How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Stuart J Your Own Question
Stuart J
Stuart J, Solicitor
Category: UK Law
Satisfied Customers: 22624
Experience:  PGD Law. 20 years legal profession, 6 as partner in High Street practice
Type Your UK Law Question Here...
Stuart J is online now
A new question is answered every 9 seconds

Good evening. I have been subject to a substantial "Vishing"

This answer was rated:

Good evening.
I have been subject to a substantial "Vishing" fraud by a telephone confidence trickster who convinced me that they were my building society's telephone helpline and instructed me to transfer money out of my online account. Are there grounds for finding that my building society failed in its duty of care to me by not putting in place simple measures such as a pop-up warning about vishing risk on its online "quick money transfer" and a delay in the "quick transfer"?
NW = Nationwide Building Society
CT = Confidence Trick or Confidence Trickster
1. We took instructions from the CT and made the transfer of money from our account ourselves. NW may well state that this is negligence.
2. NW staff were not involved in this process.
3. NW has advice about security on their website.
1. The NW has a duty of care to protect its members.
2. The NW knows about the vishing CT and therefore has a duty to put adequate measures in place to protect its members/ customers from this scam.
3. It should not be assumed that ordinary domestic members have adequate knowledge or expertise to protect themselves from this scam.
4. NW has very actively promoted the use of online services by its existing members. It is incumbent on the NW to ensure that the use of automated online services does not put its members at any greater risk than they would previously have had using traditional cheque and teller services. The substitution of a human teller by an automated teller does not absolve NW of liability for the actions undertaken by its systems.
5. This CT could not have happened using traditional teller services, it depended on three particular features of the online services which were introduced by NW. i.e. the use of (i) Verified by Visa, (ii) provision of a helpline and (iii) the online quick transfer facility. The CT used the lack of security in NW�s own systems to carry out the scam.
6. We had no way of knowing that the call purporting to be from Verified by Visa was not genuine.
7. When using the NW helpline there is no obvious way of knowing whether we are speaking to a genuine helpline. It is likely therefore that a proportion of NW members will be duped by the CT. This appears to be well known to NW when we spoke to the genuine helpline, who sympathised and said that CT�s are very convincing.
8. Does NW have any statistics for the numbers of their members who get caught in this way?
9. Despite NW knowing about this type of scam, the online quick transfer facility does not provide any safeguards against it.
10. It therefore appears that NW are prepared to tolerate a proportion of their members getting duped by CTs, since there are no specific measures in place to prevent this scam.
11. It is incumbent on the NW to ensure that any automated system provides at least as good a safeguard as a traditional teller service.
Some analogous situations of duty of care:
� Employers have a duty to provide a safe place of work for their employees. So for example in the building industry the building contractor must provide proper handrails to scaffolding, he cannot blame the victim for the errorr of falling from it.
� Credit card companies are liable to refund purchasers when they are conned by fraudulent suppliers who do not supply the goods purchased.
duty of care n. a requirement that a person act toward others and the public with watchfulness, attention, caution and prudence that a reasonable person in the circumstances would. If a person's actions do not meet this standard of care, then the acts are considered negligent, and any damages resulting may be claimed in a lawsuit for negligence.
Thank you for your question here on Just answer. It is my pleasure to try and assist you with this today. Please bear with me if I need to ask for any further information from you in order for me to be able to advise you fully. My name isXXXXX and I am a practising solicitor. I have been an expert on this website in UK law since 2008. During that time, as you appreciate, I have answered thousands of questions from satisfied users on a variety of subjects.
Because we are all in practice with clients and court and other users, I might not always respond in minutes, particularly evenings and weekends. Please bear with me in that case. I will be online and off-line all day most weekdays and weekends.

Just to clarify, you gave your details to a fraudster over the phone? Why do you feel the bank are liable for this please?
Customer: replied 3 years ago.

I did not give my details to the fraudster over the phone.

1. I was phoned by someone purporting to be from Verified by Visa who said that there had been abnormal transactions on my account and that I should contact the NW helpline.

2. I called the NW helpline and received detailed instructions about closing my online account. This included transferring money to another account. However it subsequently transpired that the first caller had not hung up and that I was speaking to their accomplice. Prior to this I was not aware of the vishing fraud method. However it is evident that the NW is aware but did not put in place adequate measures to protect their domestic customers.

This is a really unfortunate situation that you
have been placed in and you have my every sympathy because I was nearly in
a similar situation as you are 10 years ago when someone rang me purporting
to ask me if I wanted an increased overdraft limit which I did not. In so many
words I told them to get stuffed because they rang me on a Sunday. I complained
to the bank on Monday and it ended up with an investigation because the bank
does not make such calls and certainly does not make them on Sunday.

There was actually more to it because earlier
that day, someone had rung the bank purporting to be me and asking to increase
the overdraft limit. I had a small overdraft limit but the account was always
in credit and they wanted to increase it from £3000-£10,000.

Evidently what they then do is get in to your account
(or they did at the time because the Internet banking system was very basic), using
the pass word and username of all things from your mobile phone account held by
the mobile phone company because, of all things, this fraud was perpetrated
from within a mobile phone company! It worked on the basis that most people use
the same username and password XXXXX everything and the mobile phone company had
people's bank account details in any event. Once into the account, they emptied
it into a spare account, emptied the spare account and then closed it

Clever. Fortunately, they didn't get me but that
was only because I was annoyed at being rung on a Sunday.

And so, to your case.

Until 18 months ago, my partner was a senior
fraud investigator for a credit card company and therefore, before answering
this I wanted to run this past her. True, it was a credit card company she
worked for but the principles are the same to a point.

The analogy you use of the credit card is really
based upon completely different facts because the situation is completely
different if you had bought something with this money and then the item did not

You actually were victim of a telephone fraudster
who quite plausibly asked you to ring another number which may have been the
same number or may have been his colleague hanging on the line and you then
transferred the money to the account (voluntarily) that you had been given the
details of. This is not how building society's work although you were not to
know that.

My partner use the analogy which is that in
effect, you took the money out of your building society account and gave it to
a doorstep conman in that case, the building society has no liability.

The building society's duty of care does not
extend to advising every account holder of every single kind of fraudulent
activity because that would be a mega-gargantuan task. They do say on
monotonously frequent basis that you should never disclose your account details
to anyone and whilst I accept that you did not do that, you transferred money,
quite willingly to a third party without actually verifying the third party's

For that reason, I think that nationwide have no
liability to you. They do however have a duty to investigate this and it is
highly likely I am advised that your details have come from within nationwide
otherwise, they would not have your telephone number and know that you had a
nationwide account.

This should therefore be referred to their
internal fraud department but you should also refer it to the police. Whether you
get your money back is anyone's guess but it would seem unlikely unless they
catch the fraudsters.

I'm sorry, I appreciate that this is not the
answer you wanted but there is no point in me misleading you or giving you
false hope. I have a duty to advise you truthfully and honestly, even if that
answer is unfavourable which I appreciate it is

Does that answer the question? Can I assist
further or answer any specific queries?

If you have not done already, please don't forget to positively
rate my answer service even if it was not what you wanted to hear. You should
now see a series of buttons which enable you to rate my answer service

If you don't rate it positively, then the site keep your deposit and I get 0
for my time. It is imperative that you give my answer a positive rating.

It doesn't give me, "a pat on the head", "good boy" (like ebay), it is my

If in ratings you feel that you expected more or it only helped a little,
please ask.

The thread does remain open for me to answer follow-up questions
after rating my answer service.

Rating doesn't close the enquiry at
all even though the site may give that impression. It remains open for you to
read and ask for further clarification.


PS Experts on here are online and off-line all day each day and
weekends so please bear with me if I do not get back to you immediately.

PS. I use voice type, voice recognition typing because I only
type with two fingers and it would take me ages. Sometimes, a computer does not
hear me correctly and you will get an incoherent word. I do try to but
sometimes they slip through. I apologise therefore if anything doesn't make
sense. It is me losing it, not you. Just ask if anything is not clear please.

Customer: replied 3 years ago.

Thanks for your advice and for contacting your colleague about this. It is the answer that I expected (nothing wrong with that). I think however that the situation is different to handing money over to a conman on the doorstep. The con depended on particular features of the NW's systems (as well as my error/stupidity); the NW is aware that these cons are happening but has not put in place adequate measures to protect their non-expert customers (same as not providing the handrail for the builder's labourer in case he steps backwards). Please let me know if you have any further comments, otherwise I will sign off with a positive response.

Thank you for the kind comments.

You make very valid points, and I imagine that they are aware
that there is a "leak" somewhere within their internal system whereby the
fraudster knows exactly the system and indeed, the fraudster has all your
personal details as I said earlier.

However that is very difficult if impossible for you to get to
the root of and from my own experience they will be looking very seriously at

The letter to the chief executive would be better as an appealing
letter asking for help and assistance and indeed offering it.

If you could prove to the satisfaction of a judge what the
measure is that they could easily put in place to prevent this ( it needs to be
something that is possible and practical) then you have a glimmer of a possibility
of bringing a claim. I say that it is a glimmer and it would depend on you
coming up with something which would constitute a breach of duty of care. It
would need to be something specific and you would need to know that they do
indeed have knowledge of exactly this activity.

If the amount is under £10,000, it will be small claims court
anyway and you will not have to pay their legal costs, even if you lose and by
the same token, you don't get yours back even if you win, if you use solicitors.

At this stage, from the facts you have given me I would not
actually be spending the issue fee although if you can get a breach that you
can actually hang your hat on, it might be worth considering

Stuart J and 3 other UK Law Specialists are ready to help you