What to do if you fall victim to a bank transfer scam

What is an 'authorised push payment' scam?

An authorised push payment (APP) scam, also known as a bank transfer scam, occurs when you send money from your bank account to one belonging to a scammer.

For example, a scammer may call you claiming to be from your bank’s fraud team and warn you that you need to move your money to a safe account. However, you'll actually be sending money to an account controlled by the fraudster.

If you think you've been scammed, don't be embarrassed. Scams are more complex and convincing than ever – people of all ages and backgrounds can unfortunately fall victim to scammers’ manipulations.

The rules governing how your bank responds to your case depend on when the loss of money took place. 

If it was before 7 October 2024, then your case will be handled under the voluntary Contingent Reimbursement Model Code (CRM Code) which most, but not all, banks were signed up to.

If it was on or after 7 October 2024, then your case will be handled under the APP fraud reimbursement requirement, which all Faster Payment providers (most UK banks, building societies, e-money firms and others) must follow.

If you’ve been the victim of a different type of fraud – for example, you paid on your credit card or via PayPal – read our scam guide.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts

Contact your payment provider immediately

As soon as you think you may have lost money in a bank transfer scam, you should notify the bank or payment provider that your account is with. 

Call your payment provider using the number found on the back of your card or on a recent statement.

Tell your payment provider what happened, and provide the account details to which you sent the payment. They may be able to either stop the transaction from going ahead or recover your money from the fraudster’s account.

Speed is of the essence for this, so it’s important to let your payment provider know as soon as you suspect you've been scammed. 

Contact the bank you sent the money to 

Your payment provider will lead on your reimbursement claim, but it can be helpful to also contact the bank you sent the money to.  

You can check which bank you sent the funds to by looking at the receiving bank's sort code – each bank has a different sort code with which it can be identified. 

APP fraud reimbursement requirement

The new APP fraud reimbursement requirement came into force on 7 October 2024 and applies to bank transfer scams that happen on or after this date. 

All types of APP fraud are covered by the new system, such as impersonation or romance scams.

The rules apply to payment service providers (PSP) that offer Faster Payments, which is most UK banks, building societies and e-money firms. The rules also apply to firms making CHAPS (Clearing House Automated Payment System) payments.

The maximum amount of money you can claim back is £85,000. Sadly, this upper claims limit will mean that victims of high-value scams with losses above this level will not be able to recover their losses under this scheme. Those who have lost more than £85,000 may be able to escalate their complaint to the Financial Ombudsman.

Payment providers may also charge an excess of £100 per claim. However, where a consumer may be considered vulnerable (which has a broad definition outlined by the Financial Conduct Authority), they should not face any excess charge. The charge may also be levied in cases where the excess may lead to additional financial stress.

Claims are also subject to a 13-month time limit after the last payment was sent to the scammer as part of the same scam, so it’s important to notify your bank or payment provider as soon as you learn of the scam.

Requirements of payment providers

The fraud reimbursement rules outline a number of requirements for your bank or payment provider. 

The rules outline that your payment provider should:

• Reimburse all in-scope customers who fall victim to APP fraud in most cases, and within five UK business days (unless they ‘stop the clock’, in which case, within 35 business days). 
• Share the cost of reimbursing victims 50:50 between sending and receiving payment firms.
• Provide additional protections for vulnerable customers.

Expectations of consumers

Under the reimbursement requirement, the 'consumer standard of caution' outlines a number of expectations that are required of consumers when making a payment. 

The consumer standard of caution states that you should:

• Take notice of any intervention given by your bank, payment provider or national authority, such as the police.
• Have not acted with gross negligence, which is considered to be ‘beyond ordinary carelessness’ according to the Financial Ombudsman. 
• Not be complicit in the fraud.
• Report the scam to your bank or payment provider as soon as you learn of it.
• Provide information to your bank or payment provider to support your claim.
• Report the scam to the police or allow your bank or payment provider to. 

Reasons why your payment provider may not reimburse you

There are instances where your bank or payment provider may decide not to reimburse you. If this happens to you, you may be able to challenge this decision to appeal it, or seek reimbursement through a different route. 

Your payment provider does not have to reimburse you if you’re found to have been complicit in the fraud or grossly negligent. Gross negligence is a high bar, and you’d need to have shown a ‘significant degree of carelessness’ when making a payment. It is the responsibility of the payment provider to prove that a customer has acted with gross negligence.

There are expectations of consumers under the APP reimbursement rules, which are outlined in the section above. If your payment provider can demonstrate that you have, through gross negligence, not met one or more of these four requirements, it is not obliged to reimburse you.

Under the fraud reimbursement rules, your payment provider may not reimburse you if one, or more, of the following exclusions apply:

• First-party fraud was committed – in cases where you are considered to have acted fraudulently, this may affect those who are considered a ‘money mule’.
• You acted with ‘gross negligence’, which the bank will have to prove and you may be able to challenge.
• The payment was before 7 October 2024, in this case the Contingent Reimbursement Model applies if your bank was signed up to this scheme.
• The last payment to the scammer was more than 13 months ago.
• It was an international payment, as the rules only apply to UK bank transfers.
• Payment was across other payment systems, for example, card payments, cryptocurrency transfers.
• Payment was to an account that the consumer controls.
• Civil disputes, which is a broad definition covering ‘non-criminal’ disputes between people, businesses or other organisations. This may be the case when there has been a breach of contract with a rogue trader. 
• Payment was sent or received by credit unions, municipal banks and national savings banks.

Getting your money back under the CRM Code

For bank transfer losses that took place before 7 October 2024, the Contingent Reimbursement Model Code for APP scams (CRM Code) may apply.

Many banks are signed up to the CRM Code. Under the code, banks have to take a number of steps to protect customers and reimburse those who aren't to blame for the scam.

You can ask your bank directly if it's signed up to the code. The CRM Code only applies to transfers between UK accounts. 

If a bank is signed up to the code, as well as reimbursing innocent APP scam victims, it must do the following:

• Educate customers about APP scams.
• Identify higher risk payments and vulnerable customers who may have a higher risk of falling victim to a scam. 
• Provide effective warnings to customers if the bank identifies an APP scam risk – these could be messages when you go to make a payment or set up a new payee.
• Talk to customers about payments and even delay or stopping payments where there are scam concerns.
• Act quickly when a scam is reported to it.
• Take steps to stop fraudsters opening bank accounts.

Your responsibilities under the CRM Code

If a bank is signed up to the code, it has a duty to analyse scam cases in line with the code's guidance to decide whether or not to reimburse APP scam victims. However, it's down to the bank to interpret the code how it sees fit.

If the bank finds that you're not to blame, you'll be fully reimbursed. If it finds that you didn't do your due diligence to avoid being scammed, it will refuse to reimburse you, and if it believes that both you and the bank could've done more to prevent the scam – you'll be reimbursed half or some of your lost funds. 

Under the code, customers are expected to do the following:

1. Pay attention to warnings given by your bank – these might be instructions or messages when you set up, change or make payments.

2. Have a reasonable basis for believing that:

• the person you paid was the person you were expecting to pay
• the payment is for genuine goods or services
• the person or business you are paying is legitimate.

3. Take care – in the aftermath of being scammed you might think you weren’t careful enough, but this shouldn’t put you off making a complaint to your bank. The test is about what you did and thought at the time of the payment, not afterwards.

Your bank should also reimburse customers who might not have been able to protect themselves from a scam using these steps or customers considered vulnerable to begin with.

It might be because you’re new to making payments online, were mentally or physically unwell, weren’t able to make decisions at the time or that the scam was very convincing.

When you report the scam to your bank, you’ll likely be asked to send in evidence of what happened, such as copies of text messages or emails. Your bank should do this sensitively.

We’ve written a template letter to help you make a formal complaint to your bank about a scam if they’re signed up to the code.

If your bank wasn't signed up to the CRM code

If the scam took place on or after 7 October 2024, then the APP fraud reimbursement requirement applies. 

If the scam took place before 7 October 2024 and your bank wasn't signed up to the CRM code, don’t lose hope as there are still options available to you.

We’ve written a template letter to help you make a formal complaint to your bank if you were a victim of a bank transfer or APP scam.

You should use this after reporting the scam when it first happened, after you have a clearer idea of what happened and what your bank’s position is.

You should also report the scam to Action Fraudwhich will give you a crime reference number.

Your options if your bank refuses to reimburse you

How to prove you didn’t authorise the bank transaction

If your bank isn’t signed up to the code, it might tell you that it can’t help you either because you authorised the payment by providing the scammer with your details or because you were ‘grossly negligent’.

The onus is on your bank to prove why they’re refusing to refund you. Your bank will need evidence to prove you:

• authorised the transaction – but your bank can’t just say because your password, card or Pin were used that you authorised it.
• are at fault because you were ‘grossly negligent’. This is quite a high test.
• told your bank more than 13 months after the unauthorised transaction.

You can challenge the first and second points.

How to challenge the claim you made an authorised transaction

If your bank says it won’t help you because you authorised the transaction by giving the scammer your personal or banking details, you can challenge this.

The Financial Ombudsmansays when it considers whether a scam transaction was authorised, it considers whether the victim knew that money was going to leave their account.

If the victim didn’t realise they were making a payment, the Financial Ombudsman says it's likely it will rule the transaction was unauthorised so the bank should reimburse the money.

How to challenge the claim you were grossly negligent

The Financial Ombudsman says the bar for ‘grossly negligent’ is high – it doesn’t just mean you were careless or negligent.

Scammers use sophisticated technology and manipulative social engineering to trick you into thinking they’re someone else.

This means that, depending on what has happened, if you’ve given the scammer some details that doesn’t necessarily mean you have been ‘grossly negligent’.

The Financial Ombudsman investigates complaints about banks and financial institutions and makes legally binding rulings about cases.

So, if the bank claims you were ‘grossly negligent’, take your case to the Financial Ombudsman and ask them to rule on this.

Escalate your complaint to the Financial Ombudsman Service (FOS)

Even if your bank refuses to reimburse you, all hope isn’t lost.

You can still escalate your complaint to the Financial Ombudsman Service who will investigate what happened, what your bank did, what the receiving bank did and whether anyone is at fault. It can take the FOS up to three to nine months to investigate your case.

Emotional support available after a scam

Being scammed can take a huge toll on your emotional wellbeing and mental health. It's often helpful to speak to someone about what you’re going through.

This can be anything from a quick scam to something which entangles you for months – every scam has an impact on your life, no matter how long it lasts.

MindMind has a confidential information and support line, Mind Infoline, available on 0300 123 3393 (lines open 9am-6pm, Monday-Friday).

The charity also runs the supportive online community Side by Side where you can talk about and share your experiences of mental health.

Victim Support has a free, 24/7 helpline where you can speak to someone confidentially. This can be a one-off call or they can refer you to local services for on-going support. This service is free and run by Victim Support which is an independent charity.

You can contact Victim Support by:

• Calling for free on 0808 16 89 111
• Requesting online support
• Contacting your local Victim Support team