Firing off an email to the wrong recipient can be embarrassing however sending funds to the wrong beneficiary is not only negligent but can also be costly. With £350 million worth of payments misdirected in 2018 alone and £145 million each year going unrecovered; the benefit of implementing a system to check the name on the account as a way of decreasing the volume is clear.
Last month, the PSR directed the UK’s six largest banking groups to comply with a set of confirmation of payee (CoP) rules and standards developed by Pay.UK by 31 March 2020. This is one of several co-ordinated actions by the PSR and the FCA, designed to stem the flow of misdirected payments and explained in this series of blogs. Click here to read about the standards laid out by the APP Scams Steering Group’s Voluntary Code.
What is Confirmation of Payee (CoP)?
Under CoP, when I make a payment, the bank or building society of the person I am paying will cross-check the name on that account with the name I’ve entered on the payment details. This check will bring back one of three clear and simple results:
- a name match;
- a similar name; or
- the wrong name.
If I’m told that the name is a match, I can confidently proceed with the payment.
What happens if the names don’t match?
If the name I provide doesn’t match the name on the account I’m trying to pay, I’ll be given the chance to check the details, cancel the payment or authorise the payment regardless of the warning. If the name I’ve entered is similar, I’ll be shown the name that’s registered to the account I am attempting to pay. This could be useful if I’ve made a spelling mistake or if I am not sure of the person’s name, and once I’ve seen the registered name, I’ll be able to proceed at my own risk.
Whether the names match will be decided by the bank of the person I am trying to pay. They will be all too aware of the need to prevent unnecessary friction. This might mean that payments using preferred names or nicknames will return a ‘no-match’ result; but this can be avoided if the person I’m sending money to has told their bank about the name they prefer to use. Likewise, if I’m sending money to a joint account it is anticipated that my payment will be a name match even if I only name one person on the account. PSPs have even considered software capable of identifying and understanding spelling mistakes to roll out CoP as smoothly as possible.
What payments are covered?
CoP only applies to UK-based accounts and payments made via Faster Payments and CHAPS. CoP does not currently include direct debits, Bacs or batch payments. The PSR believe that the six directed banking groups will provide a strong moral and commercial incentive to other PSPs to implement CoP as soon as possible, in order to offer their customers a more scrupulous level of protection. CoP will cover both individual and commercial clients, meaning that CoP has a broader application than the Voluntary Code which only covers consumers, micro-enterprises and charities.
It is worth noting that CoP applies only to new or changed payment mandates. In other words, pre-existing payees set up on a customer’s account to which a payment has not yet been made are not included. The PSR concluded that if CoP checks were run on pre-existing payees, there would be unmanageable levels of mismatches, leading to a consumer perception that CoP is more trouble than it’s worth. The PSR also believe the number of fraudulent pre-existing payee mandates is likely to be “relatively small”.
Opt-out
Consideration was given as to whether customers should be able to opt-out of CoP, preventing their name from being checked by the payer’s PSP. Pay.UK explained to the PSR that as each PSP has its own risk profile, process and systems, it would be difficult to have a consolidated industry view of when opt-outs should be allowed. Pay.UK has however provided guidance about the opt-out process in its CoP rules and standards, and the PSR have clarified the exemption application process within Specific Direction 10. This will entail balancing the danger of scammers using the opt-out to get around CoP, while also making sure that CoP does “not unduly burden, disadvantage or exclude customers, particularly those who are vulnerable”.
Impact
The directed PSPs will be required to respond to CoP requests as of 31 December 2019; and to both send and respond to CoP requests as of 31 March 2020. The CoP initiative should significantly reduce APP fraud and mistaken payments but, for non-directed PSPs, including payment and e-money institutions, there is the danger that fraudsters could target them, either by defrauding their customers or opening accounts with them into which fraudulent payments will be made. Such PSPs can voluntarily join the initiative by applying to Pay.UK, which will put them on a good footing given the stated intention to roll it out more widely in the not too distant future.
Further, and as noted in the previous blog, PSPs should consider how they are managing the risk of being used for fraudulent payments and how they can protect the interests of their customers, particularly those that are vulnerable.
If you would like help to understand the implications of the CoP initiative on your business or guidance on how to protect your customers from fraud, get in touch with our experts today.