In the first half of 2023, UK Finance reported authorised push payment (APP) fraud losses amounting to £293.3 million, with the total number of APP cases increasing by 22%. The nature of authorised push payment (APP) fraud was harrowing – victims were willingly initiating and authorising payments into controlled accounts, often driven by criminal manipulation or misinformation.
The malicious presence of APP fraud is accompanied by a more innocent, but nevertheless threatening, issue of accidental payments – for example, by those making payments not taking steps to ensure that they have correctly spelt the name of the payee in relation to the account they are paying into. With growing awareness of these two pressing issues that are challenging secure financial transactions, this is where Confirmation of Payee comes in.
Introduced by Pay.UK in 2020, Confirmation of Payee (CoP) is an account name verification service, effectively validating account names before payment initiation. It has led to enhanced confidence in UK domestic payments by ensuring funds are directed to the intended account holder. The service’s utility is also proven for customers making payments to unfamiliar accounts, reinforcing the overall reliability of financial transactions and reducing the risk of errors.
In the Payment System Regulator’s Specific Direction 2017 (PSR SD17), the PSR established that Confirmation of Payee is now a requirement for directed payment service providers (PSPs). Currently, the service is principally utilised in push payment transactions (e.g. Faster Payments, CHAPS), and in some instances is used by customers with BACS Direct Credit payments. In Spring 2024, Pay.UK is making available its Aggregator model (an alternative to its current direct Confirmation of Payee model), helping widen the scope of organisations that can successfully participate in setting up Confirmation of Payee.
When initiating a new payment, payment service providers (PSPs) using CoP are able to verify essential details such as the name, sort code, account number and further reference data (e.g. building society roll number, account type). They cross-reference information with payee account records and outcomes fall into four possible categories:
Ultimately, the establishment of Confirmation of Payee offers a crucial solution for UK banks, building societies and other PSPs to significantly lower the risk of certain types of fraud and misdirected payments. This is especially true for APP fraud, giving PSPs a framework through which they can effectively notify payers concerning the potential harm of paying into an account when the account name does not align with the payer’s provided details.
As discussed previously, with a key priority being adoption of CoP across the UK payments industry, the PSR is mandating over 400 PSPs to have developed a suitable system for sending and responding to CoP requests in compliance with CoP rules. Specifically, a compliant system will send CoP requests any time the directed PSP’s customer adds a new payee or updates unique identifiers for an existing payee.
Directed PSPs will be categorised into either one of two groups – the first, Group 1, is comprised of PSPs listed on the Schedule, and that had the earlier deadline of 31 October 2023 to have set up and begun using the system to send and respond to CoP requests. They were prioritised by the PSR based on complexity and size, alongside the projected impact of their use of CoP on APP fraud prevention.
The rest of the directed PSPs are described as Group 2 PSPs and will be subject to a later deadline of 31 October 2024. As defined in SD17, this is any other PSP lacking a CoP system in regular operation (as of the date of direction), and that is a participant in Faster Payments/CHAPS, conducts relevant business, possesses a unique sort code listed on the Extended Industry Sort Code Database (EISCD), and/or is a building society.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
