Secure International Transfers (Defend Against Fraud)

So, it’s not just downright fraud that could put your money at risk.

There's also the reputability of your payment provider to consider, and the payment regulations they're required to adhere to.

Plus, other things can go wrong with a money transfer, especially when you're sending money across borders.

In this guide, I'll explain the three major factors that put your money at risk and the steps you need to take in order to make secure international money transfers.

In addition to analysing the latest UK payment and fraud regulations (updated as recently as October 2024), we’ll explore real case studies where consumers have lost money to fraud or when payment providers have gone bust, helping you understand the safest ways to send money online.

1. Use regulated money transfer providers (and understand what the regulation means for money transfer safety)

First and foremost, it’s crucial to use regulated money transfer providers that are overseen by the official authorities in their respective countries.

In the UK, that’s the FCA. 

Check on the FCA register how your payment provider is regulated

In the US, payment firms are regulated at the state level and then federally by FinCEN.

If you don’t, you simply can’t transfer money safely, and there’s almost no chance of recovering your money if something goes wrong with your transfer.

If you use us to compare money internationally, we will make sure recomendded companies are authorised.

A leading UK currency broker like Currencies Direct is regulated worldwide in territories including the UK, the EU, the USA and Canada.

The global mega money transfer app Wise is regulated in 14 different countries, including the UK, the EU, the USA and Australia.

I'd say payment providers that are regulated worldwide are the safest way to send money.

But that's not to say providers that only operate in the UK aren't safe. You just need to do your research.

Understanding how your payment provider is regulated is important too, as it affects the safeguarding measures that are put in place to protect your money.

The 3 major types of payment regulation in the UK

Payment providers in the UK tend to fall into one of three categories:

• Authorised payment institutions (PIs)
• Electronic money institutions (EMIs)
• Full banking licence (banks)

Authorised payment institutions and electronic money institutions protect your money via the FCA’s safeguarding scheme, while banks protect your money through the Financial Services Compensation Scheme (FSCS).

Safeguarding

PIs and EMIs can safeguard your money in one of two ways:

1. The segregation method

2. The insurance or comparable guarantee method

The overwhelming majority of customer funds are safeguarded via option one.

Money transfer firms must separate client funds from their business funds. If client funds are still held at the end of the following business day after they were received, they must deposit the funds in a separate account with an authorised credit institution or the Bank of England.

Essentially, this means safeguarded funds are prohibited from being used by the payment provider for any purpose other than how you instruct them.

Should a PI or EMI face insolvency, there's no limit to the amount you can get back, and provided the company is safeguarding correctly, you should recover the entirety of your funds.

Customer funds are reimbursed to the original clients as a primary obligation over any other debtors.

The only exception to this rule occurs if the expenses arising from liquidation surpasses the company's available assets.

Under such circumstances, the liquidator may cover their own costs by using customer funds.

Another concern is the quality of the safeguarding practices implemented by the firm (more on this later).

Financial services compensation scheme (FSCS)

You're probably already familiar with the FSCS.

If the financial firm you use goes bust, the FSCS steps in to pay compensation up to £85,000.

It’s free to use, and you’re guaranteed to get 100% of your money back as long as it falls below the £85,000 threshold.

‍

In 2023/24, the FSCS paid out £423 million in compensation to 19,008 customers of failed firms.

You'll get your money back fairly quickly too.

The main downside is the limit.

As the FSCS explains, it’s an £85,000 limit per banking licence, so be sure to check if any of the financial firms you use share a banking licence. 

For example, First Direct is actually part of HSBC bank, and they share a banking licence, meaning your limit is £85,000 across both brands.

Now, let's take a look at the specific money transfer licences in detail.

Authorised payment institutions (PIs)

Traditional currency brokers like Key Currency and remittance companies like Western Union and Remitly operate as authorised payment institutions.

PIs must safeguard your money when it is deemed ‘relevant’, which basically means when it’s being held for one of your payments.

When you use a specialist payment provider they should be moving on your money almost straight after you initiate a transaction, so the chance of a payment provider going insolvent while they happen to be processing your transfer are quite small.

The only exception would be if they, or the receiving bank, request more information to process a transfer (and they hold onto your money in the meantime).

Still, smaller payment providers do occasionally go bust, and some unlucky customers may be impacted.

Another scenario where a PI may hold some of your funds is when you put down a deposit on a forward contract.

Deposits are standard procedure and a necessary part of booking a forward contract, but be aware this money is not deemed 'relevant' and does not fall under the safeguarding scheme.

The key thing to look out for with a PI is that the payment company you work with is fully authorised and not deemed a “small payment institution”. 

If the payment provider transacts less than three million euros per month, they may be registered as a small PI with the FCA.

In that case, it's up to them whether they adhere to the safeguarding requirements that protect your money.

As was the case with Pay Afrique, the FCA still has the right to cancel the licence of a small payment institution if they fail to adhere to regulations, although safeguarding isn't one of them.

Electronic money institutions (EMIs)

Nowadays, a growing number of currency brokers and money transfer apps are authorised by the FCA as an electronic money institution. 

Currencies Direct, OFX and Wise are three major examples of companies operating as EMIs.

An EMI licence is a prerequisite for firms to issue “e-money”, i.e. money that can be held and transacted online but not withdrawn as physical cash.

Any company offering online multi-currency accounts in the UK should have EMI authorisation.

In addition to the 'relevant' funds held for your money transfers, an EMI should also safeguard any money you hold in their currency accounts.

Like PIs, there's a relatively small chance that a payment provider will go bust at the exact time they're holding your money in transit for a payment.

However, if you plan on holding a substantial amount of money in an electronic multi-currency account, it's essential to choose a reputable provider.

According to the FCA, for firms that became insolvent between Q1 2018 and Q2 2023, there was an average shortfall of 65% between the funds owed to clients and the funds that were safeguarded.

Rational FX had a famous founder but failed in its safeguarding obligations

Once such a case involved Rational FX. 

The amount of client money they held in safeguarded accounts was far less than required.

In fact, liquidators anticipate customers will get a return of just 10-20p per £1 claimed.

As a result of this and other cases, the FCA is now proposing new legislation to increase the safeguarding reporting requirements of PIs and EMIs.

They’re also proactively approaching PIs and EMIs who they believe aren’t implementing safeguarding policies correctly.

In 2023, the FCA opened supervisory cases against 15% of firms that safeguard and even sent a closure notice to PI firm Global 4X Limited for their failure to correctly implement safeguarding practices.

By choosing a reputable provider that cares about compliance, you'll be able to avoid such issues.

Full-scope banking licence

All of the UK’s largest banks like Barclays and Lloyds, have a complete banking licence, meaning they’re regulated by both the FCA and the PRA.

It allows them t take deposits and lend cash.

Banks are required to make annual contributions to the FSCS so that, should they go bust, their customers are guaranteed up to £85,000 of their money back.

These banks are so large that they're arguably 'too big to fail,' or at least, the government would not allow them to fail.

However, new digital banks like Starling and Monzo are not quite so large, but they're part of the scheme too.

Since your money is protected under the FSCS, it's arguably safest of all when deposited with a bank.

That doesn’t necessarily mean they're a safer way to send money than specialist payment firms, but they may be a better option if you’re holding your money somewhere for a long period of time.

It's one of the main reasons I choose to keep the bulk of my cash with HSBC Expat but then use companies like Currencies Direct (for large transfers) and Wise (for small transfers) to save significant sums when it comes to actually moving money across borders.

2. Stay vigilant against fraud (and know your rights)

If you’re working with a reputable payment provider, the biggest threat to your money is fraud.

Understanding fraud prevention for money transfers is the most important step you can take to keep your money safe.

If you are unfortunate enough to succumb to fraud, you need to know the latest rules and how they affect your rights.

The are two major fraud categories:

• Unauthorised fraud
• Authorised fraud

Unauthorised fraud

Unauthorised fraud involves things like stolen cards and counterfeit cards, but in the case of online transfers, I’m specifically covering money lost through online and mobile banking.

This type of fraud occurs when a fraudster gains access to a customer’s bank account

using compromised personal details and passwords.

In 2023, unauthorised mobile and online banking fraud totalled £134.2m.

The good news is that if you’re impacted by unauthorised fraud – when you have no knowledge of the money leaving your account – you should see your money returned to you in full. 

UK Finance research has shown that over 98 per cent of unauthorised fraud losses are returned to the victim.

Some companies, like Currencies Direct, utilise technology such as mobile-to-person matching to enhance unauthorised fraud prevention.

Leading banks and payment providers deploy money transfer encryption to ensure secure online transfers too. 

Just like Western Union, your provider should be utilising money transfer encryption

If you're unsure about whether or not your payment provider uses encryption, contact them immediately. 

They should be using industry-standard AES-256 encryption for data at rest, with data in transit secured over TLS 1.2 and TLS 1.3.

It demonstrates they care about money transfer safety.

New powers are also being issued to banks and payment providers to fight fraudsters, allowing them to delay payments for up to 72 hours if they suspect any suspicious activity.

Here are some simple tips to prevent unauthorised fraud when it comes to digital banking:

• Secure your personal information by never sharing sensitive details like passwords, PINs, or account numbers unless you are certain of the recipient's identity and necessity.
• Always double-check communications claiming to be from your financial institution are legitimate, and contact them directly using official channels if you have any doubts.
• Use a secure internet connection to conduct secure online transfers. Unsecured or public Wi-Fi networks can expose your sensitive information to hackers. Consider even using a VPN to encrypt your internet connection.

Authorise fraud

Authorised fraud, known in the industry as authorised push payment (APP) fraud, involves victims unwittingly initiating payments themselves. 

Rather than sending money where you believe you're sending it, you're tricked into sending money to an account controlled by a fraudster.

In 2023, authorised push payment fraud totalled £459.7 million.

‍

Over three-quarters of APP fraud cases originate online

Seventy-six per cent of APP fraud originates online, but online fraud accounts for just 30% of the overall value.

Fraudsters tend to target a greater volume of scams for smaller amounts.

This tends to go under the radar and makes it easier for victims to part with their hard-earned cash.

Common scams include fake investments advertised on search engines and social media, romance scams committed via online dating platforms, and purchase scams promoted through auction websites.

As this fraud involves customers initiating the transfer themselves, it's traditionally been more difficult to get your money back.

In 2023, a lower 62 per cent of all APP losses were returned to victims.

Banks and payment providers have had different levels of flexibility when it comes to returning your cash.

Fintech firm Revolut came under intense scrutiny for failures in its fraud protection for money transfers.

According to Action Fraud, Revolut had more fraud reports than any other major UK bank

Revolut customers have experienced fraud as a result of their card details being stored in digital wallets, and fraudsters being able to access a customer's account on another mobile device.

Not all online APP fraud is low-value ether. One SME spoke of how he lost £165,000 from his Revolut account in one hour.

The truth is, digital banks, eager to demonstrate a profit to investors, have not been as good as the big banks when it comes to returning money lost to APP fraud.

Basically, if the law doesn't say they have to, they probably won't refund your money.

Big banks have plenty of downsides (namely, charging excessive fees), but they have been better when it comes to returning money from APP fraud scams.

October 2024 fraud legislation changes

Fortunately, thanks to new regulations by the UK payment systems regulator implemented on October 7th, APP fraud refunds are now mandatory.

Your bank or payment provider must now refund the money to you within five days.

This is a world first and a big step forward for consumer protection.

Your payment provider is then able to claim back 50% of the refund amount from the financial institution used by the fraudster to receive the funds.

The only downside is that the amount you can claim through the scheme has been reduced from £415,000 to £85,000, though this is thought to still cover 99% of all fraud cases.

In 2023, there were 411 instances where victims lost more than £85,000.

If you’ve been impacted by APP fraud prior to October 7th, or have lost over £85,000 afterward, take your case to the Financial Ombudsman Service.

Even with new customer protection in place, APP fraud prevention is crucial. Follow these simple tips:

• Be sceptical of urgency as fraudsters often create a sense of urgency by claiming your account has been compromised or there’s a limited-time offer.
• Be sure of all new payee’s you set up. Invoice fraud and other interventions can trick you into paying the wrong account.
• Pay by debit or credit card instead of a bank transfer when you can, as the chargeback or section 75 credit scheme can protect you.
• Enable 2FA and transaction notifications so it’s harder for fraudsters to access your account, and you can identify any issues as soon as they arise.

3. Double-check the recipient's account details

As silly as it might seem, a lot of money is lost each year due to incorrect account details being entered during a transfer.

Wire transfers, by their very nature, are generally irreversible. 

Once money has been credited to the incorrect beneficiary account, the recipient bank needs the account owner's approval to withdraw the funds from their account.

It's easier to make mistakes on international money transfers, too.

For UK-to-UK bank transfers, a name-checking service called Confirmation of Payee (CoP) has been introduced.

This not only aids in fraud prevention but also reduces human error, enabling you to easily verify if the individual or business name matches the one registered to the account.

Checking the registered name matches the account fights fraud and reduces personal errors

As you can imagine, no such service exists between countries.

Be sure to:

• Double or triple check all recipient account details, including account numbers, SWIFT codes, and IBANs, before initiating a transfer.
• Get the recipient to confirm their banking information, reducing the risk of errors due to outdated or incorrect details.

Summary 

With digital banking on the rise, understanding safe ways to send money online is more important than ever.

Transfer money safely by actively choosing regulated money transfer providers, with strong reputations and excellent customer reviews.

I'd recommend Currencies Direct. Their transparency around safeguarding, combined with their commitment to wire transfer security and 25+ year track record of safely handling client money, makes them an excellent choice for large transfers.

Even though recent regulatory changes have strengthened consumer protections, it's important to remain vigilant against fraud by staying informed about common scams.

Fraud prevention will save you a lot of time and worry. Plus, you're still vulnerable in certain situations and when dealing with larger amounts.

Revolut has earned a less-than-perfect reputation in fraud prevention and customer refunds, but they are now subject to these new regulatory changes. 

They're also in the process of becoming a full-scale bank, meaning certain deposits with them will also be protected under the FSCS.

Lastly, whoever you work with, double-checking recipient details might seem like a small step, but it's a crucial one. 

In the realm of international transfers, where systems like Confirmation of Payee aren't always available, your diligence is your best defence against avoidable errors.