access to Bank (X) through the mobile banking application. Over ten attempts were made through the course of the early hours, with all attempts failing. There was an attempt to password reset the mobile banking access around 05.00am. Still, all attempts failed to gain access to Bank (X) where the borrowing was deposited.
Unfortunately, the fraudster was able to gain access to another second account, Bank (Y), with another banking institution, due to the password being closely related to information I had contained within my emails. Bank (Y) was used as a 'top-up/weekend spend account' that held Bank (X) as a payor within the application.
Once Bank (Y) was compromised, the fraudster 'pulled' funds from Bank (X) and topped up the account. In total within Bank (X), there were 13 transactions that failed to debit, with 7 successful, debiting Bank (X) and crediting Bank (Y). Once funds credited Bank (Y), the fraudster used the proceeds to acquire high value computer items with retailer (Z). The goods were collected for same day collection, from a store some 30 miles from my home. (I was not aware of the collection/location/goods purchased items until 4+ months after the incident), I will touch on this later.
As I understand, it is likely Bank (X) had a daily spend limit and once that was reached, no further transactions could take place. On this assumption, at the point of transactional activity taking place, the fraudster was able to obtain and transfer just less than half of the loan proceeds, with the other half transferred to a savings account in my partners name at the point of realisation we had been victims of fraud (which was the evening following the theft after checking our joint account, Bank (X)). The residual, unspent proportion of the fraudulent loan was returned to the lender in November 2022.
Initially, I raised complaints directly with Bank (X) and (Y) and Lender (L), with both banks not reimbursing the disputed transactions as could not see I had been subject to fraud, furthermore, the transactions/transfers were deemed authorised. After month's of limited information being provided by Lender (L), they concluded "After further checks with the banks and a review of the account, we have concluded you will remain liable for the loan." I then tried to request reimbursement through the Chargeback scheme with Bank (Y). Bank (Y) responded to the claims within 1 hour and 1 minute, declining each of the three requests, again, stating they were authorised.
Unhappy with Bank (Y)'s decision, I referred my complaint to the Financial Ombudsman Service (FOS) against Bank (Y), for not reimbursing the transactions under the Chargeback. At this stage, my understanding was that the complaint should be directed at Bank (Y) where the transactions debited to retailer (Z). It was during the investigation by the first case handler at the FOS who advised me of the nature of the goods purchased and the location of collection from retailer (Z). This was solely the extent of information I was provided, I requested a copy of the collection report from the FOS, but this was declined to be shared by retailer (Z) and the FOS due to 'receiving the information in confidence'. My opinion on this is that it contains omissions and failures on retailer (Z)'s part, for failure to carry out proper I.D checks prior to releasing goods. Either this, or that it contains details of the persons who acquired the goods under false pretences and they have not consented to the share of their data. I am still continuing to obtain the collection report, both from retailer (Z) under a Subject Access Request and the FOS, under the Freedom of Information Act. If the FOS continues to withhold the data, I have asked for them to confirm what exemptions have been applied in doing so. A long story short, the FOS case handler concluded that they could not see how I was subject to fraud and did not uphold my complaint against Bank (Y) in reimbursing the transactions. I rejected this decision and asked for an ombudsman to review the information and they also concluded the same outcome. On their advice, I submitted complaints against Bank (X) where the proceeds deposited and lender (L) where the loan was provided from.
A second case handler and different member of staff at the FOS was appointed to look into and investigate both of these complaints. Another long story short, the second case handler has concluded that they cannot see how I did not take part in the loan application or transactions taking place in Bank (X). Despite the plethora of information I have provided, they have looked at the regulations and determined what is 'fair and reasonable' and have concluded that Bank (X) and Lender (L) both acted fairly and reasonably. I have questioned and questioned how it was fair and reasonable for Bank (X) not to have intervened to place the account on inquiry despite the 20 lines of transactional activity within the account at times that would be considered outside of normal patterns of activity, furthermore questioned why the £10,000 hitting the account on a Sunday at 03.39am did not raise a red flag internally to place the account on hold/block it, or question the credit. I have questioned why the lender took the application on a face value bona fide basis despite the time it was being applied for. I have raised points that if the lender had 100,000 applications all being applied for during a Monday-Friday 9-5 and mine was the only one on a Sunday would this not need to be treated with greater caution? The answer was still "no, a loan can be applied for at any time of the day."
I have rejected the case handlers decision. I have hit a brick wall, once that I hit nearly a year ago. I don't know where to turn and running out of options. I have studied the payment service regulations but cannot find something to use which can be put forward to say Bank (X) failed to protect me from financial harm or Lender (L) failed to carry out proper due diligence. To give some background on my own personal ethics and governance, I am university educated, a qualified finance professional and have worked in finance for over 10 years. It is likely I may lose my home in the not-too-distant future due to the effect this has had on myself and family.
At this point, it is worth noting that the case handler at the FOS commented that they cannot take into account any activity with retailer Z in drawing their conclusions. Whilst I deem the report to be the 'smoking gun' in this mess and one that may highlight and add weight to my case that I played no part in the fraud, they cannot take it into consideration against my complaints towards Bank (X) and Lender (L). That being said, I still want to obtain the report in the unfortunate event I need to go to small claims court, which I am not sure where to even start on that. The next steps on this is that I have rejected the case handlers conclusion and it will now move to an ombudsman to review. I have requested a hearing with the FOS to highlight further points, this is where I need some help.
The questions I have are:
- What points can I put forward in a hearing that is going to make the FOS understand I am the victim in this? Is there anything I can raise with regards to the underlying data in Bank (X) or Lender (L).
- Whilst my complaint is under investigation by the FOS, what are my obligations with regards to repayment of the loan?
- Is it correct for interest to be applied to the loan whilst still under review with the FOS?
- Can a loan truly be applied for at any time of the day or is there something within the FCA rules that provides guidelines for further checking at an unreasonable hour of loan application?
- Should Bank (X) flagged the £10,000 credit for further review?
- Can I prove liability on Argos, if so how and where do I go?
I appreciate the above is by no means a short summary, but it is extensively shorter than the detail I have put together over the last year.
I would be sincerely grateful for any advice and guidance on what to do next.
Regards,
Fraud Victim
Comment