'Confirmation of payee' anti-fraud checks expected in 2019

The rules and standards for the 'confirmation of payee' service were published by Pay.UK last week. Pay.UK is the body tasked with designing and implementing new payments architecture in the UK and is responsible for the operation of the Bacs, Faster Payments and Cheque and Credit Clearing payment systems.

"Currently, the account name is not checked when sending an electronic payment – and fraudsters have become increasingly sophisticated in using this to trick people into sending money to the wrong account," Pay.UK said. "Confirmation of payee can help prevent many fraudulent payments from being made in the first place, by introducing another hurdle for fraudsters and giving effective warnings to customers about the risks of sending to an account where the name did not match."

According to Pay.UK, the confirmation of payee service will kick in when businesses or consumers are setting up a new payment, or amending an existing one. Payment service providers will check the name on the account of the person or organisation to be paid and either confirm the details are correct, ask the payee to check the details are correct if the name provided is similar, or advise the customer that the details are wrong.

"No matter what the outcome of the name check, the decision on whether to proceed with a payment will always rest with the sending customer – with the risks made clear if they choose to go ahead after receiving a non-match," Pay.UK said.

Civil fraud and asset recovery expert Jennifer Craven of Pinsent Masons, the law firm behind Out-Law.com, said the introduction of the confirmation of payee safeguard when transferring money is "a significant step" and would be welcomed by payment providers and banks. She said it should help reduce the risk of fraudsters being able to" exploit the weaknesses of the authentication process on making a payment" and will "serve to help prevent authorised push payment (APP) fraud".

APP frauds take place where a victim is conned into authorising a transfer of money from their bank account into an account which they believe is controlled by a legitimate payee, but is actually controlled by a fraudster.

According to trade body UK Finance, there were almost 44,000 reported cases of APP frauds in 2017 spawning losses totalling £236 million to businesses and consumers.

"The anticipation is that the introduction of this increased level of authentication will deliver a greater protection against financial loss for victims of APP fraud," Craven said. "This sits alongside a raft of other initiatives to protect victims of these frauds, including the introduction of a contingent reimbursement model which will compensate some victims. However, customers will have to remain vigilant."

"The draft code which was recently published setting out the terms of the reimbursement model proposed that if a customer falls victim to fraud when prompted that the payee names are not exact, their bank may in certain circumstances refuse to reimburse them as a result," Craven said. "It is therefore important that customers remain alert to the possibility of falling victim to APP frauds and take extra care to ensure that their payments are not diverted to fraudsters’ accounts."