Six major banks ‘leaving customers vulnerable to fraud’, finds Which?

Which? has said that some banks – including HSBC, Lloyds, Santander, TSB, Nationwide, and Virgin media – are leaving customers at risk of falling prey to fraudsters by failing to implement sufficient anti-fraud protections.

The consumer champion’s investigation centred on spoofing, a form of infiltration where fraudsters impersonate companies such as banks to make customers unwittingly hand over account details and other sensitive information.

Watchdog Ofcom estimates that 40.8 million UK adults have received a suspicious call or text in the last three months.

In its investigation, Which? made calls to a test phone, spoofing the numbers of 14 current account providers.

Which? found that at least one phone number from the six banks was successfully spoofed.

To make it harder for fraudsters to impersonate them, Which? advised companies to sign up to regulator Ofcom’s ‘Do Not Originate’ (DNO) list, a shared resource with telecoms providers to help them identify and block calls from numbers that are most likely to be spoofed.

The DNO list maintains a record of phone numbers genuine firms or agencies use to receive calls but never make them.

Commenting on the findings, Rocio Concha, Which? director of policy and advocacy, said: “Number spoofing is a particularly malicious form of fraud used by scammers to deceive their victims – and our research shows some banks could potentially be leaving their customers at risk.”

She added: “Spoofing is all too common in APP fraud, where victims continue to lose potentially life-changing amounts of money and still face a battle to get their money back.”

Responding to the investigation, the banks which had numbers spoofed thanked Which? for bringing them to their attention.

A spokesperson for Santander said it aimed to include all inbound-only customer service phone numbers on the ‘Do Not Originate’ (DNO) list, adding that while it provides some protection against spoofing, it is not 100 per cent comprehensive.

Lloyd's advised telecoms firms to address technical gaps in their systems as "banks can’t solve the problem of number spoofing alone", while HSBC, TSB, Virgin Media, and Nationwide said they are participants of the DNO scheme.

    Share Story:

Recent Stories


The human firewall: Activating employees to safeguard financial data
As financial services increasingly embrace SaaS and cloud-based technologies, they face emerging threats to safeguard sensitive customer data. While comprehensive IT security measures are essential, the active involvement of employees across organisations is pivotal in ensuring the protection of sensitive data.

Building a secure financial future for instant payments: The convergence of ISO 20022 and fraud detection
The financial landscape is rapidly evolving its approach to real-time transactions under the ISO 20022 standard, and financial institutions must take note. With examples such as the accelerated adoption of SEPA Instant Credit Transfers in Europe and proposed New Payment Architecture (NPA) programme in the UK, the need for swift and effective fraud detection is more crucial than ever.

Data Streaming and Consumer Duty: Transforming customer experience in banking
Introduced at the end of July, the Consumer Duty is a game-changing new set of rules and guidance for financial services institutions in the UK, and companies must look to modernise their systems in adherence with it in mind to create the best customer experience possible.

From insight to action: Empowering financial institutions through advanced technology and collaborative information sharing
The use of Information sharing in enhancing financial crime prevention has been universally agreed as being beneficial. However no-one has been able to agree on how information can be shared safely without breaching data protection laws or having the right systems to facilitate this, Information sharing has re-emerged as a major consideration for financial institutions (FIs) ahead of the Economic Crime and Corporate Transparency Bill being made into law in the UK.