Six major banks ‘leaving customers vulnerable to fraud’, finds Which?

Which? has said that some banks – including HSBC, Lloyds, Santander, TSB, Nationwide, and Virgin media – are leaving customers at risk of falling prey to fraudsters by failing to implement sufficient anti-fraud protections.

The consumer champion’s investigation centred on spoofing, a form of infiltration where fraudsters impersonate companies such as banks to make customers unwittingly hand over account details and other sensitive information.

Watchdog Ofcom estimates that 40.8 million UK adults have received a suspicious call or text in the last three months.

In its investigation, Which? made calls to a test phone, spoofing the numbers of 14 current account providers.

Which? found that at least one phone number from the six banks was successfully spoofed.

To make it harder for fraudsters to impersonate them, Which? advised companies to sign up to regulator Ofcom’s ‘Do Not Originate’ (DNO) list, a shared resource with telecoms providers to help them identify and block calls from numbers that are most likely to be spoofed.

The DNO list maintains a record of phone numbers genuine firms or agencies use to receive calls but never make them.

Commenting on the findings, Rocio Concha, Which? director of policy and advocacy, said: “Number spoofing is a particularly malicious form of fraud used by scammers to deceive their victims – and our research shows some banks could potentially be leaving their customers at risk.”

She added: “Spoofing is all too common in APP fraud, where victims continue to lose potentially life-changing amounts of money and still face a battle to get their money back.”

Responding to the investigation, the banks which had numbers spoofed thanked Which? for bringing them to their attention.

A spokesperson for Santander said it aimed to include all inbound-only customer service phone numbers on the ‘Do Not Originate’ (DNO) list, adding that while it provides some protection against spoofing, it is not 100 per cent comprehensive.

Lloyd's advised telecoms firms to address technical gaps in their systems as "banks can’t solve the problem of number spoofing alone", while HSBC, TSB, Virgin Media, and Nationwide said they are participants of the DNO scheme.

    Share Story:

Recent Stories


Safeguarding economies: DNFBPs' role in AML and CTF compliance explained
Join FStech editor Jonathan Easton, NICE Actimize's Adam McLaughlin and Graham Mackenzie of the Law Society of Scotland as they look at the role Designated Non-Financial Businesses and Professions (DNFBPs) play in the financial sector, and the challenges they face in complying with anti-money laundering and counter-terrorist financing regulations.

Ransomware and beyond: Enhancing cyber threat awareness in the financial sector
Join FStech editor Jonathan Easton and Proofpoint cybersecurity strategist Matt Cooke as they discuss the findings of the State of the Phish 2023 report, diving into key topics such as awareness of cyber threats, the sophisticated techniques being used by criminals to target the financial sector, and how financial institutions can take a proactive approach to educating both their employees and their customers.

Click here to read the 2023 State of the Phish report from Proofpoint.

Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.

Future of Planning, Budgeting, Forecasting, and Reporting
Sage Intacct is excited to present FSN The Modern Finance Forum’s “Future of Planning, Budgeting, Forecasting, and Reporting Global Survey 2022” results. With participation from 450 companies around the globe, the survey results highlight how organisations are developing their core financial processes by 2030.