What to do if you fall victim to a bank transfer scam

We explain how authorised push payment (APP) fraud works and share what you need to know if you fall victim to a scam. 
Which? Team
What to do if you’re the victim of a bank transfer (APP) scam

What is an 'authorised push payment' scam?

An authorised push payment (APP) scam, also known as a bank transfer scam, occurs when you send money from your bank account to one belonging to a scammer.

For example, a scammer may call you claiming to be from your bank’s fraud team and warn that you need to move your money to a safe account, but you'll actually be sending money to an account controlled by the fraudster.

If you think you've been scammed, don't be embarrassed. Scams are more complex and convincing than ever - people of all ages and backgrounds can unfortunately fall victim to scammers’ manipulations.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Contact your bank immediately

If you think you’ve been scammed, you should call your bank or card provider immediately.

Tell your bank what happened, and provide it with the account number your sent the payment to. 

Your bank may be able to either stop the transaction from going ahead or recover your money from the fraudster’s account.

Speed is of the essence for this, so it’s important to let your bank know as soon as you suspect you've been scammed. 

Contact the bank you sent the money to 

You should also contact the bank you sent the money to and let it know the account number, as it may be able to halt the transfer and get your money back. 

You can check which bank you sent the funds to by looking at the receiving bank's sort code - each bank has a different sort code with which it can be identified. 

Key Information

Other types of fraud

If you’ve been the victim of a different type of fraud - for example, you paid on your credit card or via PayPal - read our guide on what to do in those scenarios.

Getting your money back under the CRM Code

Many banks are signed up to the Contingent Reimbursement Model Code for APP scams (the CRM Code). Under the code, banks have to take a number of steps to protect customers and reimburse those who aren't to blame for the scam.

You can ask your bank directly if it's signed up to the code. The Code only applies to transfers between UK accounts. 

If a bank is signed up to the code, as well as reimbursing innocent APP scam victims, it must do the following:

  • Educate customers about APP scams.
  • Identify higher risk payments and customers who are vulnerable and therefore have a higher risk of falling victim to a scam. 
  • Provide effective warnings to customers if the bank identifies an APP scam risk - these could be messages when you go to make a payment or set up a new payee.
  • Talk to customers about payments and even delay or stopping payments where there are scam concerns.
  • Act quickly when a scam is reported to it.
  • Take steps to stop fraudsters opening bank accounts.

Key Information

Banks signed up to the CRM code

  • Bank of Scotland
  • Barclays
  • Britannia
  • Cahoot
  • Cater Allen Limited
  • Co-op Bank
  • First Direct
  • Halifax
  • HSBC
  • Intelligent Finance
  • Lloyds Bank
  • M&S Bank
  • Metro Bank
  • Nationwide Building Society
  • NatWest
  • Royal Bank of Scotland 
  • Santander
  • Smile
  • Starling Bank
  • Ulster Bank
  • Virgin Money


Your responsibilities under the CRM code

If a bank is signed up to the code, it has a duty to analyse scam cases in line with the code's guidance to decide whether or not to reimburse APP scam victims. However, it's down to the bank to interpret the code how it sees fit.

If the bank finds that you're not to blame, you'll be fully reimbursed. If it finds that you didn't do your due diligence to avoid being scammed, it will refuse to reimburse you, and if it believes that both you and the bank could've done more to prevent the scam - you'll be reimbursed half or some of your lost funds. 

Under the code, customers are expected to do the following:

1. Pay attention to warnings given by your bank - these might be instructions or messages when you set up, change or make payments.

2. Have a reasonable basis for believing that:

  • the person you paid was the person you were expecting to pay
  • the payment is for genuine goods or services
  • the person or business you are paying is legitimate

3. Take care – in the aftermath of being scammed you might think you weren’t careful enough, but this shouldn’t put you off making a complaint to your bank. The test is about what you did and thought at the time of the payment, not afterwards.

Your bank should also reimburse customers who might not have been able to protect themselves from a scam using these steps or customers considered vulnerable to begin with.

It might be because you’re new to making payments online, were mentally or physically unwell, weren’t able to make decisions at the time or that the scam was very convincing.

When you report the scam to your bank, you’ll likely be asked to send in evidence of what happened, like copies of text messages or emails. Your bank should do this sensitively.

We’ve written a template letter to help you make a formal complaint to your bank about a scam if they’re signed up to the code.

If your bank isn’t signed up to the code

While getting your money back after being scammed is simpler if your bank is signed up to the code, don’t lose hope if they’re not. There are still options available to you.

We’ve written a template letter to help you make a formal complaint to your bank if you were a victim of a bank transfer or APP scam.

You should use this after reporting the scam when it first happened, after you have a clearer idea of what happened and what your bank’s position is.

You should also report the scam to Action Fraud which will give you a crime reference number.

key information

Scam example: there’s a problem with your broadband connection

  1. A scammer called a woman pretending to be from her telecoms provider, saying there had been hacking attempts on her broadband and they needed to secure it.
  2. He confirmed her name, address, BT account number and email address as proof.
  3. She followed his instructions and at some point logged into her online banking.
  4. She soon got a text that a new payee had been set up at which point the fraudster hung up. £4,000 was transferred from her account within 30 minutes.

Her bank refused to reimburse her because they claimed she’d been 'grossly negligent'.

She complained to the financial ombudsman which ruled in her favour.

The financial ombudsman said she didn’t authorise the transfer because she didn’t know money was leaving her account and, because she was tricked, it wasn’t fair or reasonable to consider her to be grossly negligent.

The financial ombudsman ruled her bank refund her the full £4,000, plus an additional £300 compensation for the trouble and upset caused.

Your options if your bank refuses to reimburse you

How to prove you didn’t authorise the bank transaction

If your bank isn’t signed up to the code, it might tell you that it can’t help you either because you authorised the payment by providing the scammer with your details or because you were ‘grossly negligent’.

The onus is on your bank to prove why they’re refusing to refund you. Your bank will need evidence to prove you:

  • authorised the transaction - but your bank can’t just say because your password, card or Pin were used that you authorised it.
  • are at fault because you were ‘grossly negligent’. This is quite a high test.
  • told your bank more than 13 months after the unauthorised transaction.

You can challenge the first and second points.

How to challenge the claim you made an authorised transaction

If your bank says it won’t help you because you authorised the transaction by giving the scammer your personal or banking details, you can challenge this.

The financial ombudsman says when it considers whether a scam transaction was authorised, it considers whether the victim knew that money was going to leave their account.

If the victim didn’t realise they were making a payment, the financial ombudsman says it's likely it will rule the transaction was unauthorised so the bank should reimburse the money.

How to challenge the claim you were grossly negligent

The financial ombudsman says the bar for ‘grossly negligent’ is high - it doesn’t just mean you were careless or negligent.

Scammers use sophisticated technology and manipulative social engineering to trick you into thinking they’re someone else.

This means that, depending on what has happened, if you’ve given the scammer some details that doesn’t necessarily mean you have been ‘grossly negligent’.

The financial ombudsman investigates complaints about banks and financial institutions and makes legally binding rulings about cases.

So, if the bank claims you were ‘grossly negligent’, take your case to the financial ombudsman and ask them to rule on this.

Key Information

Scam example: your bank’s ‘fraud team’ give you a call

  1. A scammer spoofs your bank’s number, so it looks like your bank is calling you.
  2. When you answer, the scammer tells you they’re a member of the fraud team.
  3. They ask you a series of questions to prove your identity, including sending texts with confirmation codes.
  4. When you hang up and check your account, you see the codes actually allowed the scammers to drain your account.

You believed you were speaking with your bank and didn’t realise what you told them gave them access to your account.

Because of that, in this instance it’s likely the financial ombudsman will consider this to be an unauthorised transaction.

Escalate your complaint to the Financial Ombudsman Service (FOS)

Even if your bank refuses to reimburse you, all hope isn’t lost.

You can still escalate your complaint to the financial ombudsman who will investigate what happened, what your bank did, what the receiving bank did and whether anyone is at fault. It can take the FOS up to three to nine months to investigate your case.

Emotional support available after a scam

Being scammed can take a huge toll on your emotional wellbeing and mental health. It's often helpful to speak to someone about what you’re going through.

This can be anything from a quick scam to something which entangles you for months - every scam has an impact on your life, no matter how long it lasts.

Mind has a confidential information and support line, Mind Infoline, available on 0300 123 3393 (lines open 9am - 6pm, Monday – Friday).

The charity also runs the supportive online community Side by Side where you can talk about and share your experiences of mental health.

Victim Support has a free, 24/7 helpline where you can speak to someone confidentially. This can be a one-off call or they can refer you to local services for on-going support.

This service is free and run by Victim Support which is an independent charity.

You can contact Victim Support by:

Seen or been affected by a scam? Help us protect others