Macdonald Henderson Solicitors

You are in: HomeNews › Cyber Fraud – Unauthorised Transactions - 21st January 2019

Cyber Fraud – Unauthorised Transactions - 21st January 2019 - Click for larger version Cyber Fraud – Unauthorised Transactions - 21st January 2019

Cyber Crime was at the end of 2018 described by the City of London Police as “the most significant harm in the UK”.

Cyber Fraud is one part of it.

It is frightening how readily an IT savvy criminal sitting in front of a computer, probably in a distant country, can dupe victims out of life shattering sums of money - and it appears as matters stand without real threat of being caught.

Sometimes, whether at fault or not, banks or other types of financial institutions involved are bound to in the first place bear the brunt and recompense innocent customers.

A client of our firm recently lost more than £300,000.00 to a cyber fraud and the whole sum was recovered by our client from the foreign exchange company that he had engaged.

Our client had sold a property abroad and needed to exchange Euros for Pounds Sterling. He agreed a currency exchange with the foreign exchange company. He was to transfer the Euros to the exchange company and in return receive a transfer of the agreed sum of Pounds Sterling.

The transfer of Euros to the company was achieved without problem, but our client did not receive the return transfer. Instead, the whole funds were transferred to the account of a fraudster.

What had happened was that the exchange company had sent our client an email with a form attached as a PDF and directed our client to print the PDF, write his bank account details on the form and send the form back to the exchange company. Our client could not print the PDF and was advised by the exchange company to instead simply note his account details in an email. Our client did so - using his email account he sent an email to the exchange company with his bank details. However, this email was not received by the exchange company. The exchange company instead received an email from a different email account (almost identical to our client’s email account, but with one different digit) of course noting different account details - and without any further correspondence with our client sent the funds to this account.

It appears that the email system of the exchange company was in some way compromised, our client’s email intercepted and a substitute email sent by the fraudster in its place.

Ultimately – after initially dismissive correspondence and the raising of a court action – we persuaded the exchange company to refund our client the whole sum that had been transferred to the fraudster.

This was the principal argument:-

The transfer to the fraudster’s account was not consented to or authorised by our client. The instruction to transfer the funds to the fraudster’s account (the email from the fraudster’s email account) had not come from our client at all.

It was therefore an unauthorised transaction. A bit like (when financial fraud tended to be more tangible) someone stealing your chequebook and signing a cheque in your place, without your knowledge.

The exchange company were a “payment institution” registered with the Financial Conduct Authority. As such they were regulated by the Payment Services Regulations 2017 (formerly the Payment Services Regulations 2009).

These regulations set out the obligations of payment institutions in the event of such unauthorised transactions.

Essentially, if a customer considers that an unauthorised transaction has taken place and notifies the payment institution without delay and no later than 13 months later then (subject to the customer not having acted fraudulently or with gross negligence) the payment institution must refund to the customer the amount of the unauthorised transaction.

Accordingly, the exchange company were bound to refund to our client the whole sum transferred to the fraudster.

This is just one example of the modus operandi of a cyber fraudster and how liability lies as between a payment institution and its customer. There are and will be many others.

If you have the misfortune to find yourself caught up in any of them then you can contact Michael Hankinson at or on 0141 2484957.

Preservation and analysis of data will be vital so please take advice (both legal and IT) from someone without delay.

Last updated: 8.50am, Monday 21st January 2019

Latest News and Events

At the end of March 2020, the UK Government introduced an online application process which allowed companies affected by COVID-19 facing fast approaching account filing deadlines to apply for an extension.
“Always be Closing” - the old mantra, made famous by Alec Baldwin’s speech in Glengarry Glen Ross has resonated in the corporate world in the twenty years since it was made. But Blake (Baldwin’s character in the film) and his sales team didn’t have to contend with a global pandemic.

Meet the Team at Macdonald Henderson