In February 2023 my husband, two days before major heart surgery, fell victim to telephone scammers who convinced him they were the NatWest fraud team and stole more than £130,000 from our personal and business accounts with NatWest, PayPal and Starling bank.
At the time, we were in the middle of a coronial process for our beloved daughter, who had been murdered while working overseas. My husband went into the operating theatre believing us to be financially ruined, and became deeply depressed.
NatWest and PayPal refunded us, but Starling has refused to return the £10,000 the scammers took. By the time I realised that I could approach the Financial Ombudsman Service on his behalf, we had exceeded the six-month time limit.
GM, Weymouth, Dorset
It’s impossible to comprehend what your family has suffered. Your 29-year-old daughter was an aid worker in Africa when she was killed. The inquest was delayed several times by an inept local police investigation and Covid, then the coroner was removed due to misconduct before it finally took place last November.
At the time of the scam, therefore, you were in the midst of this agonising legal process, not to mention the stress of the impending surgery.
Starling Bank, along with most other banks, has signed up to the Contingent Reimbursement Model (CRM), a voluntary scheme that refunds victims of authorised push payment fraud unless they have been grossly negligent. The rules are unequivocal: vulnerable victims must always be refunded.
The Financial Conduct Authority defines a “vulnerable customer” as someone who, because of their circumstances, is especially susceptible to harm. In my opinion, the death of your daughter, and your husband’s ill health, made him vulnerable.
Even if he were not, the onus is on the bank to prove that victims were grossly negligent and, according to the Payment Systems Regulator (PSR) that oversees the CRM, only a small minority of cases will qualify for this exception.
The scam was sophisticated, involving two articulate callers purporting to be from NatWest and Starling. They knew the last four digits of your husband’s credit card, presumably from an earlier phishing text or email, and had collected names of some of your business clients from your company website.
They were therefore able to convince him they were bank officials familiar with his account. They even asked him to report the issue to Action Fraud while they held the line, before asking him to transfer his money to a new account in his name. Only when the payments were confirmed did he discover the account belonged to a stranger.
Starling relied on the fact its automated pop-ups asked him to consider whether he was being scammed. The CRM requires banks to provide effective warnings but automated warnings have been deemed ineffective by the Financial Ombudsman Service as customers have been groomed to trust the scammer, and banks are not supposed to refuse a refund on the sole basis these messages were ignored.
I put these points to Starling. It tells me that, until I got in touch, it had been unaware of your daughter’s death, and that it had not considered impending heart surgery reason enough to class your husband as vulnerable. It immediately agreed to refund the £10,000 and apologised for the “distress caused”.
It says: “Starling provides customers with detailed advice on how to protect themselves from scammers. They also receive fraud warnings and guidance throughout the app when making significant payments.”
On top of your husband’s grief, he has spent a year tortured by a feeling of shame he was conned, and felt being refused a refund was his punishment. Guilt and shame are perhaps the most pernicious effect of such scams.
I’ve pointed out that about 200,000 people fall victim every year. Among those I have helped have been a retired detective and a young woman whose job was raising awareness of scams. Any one of us could be caught off guard. Any shame and guilt should lie with the criminals.
Others in his situation should complain to the ombudsman within six months, detailing the timeline and saying why they consider their bank in breach of the CRM, if it’s a signatory.
Yes, really! Insurance company is a hero
It’s cheering to report good news from an unlikely hero– an insurance company! RH of Exeter wrote to commend Aviva: “I found a very unexpected payment of nearly £200 from Aviva in my bank account. I telephoned in some trepidation, only to discover this was correct. I had apparently been paying unnecessarily for a named possession that was covered elsewhere in my policy. I am so impressed. I would not even have realised there was an error.”
Email your.problems@observer.co.uk. Include an address and phone number. Submission and publication are subject to our terms and conditions