"Oh sure, here's my 2021 year-end statement (no additional comment)." (Let's just assume for the sake of argument that the money was left in the account long enough to be reflected in a statement.)
I assume because someone could just get friends to loan them money, show one statement, and pay their buddies back.
The statements didn’t even seem that important to the bank anyway.
From the article:
> Citibank sued, arguing that it was entitled to get the money back since the cash was sent out by mistake. Ordinarily, the law would be on Citibank's side here. Under New York law, someone who sends out an erroneous wire transfer—for example, sending a payment to the wrong account—is entitled to get the money back.
> But the law makes an exception when a debtor accidentally wires money to a creditor. In that case, if the creditor doesn't have prior knowledge the payment was a mistake, it's free to treat it as a repayment of the loan. Judge Furman ruled that that principle applies here, even though Citibank notified its creditors of the mistake the very next day. The defendants noted that the amounts they received matched the amounts Revlon owed down to the penny, making it reasonable for them to assume it was an early repayment of the loan.
Instead of fixing these issues this incident will most likely change regulations in a way that it will be easier for banks to reclaim funds lost in similar ways in the future.
What consequences I can only speculate- but it might very well have severe negative effects.
The U.K. FCA tends to be extremely consumer friendly and somewhat bank hostile. There will be no regulation change as a result of this, more likely fines and greater oversight from the FCA. They’ll no doubt be demanding incident post-mortems already, and the general expectation is that Santander will have to cover any lost funds that can’t be recovered by asking nicely. The FCA takes an extremely dim view of banks aggressively pursuing individuals for money after the bank fucked up.
But the Fundamentally Complicit Authority (no that isn't what their initials really stand for, it's a Private Eye recurring joke because of how useless they are) as regulator is unlikely to expect Santander to actually fix anything about their process, and so this will happen again. And again.
I think the rules are generally pretty clear on this: if you receive money by mistake, it is not your money, and you must return it (obviously if you don’t know where to return it to, you should try to find out where it is from and contact the sender, or try to get your bank to revert the transaction. Indeed asking your bank to revert it is probably the best way to return it). People who do spend the money that is accidentally sent to them can be prosecuted for theft.
Furthermore, accidental or incorrect transfers happen relatively frequently and sometimes with massive amounts of money. It is usually resolved with a phone call between companies.
There are some exceptions to these rules like the whole banque worms thing we saw recently, but that doesn’t really matter.
The problems here for the bank are:
- they are on the hook for any losses if they fail to get the money back
- there are a large number of transactions so there is a lot of work to do. Santander is probably trying to contact the other banks to process them in bulk.
I don’t think any regulations will or need to change.
If you’re wondering how crypto fixes this, I have two examples. 1. XRP let’s you mark one transaction as reverting a previous one, and 2. Binance accidentally duplicated a bunch of dogecoin withdrawals and then asked people to return the funds and suspended withdrawals hoping it would further motivate people to return funds.
Only Citi has surprised me more than Santander when it comes to completely insane IT org (Citi spent 2 months on an automated export and when we went live after UAT, we realized they were not ready and had a monkey do the "automated export" manually, with completely wrong format and information, and they didnt feel the need to warn us when it happened at 11pm...)
"Can't get it back" is a fallacy.
I went to the bank, filled out a page, signed and got my money back instantly.
Common sense would dictate I was a victim of fraud. But my bank (Wells Fargo) decided to close my lone bank account of 5 years for "suspicious activity."
What makes you think these transactions can be reversed? In the U.K. most inter-bank transactions are non-reversible for a whole host of reasons. When a bank “reverses” a transaction, what that usually means is they sent an email to the receiving bank to pretty please send the money back. There’s 50/50 odds the receiving bank still has the money and is interested in helping you.
https://www.fasterpayments.org.uk/sites/default/files/Pay.UK...
If a company accidentally sends lots of people small amounts of money then the loss is balanced against the cost of getting it back by contacting all the people and likely some will be returned and some will be stolen.
If the accidental transfer is really accidental pay then undoing will be complicated/impossible so if the amount is small enough maybe just pay less the following month (if it’s allowed by minimum wage laws?) and write off people who quit before the company is made whole, though this can be complicated if the error happens towards the end of the tax year or because of taxes that are assessed e.g. monthly instead of annually.
[1] there’s a common scam that goes roughly like: 1. Someone sends you ‘too much’ money. 2. They ask you to return the money minus some goodwill payment. 3. They clawback their initial transfer but you can’t claw yours back. So that’s why trying to get the original transfer cancelled is better than trying to return or partially return funds manually.
I know nothing about how real life banking software works. (I guess I'm glad not to know...) But I'd assume the blance of both affefted accounts are updated in an ACID transaction?
For some reason the 5th transaction got credited to my account but not debited from his. We tried to return the money but both banks were adamant that no error had occurred.
The insane/awesome thing was how they clawed it back. The did require everyone pay back money, but only the money that was left after any payroll deductions. Between taxes, insurance, flexible spending accounts, retirement savings, and some other automatic deductions close to 50% of my pay check is deducted, so I walked off with what was effectively a 2.5% bonus. I was pretty happy to send back what they asked for at that point…
The truth is, though, that the massive amount of regulation is both good and bad. It is good that the consumer is protected but it is bad that it is easier for a bank to stay with 50 year old technology that is already approved than risk releasing something brand-new since mistakes are penalised so badly. I think a more open regime would be better, obviously accepting that the bank has to ultimately make sure that their customers don't lose out.
For example, "Dear customer, we are moving all mortgages to a new system which will make it much cheaper to run. Just in case some of the calculated payments are out by a few pennies, we will be giving all customers £1000 towards their mortgage to account for these". Much cheaper in the long run but we seem to prefer the costs of flogging a dead horse with the small amount of "sweetener" we could pay instead.
Almost reads like an Onion article title.
They were unable to find the deposit or transaction in their system, yikes!
Fortunately I had the little receipt they gave me at the time of the transaction and within half an hour 10k deposit was made available but interestingly the deposit did not come from the check writer but the bank itself. Always curious to me. Never got a clear explanation but I would have been SOL without that transaction receipt!
I worked for a large bank and they ran into an “issue” which required making a whole lot of clients whole out of provisional accounts while they figured out what happened. I can tell the balance of those accounts became a metric which many people were evaluated by.
One time, there were reddit threads circulating where customers were complaining about logging into their bank accounts then seeing the information of another user. I brought up during stand up, and my team lead freaked out, took me around the corner in the hall way, and screamed at me for 10 mins straight about how I am compromising the security practices of the company (OK, guy). Weirdly, there was not mainstream media attention or any discussion internally. My guess is the policy is to suppress aggressively when flaws become public, especially with security.
Given the nature of the financial services business, you would think they would have the highest paid and most competent tech workers, but fuck no. For the most part, we would hook up FOSS components to talk to our legacy back end monoliths (usually mainframe dinosaur machines that should have been extinct a long time ago) and then render the desired output to a web or mobile interface. So the good news is that your security is as good as the open source engineer's implementation (which most of the time would be Java / Spring / Oracle / Pivotal, or C#/ .net / MS) bc that is the tooling we would build on. More good news is that, due to risk aversion, things do not change often at banks bc of fear of mistakes (downside being that there is les innovation).
In all honesty, I would rather trust amazon, google, or even netflix with my finances over big banks. Except facebook, never trust facebook.
>"It ruined my holiday period because I thought I'd paid out hundreds of thousands in error — I thought I had done something wrong,"
But, if you can manage the stress, I would think that position would be very secure.
"The bank said the duplicate payments were caused by a “scheduling issue” that has now been rectified."
It could have been a software bug but it could also have been a human error.
