Bank Mandate Fraud: Explaining the risks to individuals and businesses

An increasing number of individuals and businesses are becoming victims of mandate fraud; but what is it and how can you protect your money and liability?

What is Bank Mandate Fraud?

There’s a high probability that you will know someone who has been the victim of mandate fraud, whether as an individual or a business. Mandate fraud occurs when a fraudster is able to convince you to make a payment to their account, rather than who you believe you are paying, usually by way of an email to advise of a change in bank details.

The National Business Crime Centre provides an explanation guide along with advice on prevention against Bank Mandate Fraud

An example of Bank Mandate Fraud

  • Business A has a website which includes a ‘meet the team’ page, contact details and testimonials from customers.
  • One testimonial is written by the director of business B, who also has a website with the Director’s contact details.
  • A fraudster emails business B, purporting to be an administrator from business A to advise of a change in bank details. The email address looks legitimate and the email trail contains the company logo, contact details etc. all of which could be obtained from the internet
  • The email is forwarded to business B’s accounts department who update the bank details and subsequent payments are made to the fraudster’s account
  • This goes unnoticed until business A’s accounts send payment reminders for the invoices and both parties realise what has occurred

This is a relatively unsophisticated example of mandate fraud, which can be extreme and lead to the loss of significant sums of money. Unfortunately Firth & Scott are aware of a number of examples of this crime occurring to businesses in Nottinghamshire across a variety of professions. Everyone has an exposure to mandate fraud and businesses also have a liability to their own customers in respect of protecting them against indirectly being the cause of mandate fraud against their own clients.

Is it possible to recover your funds?

Banks are only required by law to refund funds which were fraudulently obtained without knowledge. As of the 28th of May however, many of the major banks have agreed a treaty that they will refund money transferred knowingly, but to a fraudulent recipient. This covers payments up to £1 million unless the payee has been deemed to be excessively careless or could potentially be attempting to defraud the banks.

Unfortunately this agreement appears to only be for consumers and does not make any references to payments made by businesses. It may be that it will extend to provide protection for businesses however at this stage, it is sensible for business to consider protection against these losses.

Cyber and Data insurance can be extended to include loss of fund by these means. It is also notable that if as a business your systems are hacked and your own customers suffer loss of funds as a result of this, you could be held liable for the loss. This is also covered under a Cyber and Data risks policy.

Firth & Scott will never contact you by email to advise of a bank account change. We have no intention of changing our banks however if we do in the future we will advise you by phone or by post as a precaution. Always be vigilant when opening emails and attachments purporting to be from Firth & Scott and if in doubt, call us to confirm we are the sender. If you would like to discuss cyber and data crime with us, please do not hesitate to contact Steve Allwright or Stevie Jeffrey on 0115 8400300.