Is it your responsibility to protect consumers from impersonation frauds?
Aiding victims of crime can be a shrewd and effective PR move that bolsters a company’s reputation as a brand that cares.
The Times has reported that 81.1% of investment fraud in the United Kingdom is perpetrated on social media platforms operated by Meta. In other words, in 8 out of 10 cases of investment fraud, criminals are targeting users of Facebook , WhatsApp and Instagram. When fraud takes place, the problem very often lands at the door of the victim’s bank as their customer scrambles to recover the lost funds.
The Online Safety Bill in its current form promises to address scam adverts, seeking to place responsibility on companies such as Meta to prevent consumers from encountering scams on its platforms. UK bank TSB noted to The Times that, since Google introduced a requirement that advertisers were FCA-authorised, there had been no incidences of customers falling victim to scams on Google’s search engine. These scams appear to have migrated to less heavy-handed Meta platforms.
The responsibility of banks when frauds occur
Depending on the nature of the scheme, in some cases banks pick up the tab, reimbursing customers and making decisions internally about how far to pursue the wrongdoers. In other cases, for example when bank transfers have been made from a current account, banks tend not to have a contractual obligation to make good the loss; in such cases they may choose to do so as a gesture of goodwill or, rather, may find that not reimbursing customers is a reputation risk.
Earlier on this year the FT reported that the Payment Systems Regulator was set to gain new powers which would force banks to compensate victims of some types of fraud. Currently, however, banks opt in to a voluntary code and actual compensation varies from bank to bank. TSB, for example, voluntarily reimburses all customers who are victims of fraud, regardless of the circumstances. Banks’ consumer divisions trade on trust – being perceived to be inactive, even if there is no obligation to make good the loss, may tarnish a bank’s reputation and the recent press around Halifax demonstrates how fickle a beast the consumer can be.
Even if regulators eventually require banks to compensate victims of authorised push payment fraud – usually involving bank transfers – this leaves a number of other types of fraud unaccounted for and scammers running amok on social media.
Unsurprisingly, and with potentially onerous regulation looming, banks have had enough. Calls have been made for Meta, and its competitors, to absorb some or even all responsibility where a platform hasn’t done enough to prevent scams from being perpetrated using its technology. With compensation voluntary, banks are left with decisions resting on the reputation risk of not reimbursing its customers rather than a legal requirement to pay out.
And banks are not always involved; cryptocurrency is a popular conduit for scammers and legislation is still catching up with this emerging sector.
As well as banks and social media platforms, there is a third part-time player in the game of compensation pass the parcel and that is companies whose brand is impersonated to front the scam and lend it false credibility.
What if your company has been impersonated as part of a fraud?
There are a number of ways in which frauds are committed online. Scam adverts are a common example but sophisticated frauds exist which attempt to trade on the goodwill of existing companies and mislead innocent investors or suppliers into parting with cash under the guise of a well-known brand. Where this happens on social media, companies may find they are very much on the back foot if they are made aware of scams by virtue of victims making contact seeking redress. And, increasingly, scams are perpetrated using cryptocurrency where scammers elicit investment, in many cases utilising a pyramid scheme structure to encourage victims to recruit more victims, later vanishing with the funds and almost impossible to trace.
Companies that have been impersonated are unlikely to have a legal responsibility to help the consumer recoup their losses but, in terms of a company’s reputation, it is often crucial to be seen to be doing something.
Not to mention, with banks tired of picking up the slack from social media and a lacuna of responsibility – albeit with the draft Online Safety Bill – those whose branding is used to facilitate scams, whether through lax compliance procedures or online impersonations using trade marks and goodwill to mislead victims into parting with cash or goods, should have a plan of action.
With banks wanting to push the blame onto the social media companies who also are pursuing a hands off approach – it looks like businesses who have been impersonated will likely be the next target of consumer frustration – their approach to these consumers will in turn have the ability to cause reputational harm to a business’ hard earned brand name.
How to get ahead of impersonation scams
Impersonation scams often target well-known brands with a global reputation. Companies that have in place a strategy to cut scams off at an early stage are more likely to come away from an impersonation attempt relatively unscathed or even having gained good will through voluntary action:
- Routinely search for active scams. Keeping tabs on social media that may be operating using the company’s name, logo or key individuals and monitoring newly registered domains that could indicate an infringement.
- Act swiftly to remove social media pages and websites from being publicly available. It is important to engage with the providers of online services as soon as possible to prevent a scam from spreading and minimise the impact on possible victims, and therefore on the company’s reputation.
- Have a comms strategy. Where a scam appears to have developed to become sophisticated, or where the company was made aware of the scam by its victims, a prudent response may be to have a statement that can be adapted for the situation and shared on the company’s website or social media to warn the public that the scam exists, and show proactivity. This is often an effective strategy where the scam is persistent and reappears in a different form after an initial take down action. A number of global brands warn suppliers of scam purchase orders which purport to be legitimate. This is an effective passive way to approach the reputation risk of an impersonation scam but may not be considered to go far enough where loss has been or is being suffered by victims of the scam. It is not necessarily for a company to address compensation to those who have fallen prey to a scam, but aiding victims of crime can be a shrewd and effective PR move that bolsters a company’s reputation as a brand that cares.
Further reading: Impersonation scams: How businesses fight back