You would be forgiven for missing it in the midst of the ongoing news coverage surrounding Covid-19, but Confirmation of Payee (CoP) has now been widely implemented across UK banks, writes Gregor Dobbie, CEO of Vocalink, a Mastercard company
The six biggest UK banking groups were mandated to implement CoP by the Payment Systems Regulator. And now it is encouraging to see a number of additional banks have also voluntarily signed up and, indeed, that several of the banks – both mandated and voluntary – were live before the 30 June deadline.
Designed to help reduce accidental misdirected payments and to help prevent customers being tricked into sending money to the wrong account through Authorised Push Payments (APP) scams, CoP has the potential to put a serious dent in fraudsters’ plans by checking the name of the bank account holder against the sort code and account number before someone makes a transfer.
APP fraud cost £455m in 2019 alone
Which? has estimated that of the £1.1bn ($1.4bn) lost to bank transfer fraud over the past three years, £320m could have been prevented if CoP had been introduced at the start of 2017.
The scale of APP fraud is eye-watering, with £455.8m lost in 2019 alone. This was split between personal losses (£317.1m) and non-personal or losses to business (£138.7m). In total there were 122,473 cases relating to a total of 121,658 victims.
Clearly CoP is definitely an important move in the right direction, providing an essential layer of protection, but it is just one piece of the puzzle when it comes to effectively fighting fraud.
It certainly will not be a silver bullet, particularly because it is currently not yet offered by all banks and because it only applies to Faster Payments and CHAPS, which means Bacs payments – including direct debits – are currently not included.
There is also the challenge that the CoP rules are very stringent when seeking a name match, but there are huge variations in spelling and format when people make payments to an account. Indeed, our research found only 20% of accounts have a single dominant name, and 60% of UK accounts have three or more name variations associated with them.
Staggeringly, we found the number of name variations can rise to over 1,300 for a single account, while 80% of transactions are sent to accounts with three or more name variations. For example, you might have a business accounts associated with RH Plumbing, RH Plumbing Limited, Bob’s Plumbing and Robert the Plumber; or you may have a personal account with which G Dobbie, Gregor Dobbie and GH Dobbie are all associated.
Our Verify Account Name solution complements CoP to overcome these challenges by successfully checking the name of the account holder while also taking into account name and spelling variance.
By using historical payments data and sophisticated algorithms to match the name of the account holder to the sort code and account number with a high degree of accuracy, the solution is already available for banks to implement with minimal IT impact. The algorithms ensure genuine transactions are successfully allowed even when name variations are high, helping banks match the vast majority.
There is also a risk that fraudsters will still find a way to work around CoP. Adept at finding loopholes, fraudsters may try to bypass namechecks and claim that a business name is different because of ‘trading names’. It is therefore clear that the financial and banking sector must continue to work hard. Solutions that carry out additional checks, for example using machine learning to spot any unusual payment requests, is just one way the industry can do this.
Corporate Fraud Insights solution
In October 2017, NatWest introduced Vocalink’s Corporate Fraud Insights solution – now part of Mastercard’s suite of financial crime solutions, called Prevent Business Payment Fraud – which helps spot unusual business payment requests.
As of September 2019, it had prevented losses of over £14.5m with an in-flight detection rate of 90%. Notable examples of fraudulent activity included a CEO and business email compromise fraud amounting to almost £40,000, and an invoice redirection fraud of over £200,000.
It is also important the work does not end when money has been moved. In the UK, we are actively monitoring where those illicit funds go in order to give banks the vital information they need to shut down money laundering accounts and prevent them from being used again.
The Mule Insights Tactical Solution has been live since 2018, resulting in hundreds of thousands of accounts having been investigated, and thousands having been shut down. Multiple large and well-concealed money-laundering rings have already been uncovered.
Successes have been achieved, but we must continue this collaboration if we are to win this battle. The early adopters and innovators among the banks who were eager to introduce CoP have led the way, but this is just one step towards what must be a united fight against fraudsters using cutting-edge technologies.
Only by arming the sector with sophisticated prevention tools proven to identify and destroy criminal activity can we really assure bank customers – both individuals and businesses – that we are doing as much as we can to win the war against financial crime