Head of Banking & Lender Disputes | Dispute Resolution | Banking and Finance
This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.
It is easy to read stories of authorised push payment (APP) fraud and dismiss it as a type of fraud that only affects those who deemed "vulnerable". However, more often than not, we are all surprisingly narrow in our "sophistication" and, in the right circumstances, we could all be vulnerable to it, as highlighted in a recent High Court case.
In this case, Mrs Philipp was a customer of Barclays when in February and March 2018, both she and Dr Philipp, a retired music teacher and a retired medical consultant respectively, were victims of an elaborate and sophisticated social engineering scam by a fraudster ("JW"). JW was able to convince the couple that he was an FCA employee investigating frauds within HSBC (Mr Philipp's bank) and Tilney (managers of Mr Philipp's investments). Consequently, Dr Philipp was persuaded to transfer his savings into Mrs Philipp's accounts and, upon the direction of JW and Dr Philipp, Mrs Philipp instructed three international payments of £400k, £350k and £250k (the third was only blocked by Barclays following police intervention) to accounts held at two Middle East banks which have since not recovered or returned the funds.
Despite the sophisticated methodology, the case represents the archetypal APP fraud. JW increased the couple's vulnerability by inventing a threat (that they were already at risk of losing their money), displacing their ordinary safeguards, and leading them to clearly and deliberately authorise the payment instructions to "safe" accounts - unaware of JW's true identity or the unsafe destination of the funds.
The couple received a number of warnings and an officer from Avon and Somerset Police even visited them three times to caution them that they were victims of fraud. It was only on the third meeting that they accepted they were being defrauded, which was two days after they had sought to process another portion of money.
Banks owe their customers a duty to observe reasonable care and skill in executing a customer's orders. Banks also have a duty to refrain from carrying out an instruction (which is in accordance with the customer's mandate) where it is on inquiry of a potential fraud. This is known as the "Quincecare duty", established in the case of Barclays Bank plc v Quincecare Ltd.
The question is, how far do these duties extend? On the bank's case, these duties did not extend to an obligation to have policies/procedures in place to detect potential APP fraud, identify potential victims during the payment journey and, ultimately, refuse to act on an individual customer's instruction - as the claim alleged.
Despite forceful submissions, the judge did not find that a duty already existed (and, perhaps understandably at first instance, was not prepared to extend it) to oblige a bank to refuse Mrs Philipp's unequivocal instruction and second guess her explanation or willingness to make that instruction.
In his judgment, Judge Russen QC stated that he felt "acute sympathy" for the couple who had "fallen victim to the dishonesty" of JW, however "it would not be fair, just or reasonable to impose liability" on the bank. In turn, the High Court has dismissed Mrs Philipp's claim against Barclays upon the bank's application for summary judgment.
When a customer is "under the spell" of a fraudster, as Mr and Mrs Philipp were, it is unsurprising (and sadly all too common) that a bank's warnings or challenges are not able to jolt them from it.
In circumstances where Mrs Philipp was determined to make the payments, the bank persuaded the judge that expanding the legal duty to a case like this would make it an "insurer of last resort" for fraud perpetrated against customers. Since Quincecare, the courts have been reluctant to impose any such burden on the industry which may unduly fetter ordinary banking business. However, the recent Supreme Court decision in Singularis has increased the number of cases exploring the boundaries of the duty.
Though an appeal to this summary judgment is proposed, the case nonetheless issues a stark warning to both customers and banks that anyone can succumb to APP fraud and, in the case of an individual, the bank is not the wrongdoer and is unlikely to be liable for any loss incurred.
Should you wish to discuss the impact of this decision, please get in touch.