Victim of fraud? How to identify the perpetrator

Every day companies and individuals lose money to fraudsters, who hack into email accounts and alter emails sent from companies to their customers, or send sophisticated phishing emails from fake domain names designed to dupe customers into believing they are from a trusted supplier. Often, the emails will say that bank details have been changed, and that customers should make payment of a genuine invoice into a new account, which in reality is an account controlled by the fraudster.

Once the customer has transferred the funds, the money is usually quickly transferred on or withdrawn by the fraudster, leaving the customer little opportunity to reverse the transaction and retrieve their money.

When asked to identify the individuals behind the accounts used in these scams, banks will typically refuse to help, citing confidentiality and data protection obligations. But it is possible to force a bank to disclose identity details and transaction records via court order.

A ‘Norwich Pharmacal’ order (“NPO”) is a type of court order which compels an innocent third party (often a bank) who is mixed up in wrongdoing to disclose information that will assist the victim in identifying the wrongdoer, or obtaining information which is necessary to bring a claim against the wrongdoer. To obtain an NPO, it is necessary to issue a claim against the bank or other third party holding the information, accompanied by a detailed witness statement setting out the fraud which has occurred, the information required and why it is needed. A hearing before a judge will then take place, which can be arranged at very short notice where time is of the essence.

The court has a discretion as to whether to make an NPO, and will need to be satisfied that there is clear evidence of wrongdoing, that the information requested is required by the victim and cannot be obtained any other way, and that the bank or other third party is involved in the wrongdoing and is not merely a witness to it.

It is also necessary for the victim to agree to pay the bank’s costs of responding to the claim and complying with the order, and to agree to compensate the bank in the event that it suffers any loss if it later transpires that the order should not have been made.

Often, banks will take a neutral position in relation to applications for NPOs where there has been fraud i.e. they will not consent to the order sought, but will not oppose it either. An application to freeze any remaining funds in the relevant accounts can be made alongside the application for a NPO, although it may be too late to retrieve any funds if too much time has passed from the date of the fraud.

Obtaining an NPO requires some intensive work on the part of the victim and its lawyers and is not a cheap exercise; however an order can usually be obtained in a matter of days and in a large scale fraud, can be key to stopping the fraudster in their tracks and retrieving stolen funds.