1. Home /
  2. Decisions and case studies /
  3. Case studies /

Sending bank and receiving bank should have stopped scam, says SME

After falling victim to an invoice intercept scam, an IT company felt let down by both the sending and receiving banks.

Print page

What happened

An IT company received an invoice which appeared to be from one of their suppliers. However, a scammer had intercepted the invoice and changed the bank details.

As part of a prevention strategy to protect the firm from fraud and scams, the IT company had put a procedure in place. When an email came from suppliers notifying a change in bank details, it was standard practice to phone that supplier on a reliable number.

However, this didn’t happen and the IT company went ahead and made the payment.

The scam only came to light when the genuine supplier contacted the company. Unfortunately by that time the money was lost.

The IT company believed their bank – the sending bank – could have done more to prevent the scam. They thought the receiving bank had failed to carry out due diligence by allowing a fraudster to open an account and receive the payment.

What we said

First, we looked at the complaint against the IT company’s own bank.

The payment was large, but we could see that the company made large payments to new payees. There wasn’t anything else which we thought the bank ought to have noticed or any other error or omission on their part. Therefore we said it wouldn’t be fair to ask the bank to reimburse the amount.

When we investigated the complaint against the receiving bank, we started by looking at when the account had been opened. We didn’t find anything suspicious that might have alerted the bank the account-holder intended to use it for fraud.

However, the payment that the IT company made was highly unusual compared with normal activity in the account. What’s more, the scammer tried to transfer the money straight out of the account as soon as it arrived. That was also very unusual.

This raised the alarm and the receiving bank intervened and questioned its customer. But, even though the scammer’s response was inconsistent and suspicious, the receiving bank didn’t investigate any further.

Had it done so, we believed the scam would have come to light. The bank missed an opportunity to prevent the IT company losing money to the scammer.  

However, we felt the IT company had also been negligent by not following their own procedures to keep them safe from fraud. If they had, the scam would have come to light.

Because of this, we said the loss should be shared equally between the IT company and the receiving bank. That meant the bank reimbursing 50% of the loss to the IT company, with interest.

Related case studies

Café owner struggles to open a feeder account for a bounce back loan

A café owner felt there was no progress made by her bank in helping her open a "feeder" account with them, and felt that this delay was putting her business at risk.

SME Bounce back loans

Read more 

Consumer caught out by a “Hi Mum” message scam contacts us about the bank’s response to her complaint

Dawn lost £1,000 to a fraudster who had contacted her in a messaging app pretending to be her daughter. Dawn reported the matter to her bank but they refused to refund her money. Unhappy with their response, she contacted us to make a complaint. 

Fraud and scams

Read more 

Sports training business turned down for a bounce back loan

A bank had declined an application from a sports training business for a bounce back loan.

SME Bounce back loans

Read more