Jean-Yves Gilg

Editor, Solicitors Journal

How to respond to online banking fraud

How to respond to online banking fraud


Sophia Purkis and Lisa Serrant advise solicitors on the steps clients should take to recover stolen money, particularly where the bank refuses to make a refund

Online banking fraud
is becoming more sophisticated, causing large losses to individuals and companies. Unsurprisingly,
the number of cases against banks involving online fraud is increasing.

In March, Sir Bernard Hogan-Howe, head of London's Metropolitan police, suggested banks should not fully refund victims of fraud who have not protected themselves. While not universally well received, his remarks are a reminder that there is no guarantee of a bank refund. So, if this is not forthcoming,
what steps can be taken to recover money?

Initial response

It is vital to act quickly. Money may disappear at a frightening speed, not only from the client's account but also from recipient accounts.

The duty to notify the bank immediately is long established and probably also required under the relevant account terms and conditions. Following notification, the bank should commence its recovery processes and comply with its reporting requirements. It is important to liaise with the bank and police to make sure that there is a co-ordinated approach and to minimise a client's costs.

If the bank does not take the requisite steps, clients should consider their options, such as seeking freezing or disclosure orders against the transmitting and/or receiving banks. Again speed is of the essence.

Banks' obligations

Lost sums are likely to be unauthorised payments, possibly in breach of mandate, and should be refunded by the bank with any charges and compensation for lost interest.

While the banks may have regulatory obligations to follow, for example under the 'Banking: Conduct of Business Sourcebook' (BCOBS) and the Payment Services Regulations 2009, they may be able to rely on usual banking practice to escape liability, as in Tidal Energy Ltd v Bank of Scotland plc [2014] EWCA Civ 1107 (which has an outstanding appeal).

The bank may also rely on exclusion clauses in its terms and conditions and refuse a refund if the customer acted with gross negligence.

Complaints procedure

If the bank does not provide
a refund, the terms and conditions may require the customer to make a complaint to the bank. The response could be useful to indicate the bank's potential defences to a claim.

After the bank's complaints procedure, complaints to the Financial Ombudsman Service (FOS) can be brought - if the matter falls within its jurisdiction - by individuals acting outside their trade, business, or profession and by 'micro-enterprises' (which are defined as having fewer than ten employees and a turnover or balance sheet of under €2m).

FOS complaints are usually less expensive than other remedies and there is not the same liability for opponents' costs as with legal claims. However, there is a limit on awards of £150,000.

Legal claims

First, the terms and conditions at the date of the fraud should be considered with any arrangements regarding the account, such as online banking agreements and payment mandates.

Then, consider claims against the banks for breach of contract for an account and/or a declaration that the account be re-credited as the payments were unauthorised. Also, consider consequential loss claims for any reasonably foreseeable losses.

Negligence claims for damages could be brought even if the payment was apparently authorised (e.g. a PIN was used), for example where the bank had reasonable grounds for believing the instruction to make payment was an attempt to misappropriate funds (e.g. due to the nature, timing, or destination of the payments), as found in Barclays Bank plc v Quincecare Ltd [1992] 4 All
ER 363.

If the client is a 'private person', consider arguments that the loss is suffered as a result of the bank's breach of a Financial Conduct Authority (or Prudential Regulation Authority) rule, such as those in BCOBS, then a claim for damages is available under section 138D of the Financial Services and Markets Act 2000.

Prevention is better than cure but we must be realistic: cybercrime is an ongoing reality and the number of claims arising as a result will continue to grow.

Sophia Purkis, pictured, is a partner at Fladgate and a London Solicitors Litigation Association (LSLA) committee member, and Lisa Serrant is a senior associate at Fladgate