How the U.K.’s rollout of Confirmation of Payee combats fraud despite delays
The U.K.’s six major banking groups are now required to have implemented the new Confirmation of Payee (CoP) scheme for Faster Payments and Chaps as part of a regulatory push to tackle the rampant rise in Authorized Push Payment (APP) fraud.
U.K. Finance recently revealed that APP fraud losses totalled a staggering £455.8 million in 2019, more than half of the total £824.8m losses to unauthorised card, remote banking, and cheque fraud. Consumer groups such as Which? have long campaigned for the CoP system to be adopted across the banking industry, following growing concerns that the lack of a clear validation tool when making payments was facilitating fraud.
CoP will enable consumers to see whether the name of the person they think they’re paying matches the actual name on the account, making it hard for fraudsters to pose as someone else and trick unwitting individuals into sending them money. This technology has been made more straightforward by Open Banking, which provides the mechanism for which CoP requests are passed between payer and payee banks.
“Faster Payments is a potent force in U.K. banking, which has brought real benefits to consumers,” said Magnus Falk, a senior adviser at the Financial Conduct Authority. “But powerful tools should come with enhanced safety features. With the U.K.’s implementation of Faster Payments, the enhancements seem to have been left out. A six-number sort code and an eight to 10-figure account number are all you need to move thousands of pounds. Is this really safe enough? The experience of thousands of consumers suggests not.”
However, in order for CoP to work, it requires both the sender and recipient banks to have implemented it; and while the system was initially announced in October 2018, it has been subject to repeated delays within the banking industry.
Payments Systems Regulator (PSR) representatives informed PaymentsSource that following a series of consultations, they had grown concerned at the delays in delivering CoP, and decided to take action in August 2019. Initially, Barclays, HSBC, Lloyds, Nationwide, RBS and Santander and their subsidiary banks were required to comply by March 31, 2020, before this deadline was extended to 30 June due to disruption from the coronavirus pandemic.
Lloyds was the first major banking group to comply, rolling out CoP during February and March 2020, and has since reported that it has reduced rates of APP fraud by 31% to date. In addition, challenger banks such as Monzo have since decided to introduce CoP voluntarily.
Mary Young, a partner in dispute resolution at law firm Kingsley Napley, which are experts in civil fraud, predicts that the wider rollout of CoP should see APP fraud fall further over the coming months.
“The key with these types of fraud is that although they require some IT skills — often the hacking of an email account — they have not previously been particularly hard to commit,” she said. “It could just be a matter of changing a few digits on an invoice and money would get sent to a completely different account, regardless of what name or reference the paying party's including in their transfer request. CoP should make these types of scams harder, as there will either need to be an explanation given about why the name on the account does not match the expected name or the fraudster will need to rely on victims not asking questions.”
However, there is still work to be done. For example, CoP is currently not available on either Bacs payments or international transactions, meaning APP remains a risk on those payments.
The PSR is eventually aiming for every single payment to be protected by CoP, but until such universal adoption is achieved, there remains a risk of fraudsters continually shifting their accounts to banks yet to comply with the scheme. However, Young predicts that commercial pressure is likely to eventually drive adoption across all payments service providers.
“Our view is that if customers realise that this technology is available and is not being used by a bank, they will start to come under commercial pressure to adopt CoP,” she said. “It’s a tool which is designed to increase the security of modern banking, and we think that customers will start to demand that from all banks, including the challengers who are otherwise embracing and advancing the available technology.”