Fraud and Financial Crime Management
Gain unparalleled protection from internal fraud and external financial crime. Meet compliance and regulations without complexity.
Whether it’s a small tick, or a logo, the fact your bank confirms the sort code and account number match is as important for your payment as it is for them. Authorised push payment (APP) fraud is a scam where the victim is tricked into making large bank transfers to an account posing as a legitimate payee, and the cost of this fraud is usually covered by the banks.
Rich Williams: If you’ve recently issued an instruction to pay a new payee directly from your bank account in the last few months, you may have seen the new Confirmation of Payee feature that confirms whether the sort code and account number match the account holder name, an interesting feature to be sure but what is the reasoning behind it, and is it something that will follow in all payment transfers in the future?
Hello, I'm Rich Williams, host of The Payments Podcast and today I'm joined by Olivia Armstrong, Market Development Executive for Fraud and Risk at Bottomline, to discuss what Confirmation of Payee is, how it impacts the banks and where the future lies in relation to this new initiative.
Hi, Olivia, very warm welcome onto the show for the first time.
Olivia Armstrong: Hi, Rich, and thank you so much for having me.
Rich Williams: No problem. Olivia, let’s start then with what Confirmation of Payee means for the payers? Our listeners may have seen a logo or a tick pop up when adding a new payment recipient recently in their online banking portals, but what is CoP actually doing in the background that we don’t see?
Olivia Armstrong: Sure, so until recently the payment process didn’t require the input of a payee name. It only used the sort code and the account number, so I'm not sure if you or any of the listeners would have known that, but beforehand, you could put in anyone’s name, any random text strings, any numbers, any initials and it didn't actually check that matched the sort code and the account number on the account that you are paying.
Unfortunately, this resulted in a lot of accidental payments going to the wrong beneficiaries and a huge amount of authorised push payment fraud, where the payer is led into paying the incorrect account, which in most cases was a criminal account.
Confirmation of Payee provides a name checking service, so it basically validates that the account number and the sort code match the payee name. This obviously provides a lot more insurance that the payments are going to the intended recipient, and reduces the possibility of fraud.
For instance, if I was to put in ‘Rich Williams’ and your account number it would come up and say, “Match, that is correct.” Whereas if I was to put in ‘Marcus Hughes’ and your account number and sort code, it would come back and say that, “No match,” and that you need to check that you are actually paying the correct person.
One thing to note though is that right now, it is only an initiative for Faster Payments and CHAPS on new or modified beneficiaries. Bacs and Direct Debits will be included within the next phases and they are optional right now, but last year I think 95% of all APP fraud went through Faster Payments, so the Confirmation of Payee scheme is starting off in that large area, making sure that they are covering off all of the fraud throughout Faster Payments and CHAPS, and that will expand into other payment areas later on.
There are multiple responses that Confirmation of Payee can provide, but the three ones are ‘Match,’ ‘Close Match,’ or ‘No Match.’ As you mentioned, in the consumer world we are already starting to see Confirmation of Payee on the online banking apps. We see a tick pop up most of the time if that is a match.
The payment just goes through without any issues, but you can also see the ‘Close Match,’ or the ‘No Match,’ or alternatively, you can see when a bank doesn’t have Confirmation of Payee it will come back and say that the payment can't be verified at the moment, as they aren’t able to check whether the account is part of the Confirmation of Payee scheme.
Not all banks right now are using it. The top six high-street banks like HSBC, Lloyds, they’ve all been regulated to do it but not all banks are. There are some other banks that have followed quickly to remain ahead of the game, but the industry are expecting it to be everywhere within the next two years.
Pay.UK, who are the leaders of the initiates, have themselves said that ubiquity will come and we are already starting to see a huge ramp up in the industry of banks who are signing up to the Confirmation of Payee scheme, to ensure that they can provide that level of verification for their customers.
Rich Williams: Olivia, thanks for the overview and, you know, I have no problem if you want to test the Confirmation of Payee feature by popping a few thousand pounds into my bank account.
Now, Olivia, let’s move on to what the need for this new initiative is. Were things just not secure enough before the introduction of CoP?
Olivia Armstrong: Well, firstly, I think it is worth noting that Confirmation of Payee protects users not just from fraud but also from sending payments in error. It is not unusual to hear of people sending money to the wrong beneficiary by their own errors, and subsequently having large difficulty in retrieving it back.
Recently, we've seen quite a few examples in the media. There was one man who unfortunately sent an inheritance amount that he received to the wrong bank account, and actually had a lot of difficulty retrieving it back because there are not clear rules on where the liability lies with that.
However, as I mentioned before, the main driver for Confirmation of Payee is to reduce fraud and protect consumers. The Confirmation of Payee actually came about following the first ever super complaint for the Payment System Regulator, also known as the PSR.
The consumer group, Which?, which I'm sure you’ve all heard of, they provide trusted feedback and ratings on different services and products, they actually raised the super complaint to the regulators, and to try and improve the protection of consumers who fall victim to APP fraud. We are seeing such high amounts of APP fraud that they found that the banks needed to take responsibility, and there needed to be something done about it.
Following an investigation, the PSR announced the Confirmation of Payee was to come about, and be put forward as part of many initiatives that would help protect consumers and reduce APP fraud amounts.
APP fraud or Authorised Push Payment fraud is still the fastest rising fraud globally. More than £450m were lost in 2019 just in the UK alone. Those statistics already show a huge increase, especially as criminals are starting to exploit the current pandemic.
In 2020, in the first 6 months alone, mainly due to the pandemic, we saw 84% increase in impersonation fraud, specifically those who were impersonating banks, government bodies and police, and that is a huge increase in comparison to last year, that was more than 1,500 impersonation scams and that is up, as I said, 84% from 2019.
These statistics are just the tip of the iceberg really, and only give more evidence as to why Confirmation of Payee is such an important scheme, especially during the current pandemic.
Rich Williams: Yes and unfortunately, increasing fraud cases is a topic we've discussed a few times on The Payments Podcast already. Clearly, COVID has actually led to a further spike in this activity as malicious individuals try and exploit people in vulnerable positions.
Now, financial risk, i.e., losing money, losing cash is obviously a clear issue caused by fraud, but why else is it important to reduce the perils of fraud, Olivia?
Olivia Armstrong: Well, it is very important to reduce overall risk. Financial risk, as you said, is obviously a clear issue specifically caused by fraud but there is also reputational risk that comes alongside this.
Reputation and reputational risk are also big factors in Confirmation of Payee. Financial risk is obviously one of the clear bigger issues, but we have to think about reputation and reputational risk when we are looking at Confirmation of Payee.
As more organisations are signing up to the scheme, those who aren’t on top of the game may be considered laggards. You don’t want to be considered less safe than your competitors or your peers, and you also don’t want to be considered to be providing less of a customer service than your peers.
Ultimately, by not providing Confirmation of Payee for your users you could open up multiple issues, both for your reputation and your customers. You could also potentially lose customers.
We are seeing examples already in the media of disgruntled customers contacting their banks saying, “Why can’t I receive my payments? Why are my payments not being verified?” That is the case when the bank is not part of the Confirmation of Payee scheme. It is already starting to have an effect.
We are seeing those disgruntled customers throughout the industry, who are not receiving specific payments that they obviously need. We are starting to see that reputation diminish as those customers start to get angry that they are not receiving their money.
Rich Williams: That is an important point, Olivia. Now, does that reputational risk apply to the banks as well?
Olivia Armstrong: Well, yes, so the top six banks, as I've already mentioned, have already been regulated to implement Confirmation of Payee. The likes of Lloyds, HSBC, NatWest, they all were regulated and implemented back in July of this year.
A lot of other banks jumped straight on behind them to ensure that they were aligned and providing that high level of customer service and satisfaction, to ensure that their customers and their consumers would be able to have that extra level of verification and on top of that, remain on top of the game and to avoid that reputational risk.
From the top six banks alone, more than 90% of Faster Payments traffic in the UK is now checked by a Confirmation of Payee. I think they released back in the end of July or early September, that more than a million checks are now done a day, that doesn’t necessarily sound like a substantial amount, but seeing as Confirmation of Payee only checked new or modified payments, that is a very large and substantial amount.
Thinking about the rest of the banks that cover the remaining 10%, if you were a customer and weren’t able to verify your payment you would be disgruntled by it. You would feel like your payments weren’t necessarily safe and protected in comparison to those that are being checked.
To add to that, if you are on the receiving end and your payer was unable to verify that you were who you say you were and they, for some reason, didn’t send you that money, you would obviously be very angry at that as well.
There are a lot of banks who are starting to sign up to Confirmation of Payee to continue to provide that excellent customer service, and to avoid their customers not receiving money and not being able to provide that verification.
As I mentioned before, we've already started to see and hear of complaints and customers having concerns that their banks aren’t the providing the Confirmation of Payee service.
We are already starting to see news articles from some of the big news companies, where customers have gone to them and said, “I'm not happy. I haven’t received my money and it is because I can't become verified,” or, “My payment isn’t being checked.” We are seeing these drawbacks already from banks that aren’t necessarily providing the Confirmation of Payee service that they should be.
By not implementing CoP there is that possibility of being seen as less safe than those who have implemented, and obviously less safe than their peers, which in itself could pose more of a threat than the fraud itself, as if they lose customers and they have a bad customer experience, they could potentially lose their customer base.
Rich Williams: We all know how sophisticated fraudsters can be with countless examples in the media, some of which we've already mentioned on the podcast. I expect that the fraudsters would therefore try and migrate to the banks that don’t have Confirmation of Payee checks in place, in order to evolve their own strategy and continue getting away with it. What are your comments on that, Olivia?
Olivia Armstrong: Yes, you’ve definitely hit the nail on the head there, Rich. You are exactly right. The industry definitely feels that this will begin to happen and we are actually already starting to see and hear of small little things that are starting to happen.
As with any fraud, the criminal masterminds are continuously evolving to ensure that they remain undetected for the longest periods of time. With Confirmation of Payee now in place, for many, the fraudsters would, as expected, evolve and move to those that don’t have that level of verification in place, because obviously they want to remain unprotected.
As I mentioned, the bigger banks have already been regulated to implement this and are already covering off 90% of those Faster Payments transactions. Unfortunately, it would be the smaller banks that may end up falling victim, which obviously could be very detrimental to them.
As the fraudsters continue to evolve and move, as expected, we would expect them to move to a place where they will continue to remain undetected, where the level of verification isn’t in place.
To build on this as well, we are starting to understand that for those who are providing Confirmation of Payee checks there could be trouble in any arbitration, which related back to what I was saying earlier about Confirmation of Payee being introduced to provide more protection to consumers and those who fall victim to fraud.
Obviously, the whole idea was that banks needed to take more responsibility, hence why Confirmation of Payee came about. If you are not providing Confirmation of Payee and someone within your system does fall victim to fraud the liability could start to shift onto those banks. They could be held liable or have to provide the money back to the victims of the fraud, or be held accountable.
Rich Williams: Now, you mentioned earlier that the Big Six banks have already implemented Confirmation of Payee due to regulatory requirements. Do you think this regulation will expand to the challenger banks and also the smaller banks?
Olivia Armstrong: Well, yes, so many of the challenger banks and the smaller banks have already joined and implemented Confirmation of Payee. I know that Monzo and Starling have already signed up and are live with Confirmation of Payee.
There are also some smaller banks who have already signed up and are even live, or are near to having to it implemented. The Big Six had to do it but many of the other banks have already joined as they want to stay ahead of the game.
Confirmation of Payee is a phased scheme. As I mentioned before, right now it covers Faster Payments and CHAPS payments, and it is looking to expand into what are called ‘HOCAs’ and credit cards, which will allow for more building societies and then other institutions to join.
Then, into the future we’ll see Bacs, Direct Debits, bulk payments and eventually corporate access, so any institution that isn’t a bank will be able to join Confirmation of Payee to enable that extra level of verification. With this phased scheme we will eventually see it roll out into a much larger audience.
But going back to my point I said earlier, Pay.UK have said that ubiquity will come. During phase one a large, large amount of banks, lenders and building societies can join the scheme.
We are already starting to see this ramp up as more people think, “You know what? We need to sign up to Confirmation of Payee. We don’t want to be held liable. We don’t want to have that reputational risk. We don’t want to lose any customers.” We are starting to see a lot more banks and institutions that can join the scheme become really engaged and want to know more, and start signing up.
As phase two comes around over the next year or so, we’ll definitely start to see more banks as well who are eligible, and more building societies start to join the scheme and implement it so that they can provide that level of verification for their customers.
Rich Williams: It is interesting to learn how a secondary rollout could impact the challenger banks and the future for Confirmation of Payee itself. On that note and as we bring this episode to a close, in fact, where do you see the future going, Olivia? You don’t have to limit this just to CoP.
Olivia Armstrong: Well, I think ultimately, as I just said about the phases, this will be a very large initiative. Many banks, financial institutions and ultimately corporates, whatever organisation it may be, will end up being involved within the Confirmation of Payee scheme, ultimately to reduce the fraud and to protect consumers by providing that extra level of verification.
A statistic that always sticks in my mind, and was released a couple of months ago, was from Lloyds who were one of the front runners when Confirmation of Payee first came out. They released their initial figures and there was a 31% reduction in APP fraud since they implemented Confirmation of Payee.
When you think on the scale of obviously how many payments are being sent and the values of those payments, that is a huge, huge number, 31% reduction in people losing money, people being victims, especially when less that 25%, I believe, is actually refunded back to the victims.
At Bottomline, we want to ensure that our customers are able to provide the best experience for their customers. We want to be able to provide that extra level of verification to all of our customers.
We are now providing a Confirmation of Payee service. It is flexible, that can be for any bank, any lender or building society who is eligible to join Confirmation of Payee. We have a build-out proven history on this stuff.
We are experts in fraud and financial crime. We protect our customers’ payments from end to end consistently throughout their payments process, and we've been experts in payments for more than 30 years. We have a heritage in this stuff.
To build on that as well, we also have a proven expertise in sanctions checking and modulus checking, which we've been doing for a very long time. This kind of stuff is within our blood at Bottomline. We thrive and we are experts at making sure that our customers’ payments remain secure.
Obviously with Confirmation of Payee, that is something that we feel is necessary to provide to our customers to make sure that they are getting that extra level of verification. The solution that we are offering is also going to be really easy for customers. It is going to be painless, especially as we move from phase to phase.
Right now, as more banks join the scheme it is all okay but when they move on to phase two and in future, phase three and phase four as more types of payments come around, and the directory and implementation becomes much larger, we will take that pain away from the customer. We will help them migrate and make sure that it happens easily.
We have great relationships with open banking, with Pay.UK who are the leaders in this initiative. Our service will help and make sure that any bank or any lender, building societies, as I mentioned, who want to ensure that they are providing that extra level of verification, can come to us and we will obviously help them do that, and make sure that they are providing the best customer service for their consumers.
Ultimately, what we want to do, and I think what the whole industry wants to do, is to provide easier barriers of entry and break down those barriers of entry for these institutions to access open banking, and access Confirmation of Payee.
We are moving to a much more open payments landscape and Confirmation of Payee is just a part of that to ensure that consumers are protected, and aren’t falling victim to fraud.
In the future, I think we hope to look to help our corporates in Confirmation of Payee as well as our banks and our lenders. When that does expand out we’ll be able to help them, make sure that they can have that level of verification.
I think ultimately, the main goal for everyone within the payments industry is to reduce that huge amount of fraud, and to make sure that everyone’s payments are safe and secure.
Rich Williams: Olivia, thanks once again for joining us today. I remember talking about Confirmation of Payee about a year ago on The Payments Podcast, so it is really interesting to understand the real use case today and where you see it being implemented in the future.
Unfortunately, that is all we have time for today, but as usual, you can listen to more episodes on all things payments at the touch of a button using your preferred provider, and we’ll see you all next time.
Confirmation of Payee (CoP) is an industry-wide response in the UK to reduce financial losses from the fast-growing incidents of Authorised Push Payment (APP) fraud.
Our solution experts are here to help.+44 118 925 8250
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.