Share this post
In the first half of 2023, UK Finance reported authorised push payment (APP) fraud losses amounting to £293.3 million, with the total number of APP cases increasing by 22%. The nature of authorised push payment (APP) fraud was harrowing – victims were willingly initiating and authorising payments into controlled accounts, often driven by criminal manipulation or misinformation.
The malicious presence of APP fraud is accompanied by a more innocent, but nevertheless threatening, issue of accidental payments – for example, by those making payments not taking steps to ensure that they have correctly spelt the name of the payee in relation to the account they are paying into. With growing awareness of these two pressing issues that are challenging secure financial transactions, this is where Confirmation of Payee comes in.
What is Confirmation of Payee?
Introduced by Pay.UK in 2020, Confirmation of Payee (CoP) is an account name verification service, effectively validating account names before payment initiation. It has led to enhanced confidence in UK domestic payments by ensuring funds are directed to the intended account holder. The service’s utility is also proven for customers making payments to unfamiliar accounts, reinforcing the overall reliability of financial transactions and reducing the risk of errors.
In the Payment System Regulator’s Specific Direction 2017 (PSR SD17), the PSR established that Confirmation of Payee is now a requirement for directed payment service providers (PSPs). Currently, the service is principally utilised in push payment transactions (e.g. Faster Payments, CHAPS), and in some instances is used by customers with BACS Direct Credit payments. In Spring 2024, Pay.UK is making available its Aggregator model (an alternative to its current direct Confirmation of Payee model), helping widen the scope of organisations that can successfully participate in setting up Confirmation of Payee.
How does Confirmation of Payee work?
When initiating a new payment, payment service providers (PSPs) using CoP are able to verify essential details such as the name, sort code, account number and further reference data (e.g. building society roll number, account type). They cross-reference information with payee account records and outcomes fall into four possible categories:
- A positive confirmation for correct account names,
- A “Close Match” for similar names that require additional verification or clarification,
- A negative response for mismatches prompting customers to check payee details,
- An “Unavailable” outcome due to factors like timeout, customer opt-out, or non-existent accounts.
Ultimately, the establishment of Confirmation of Payee offers a crucial solution for UK banks, building societies and other PSPs to significantly lower the risk of certain types of fraud and misdirected payments. This is especially true for APP fraud, giving PSPs a framework through which they can effectively notify payers concerning the potential harm of paying into an account when the account name does not align with the payer’s provided details.
How will it be implemented in the UK payments industry?
As discussed previously, with a key priority being adoption of CoP across the UK payments industry, the PSR is mandating over 400 PSPs to have developed a suitable system for sending and responding to CoP requests in compliance with CoP rules. Specifically, a compliant system will send CoP requests any time the directed PSP’s customer adds a new payee or updates unique identifiers for an existing payee.
Directed PSPs will be categorised into either one of two groups – the first, Group 1, is comprised of PSPs listed on the Schedule, and that had the earlier deadline of 31 October 2023 to have set up and begun using the system to send and respond to CoP requests. They were prioritised by the PSR based on complexity and size, alongside the projected impact of their use of CoP on APP fraud prevention.
The rest of the directed PSPs are described as Group 2 PSPs and will be subject to a later deadline of 31 October 2024. As defined in SD17, this is any other PSP lacking a CoP system in regular operation (as of the date of direction), and that is a participant in Faster Payments/CHAPS, conducts relevant business, possesses a unique sort code listed on the Extended Industry Sort Code Database (EISCD), and/or is a building society.
Ahead of October 2024: Actions For Directed PSPs To Take
- Consider whether the direct model offered by Pay.UK is suitable for your business, or contact Pay.UK about more information on the progress of its alternative Aggregator model.
- Once their CoP system is established, PSPs must notify the Payment Systems Regulator (PSR) within 28 days.
- If unable to meet its obligations in time for the deadline of 31 October 2024, the PSP must inform the PSR of the reasons and steps taken within 28 days.
- It is also key to highlight that arrangements with third parties do not exempt PSPs from the compliance duties associated with CoP systems.