Direct debit fraud at an all-time high; Bacs challenges figures

Over 97,000 Brits have fallen victim to criminals setting up fraudulent direct debits from their accounts, with this number set to escalate over the next three years, according to research from insurance outfit LV=.

  0 4 comments

Direct debit fraud at an all-time high; Bacs challenges figures

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The study, conducted by the Centre for Economics and Business Research (CEBR), show that so far this year 26,000 Brits found fraudsters taking out regular direct debit payments in their name, with an average of £540 going missing before they noticed and stopped it.

Common examples of direct debit fraud include regularly recurring payments for gym memberships, mobile charges or TV subscriptions. In other cases, the fraudster will set up the payment to their own account but label it with the name of a commonly used service provider, leading the victim to think it's a legitimate payment.

Over the last four years, the number of criminals gaining access to victims' bank accounts directly in order to set up regular payments has risen by 288% from just 6200 reported cases in 2006.

Direct debit payment fraud now accounts for around 10.6% of all identity fraud cases, rising from 0.01% of all cases in 2001. And the LV= report reveals the problem is set to grow to 41,000 cases a year by 2013, equating to a 57% rise in the coming three years.

LV= puts the rise down to the credit squeeze and a criminal migration away from Chip and PIN-protected card channels. The boom has also been driven by the proliferation of online services, with fraudsters now able to set up contracts and other agreements without the need for stringent ID checks.

However, the data gathering exercise has been challenged by UK clearing house Bacs, which says it has been denied access to the methodology used by CEBR.

"Without seeing the report, it's difficult to comment on its contents, however, we question the validity of the data used to predict any future increases in incidence of directd debit fraud, particularly from two parties who do not have an industry-wide overview," says Bacs in a statement. "As we haven't been allowed access to the research, we don't know that the questions asked make clear what direct debit fraud is."

The ACH says its own research shows that only one percent of British businesses have experienced direct debit fraud, "and we have no evidence that this has changed markedly since that was carried out in July 2008".

Whatever, the true figures, LV= says the problem is being exacerbated by old or duplicate direct debits. Forgotten direct debits take bank account holders on average four months to notice and cost around £190 each time, according to LV=, with an estimated £385 million 'wasted' in unnecessary direct debits last year.

John O'Roarke, managing director of LV= home insurance, comments: "While most of us are aware of the need to protect our card details, the increase in fraudsters setting up direct debits in victims' names proves the need for everyone to regularly check their banks statements and ensure they're not paying out for someone else's mobile phone account or gym membership or any other direct debit they don't recognise."

Bacs counters that all direct debit instructions are protected under the terms and conditions of their use. "If a customer believes funds have been taken incorrectly from their bank account by direct debit, they should contact their bank branch immediately to request that the money be returned under the terms of the Direct Debit Guarantee."

Sponsored [On-Demand Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Comments: (4)

A Finextra member 

Is this about the never-ending fraud spiral, or mis-information precisely aimed at instilling fear into corporate decision makers so that they will be more likely to spend money protecting stuff that doesn't actually need protecting.

Paying for an insurance policy using a direct debit on someone else's current account has got to be the most stupid criminal activity possible.  As soon as the victim realises what's happening and notifies the bank, they get their money back and the insurance becomes null and void: if it was for car insurance, the idiot crim is potentially breaking two laws at once.  Brilliant!

Also got to say that LV= must take some of the blame for allowing it to happen in the first place.  Do they not check who they are providing insurance to?

Now, is it true that I can set up a Direct Debit from another person's bank account into mine?  This post seems to me to imply that it is possible.  I don't think this is the case.  Is this another example of the plausible being passed into the mainstream as an actual?

Is this really just a lot of frightening words around something that really isn't a problem.

Keith Appleyard

Keith Appleyard IT Consultant at available for hire

This all emanates from the crazy idea to allow the set up of Paperless Direct Debits. Organisations must be compliant with AUDDIS (Automated Direct Debit Instruction Service) and are responsible for verifying their customers' identity - but of course they don't bother - just like the sub-prime Mortgages not bothering to vet Income.

No-one has ever verified my identity, hence why I check my D/Ds quite religiously.

I notice that BACS made electronic rather than paper format mandatory from 1st January 2008 for all new service users.

So not rocket science to predict where this is going.

A Finextra member 

I would say that the statements and allegations made in the CEBR report are , at best, questionable. However, it is only prudent for all organisations to protect themselves against fraud. Customers under the direct debit scheme are protected by the direct debit guarantee, however corporates and SMEs signing up customers should ensure that the details they are provided with are correct. The Service User's Guide explains how to do this and there is further information available from www.directdebit.com. It is true that paperless direct debits make it harder to determine the identity of the payer but the industry has addressed this and there is a range of suitable products available. Service Users are able to log into www.bacs.co.uk to obtain further information. This will help organizations offer a better service to their customers and reduce the level of indemnity claims received - maximizing cashflow.

No system will ever be fully protected from the determined fraudster but to put things in perspective, there are over 3 billion direct debit transactions occurring in the UK every year and this number is growing. No organization thinking about implementing direct debit should be put off doing so, as the benefits far outweigh any perceived risk from fraud. The paperless direct debit scheme has been operating successfully in the UK for many years now and is a robust, safe and convenient payment method for customers and businesses alike.

A Finextra member 

Just over one hour ago I found a fraudulent new direct debit on my current account. I called my bank and have spent most of the time since navigating my way through countless telephone corridors. Fraud dept tells me it can start work on recovering the money I have already lost, but cannot help with preventing more DDs from being set up. I need to speak to my branch... who are "not answering just now" (verbatim quote). Finally got through to the branch who inform me that they can stop the account from operating, or just let it carry on paying out whatever DDs (and whatever else) my thief fancies having... "which would you like, sir?".

Apparently, the old fashioned process of telling an accountholder when a new DD or SO has been set up is no longer followed.

I am going to St Paul's, where common sense still counts for something. 

[Webinar] PREDICT 2025: The Future of Faster Payments in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of Faster Payments in the US