Delaying bank payments by 24 hours would make scammers less effective

[Dr Strangelove]

This might apply to a few businesses but not many.

I mean this is the business model of neobanks.

Bricks and mortar banks make their money from mortgage lending and they know they won’t lose customers over frictions in the payment process.

 

[euroDilbert]

If there was a general rule that after setting up a new payee customers have to wait 24 hours before being able to pay them, people would just get used to it. Easy, effective & low cost security measure.

BOI have a limit of €1000 per day for 48 hours with new payees. (€20k per day for existing payees).

 

[Brendan Burgess]

BOI have a limit of €1000 per day for 48 hours with new payees. (€20k per day for existing payees).

That seems sensible.

So if I sent up a new payee today...
I can transfer only €1,000 today.
Another €1,000 tomorrow
And €20,000 on Thursday.

 

[euroDilbert]

That seems sensible.

So if I sent up a new payee today...
I can transfer only €1,000 today.
Another €1,000 tomorrow
And €20,000 on Thursday.

Yes - has occasionally been a nuisance (especially if a weekend intervenes - it's 2 working days), but it makes sense to me.

 

[Ruffian]

BOI have a limit of €1000 per day for 48 hours with new payees. (€20k per day for existing payees).

It is "up to 48 hours". I had a couple recently that allowed the higher rate sometime within 24 - 48 hours. Both payees would have been longstanding BOI customers so maybe this made it quicker. Great idea though.

 

[Itchy]

It's madness that the liability falls to the most vulnerable/least informed element of the payment chain. A bank has strict KYC obligations, they know the account scammed money gets transferred too. They have the informational advantage. Stock trading has T+1 settlement. It's not unfathomable that a bank could, for example, retain the cash transfer, apply a credit to the recipient for a period. Should a dispute arise, they can investigate and pay/return the payment.

 

[Brendan Burgess]

It's madness that the liability falls to the most vulnerable/least informed element of the payment chain. A bank has strict KYC obligations, they know the account scammed money gets transferred too. They have the informational advantage. Stock trading has T+1 settlement. It's not unfathomable that a bank could, for example, retain the cash transfer, apply a credit to the recipient for a period. Should a dispute arise, they can investigate and pay/return the payment.

Hi Itchy

Are you proposing that if I receive €5,000 in my AIB account from your Revolut account, that it be frozen in my account for 24 hours in case it needed to be recalled?

 

[euroDilbert]

It is "up to 48 hours". I had a couple recently that allowed the higher rate sometime within 24 - 48 hours. Both payees would have been longstanding BOI customers so maybe this made it quicker. Great idea though.

Full details are here : https://www.bankofireland.com/help-centre/faq/much-can-transfer-365-online/
If you need to make a large payment sooner, you need to contact the bank.

 

[basilbrush]

I remember reading several years ago that the UK was one of the top places in the world for scams because their Faster Payments was, at the time, one of the fastest money transfer systems.

 

[Brendan Burgess]

I remember reading several years ago that the UK was one of the top places in the world for scams because their Faster Payments was, at the time, one of the fastest money transfer systems.

I used to listen to BBC's MoneyBox programme.

Every programme seemed to be "Why if we send a payment today, does it not arrive in the recipient's account for another two days? Where is it in the meantime? Who gets the interest?"

Then the instant payments came in.

And every programme contained a report on people being scammed and the banks not compensating them.

I stopped listening to the programme.

 

[Itchy]

Hi Itchy

Are you proposing that if I receive €5,000 in my AIB account from your Revolut account, that it be frozen in my account for 24 hours in case it needed to be recalled?

I would say that it would be up to your bank to evaluate its relationship with you, the account holder. It need not be necessary to freeze the money. If its later identified that the money was potentially unlawfully obtained they can seek it back from the account holder. So they would obviously have to rely on their own due diligence (skin in the game). Remember cheques, when they were lodged they usually were credited to the account but you couldn't access the funds until they cleared. Obviously the burden to identify the fraud is on the victim. I'm not suggesting they should have to clear every transaction by the way.

The bank retains all the pertinent information needed to identify otherwise anonymous scammers. Each bank should be obliged to assist and safeguard the integrity of the system on which they rely for their business.

 

[PMU]

SEPA Instant is going to be a disaster for fraud prevention!

It may well be but is SEPA Instant not just the (mis)use of a requirement/standard to rig the market against Blockchain-based transactions? Blockchain has known scalability-related problems https://www.codementor.io/blog/blockchain-scalability-5rs5ra8eej.

 

[Dr Strangelove]

If its later identified that the money was potentially unlawfully obtained they can seek it back from the account holder.

It’s probably passed through three accounts in as many jurisdictions in that time.

As I have said before, it is very difficult to manage the trade off between customer experience and fraud prevention.

 

[Itchy]

It’s probably passed through three accounts in as many jurisdictions in that time.

And a liability would then sit with each participant in the scheme, and the bank would have to pursue its customer. They were happy to apply this method when there was a risk to their own capital, during the "free money" ATM glitch. There was never a circumstance when the bank would be happy to be defrauded of their own capital but yet when it comes to their customer, "sorry, nothing we can do".

 

[T McGibney]

And a liability would then sit with each participant in the scheme, and the bank would have to pursue its customer. They were happy to apply this method when there was a risk to their own capital, during the "free money" ATM glitch. There was never a circumstance when the bank would be happy to be defrauded of their own capital but yet when it comes to their customer, "sorry, nothing we can do".

Proper order on their part. I see no reason to socialise bank fraud losses by spreading the cost thereof over all bank customers. The moral hazard implications of doing that would be enormous.

 

[Dr Strangelove]

And a liability would then sit with each participant in the scheme

Imagine €100 defrauded from an Irish account and then transferred between banks in three jurisdictions in 24 hours. The SWIFT global payments system has 11,000 reachable banks in 40 currencies in 200 jurisdictions! No one has the time, resources, or authority to chase down €100 unless the fraud is orders of magnitude larger.

I see no reason to socialise bank fraud losses by spreading the cost thereof over all bank customers.

This already happens. Scrupulous customers like you and I subsidise those who are not.

 

[Dr Strangelove]

They were happy to apply this method when there was a risk to their own capital, during the "free money" ATM glitch.

This involved single transactions by customers of an Irish bank located in Ireland!

It’s not vaguely comparable.

 

[Itchy]

Imagine €100 defrauded from an Irish account and then transferred between banks in three jurisdictions in 24 hours. The SWIFT global payments system has 11,000 reachable banks in 40 currencies in 200 jurisdictions! No one has the time, resources, or authority to chase down €100 unless the fraud is orders of magnitude larger.

Are you suggesting that there are a succession of innocent account holders who receive unknown payments and immediately and unwittingly forward them on to other unknown account holders before the money ultimately reaches the fraudster?

This involved single transactions by customers of an Irish bank located in Ireland!

It’s not vaguely comparable.

Imagine that Irish account holder, instead of withdrawing the cash at an ATM, they transferred on the funds to another account outside the bank and from there to another account etc. Do you think the Irish bank would give a sugar where the money was transferred to? No, it would take the money back from the original account holder and pursue them for the debt.

 

[24601]

It may well be but is SEPA Instant not just the (mis)use of a requirement/standard to rig the market against Blockchain-based transactions? Blockchain has know scalability-related problems https://www.codementor.io/blog/blockchain-scalability-5rs5ra8eej.

I have no idea what any of that means, sorry. I'm pretty sure SEPA Instant is just intended to speed up payments to make business and trade more efficient across Europe though.

 

[euroDilbert]

Are you suggesting that there are a succession of innocent account holders who receive unknown payments and immediately and unwittingly forward them on to other unknown account holders before the money ultimately reaches the fraudster?

Not completely "innocent" but peripherally involved. These are the "money mules" who let their accounts be used for the transfers - the Gardaí appear to be taking this more seriously and taking prosecutions.

Thousands of 'money mules' operating in Ireland, gardaí warn

As Interpol says Ireland is one of a number of countries being specifically targeted by international cybercrime gangs, and gardaí warn thousands of people's bank accounts are being used to launder money, Prime Time speaks to a convicted 'money mule'.

www.rte.ie