As financial technology improves rapidly, it brings with it increasingly sophisticated forms of fraud. Malicious actors regularly target financial firms, and over the past decade the UK has witnessed the rise of a certain w form of fraud n. Its name is Authorized push payment (APP) fraud, and it's a concern for both banks and customers alike.
Briefly, APP fraud is perpetrated by replacing a recipient's legitimate bank account number with a fraudulent one without making any changes to the recipient's name. A consumer is more likelyto focus on the recipient's name than their account number. As a result, they transfer money to the wrong account, at which point the malicious actor withdraws funds. Thus, both the banks and consumers are left powerless.
In 2019, losses to APP fraud were estimated at £456 million, a yearly increase of 22%. In the first half of 2020, APP scams in the UK £207.8 million. With more consumers using digital channels thanks to COVID-19 lockdowns, this number is set to increase.
UK payment regulators Pay.uk have mandated new protocols, called Confirmation of Payee or CoP, to aid in the fight against APP fraud. This powerful protocol has brought benefits such as reputation protection, enhanced competitiveness, reduced fraud mitigation costs, and better audit compliance to the financial system.
Here’s how CoP has done all of this.
A CoP framework reduces instances of APP fraud by requiring the payer's bank to confirm that the name of the recipient account matches the name entered by the payer. It sounds simple, butthese protocols help financial institutions protect their brand image and reputation.
A brand's reputation is all-important in business, especially in the financial sector. Consumers these days have more options than ever before. If left unchecked, APP fraud has the potential to destroy consumer trust in an institution since it can seem as if the bank is taking sides and protecting malicious actors.
With consumer trust in banks already low, banks cannot afford to ignore any threat to their reputation.
With CoP already implemented at bigger banks, malicious actors have begun turning their attention towards institutions that haven't adopted it as yet. Choosing to delay CoP adoption will lead to reputational harm since the implication is that payment fraud is more likely to occur at aninstitution that doesn't verify payee account names.
It isn’t just a bank;s reputation that is at stake. APP fraud can cause a business’ customers to lose faith if the business’ accounts are routinely subject to fraud. Customers might balk at transferring funds online to these businesses if the payee bank is not a part of the CoP protocol.
In short, CoP protects both consumers as well as a bank's reputation.
In most cases of APP fraud, it is the consumer that bears the brunt of the damage. Thanks to fraud perpetrators quickly transferring funds away from recipient accounts, banks are powerlessto reverse transactions and reimburse consumers.
While banks are not always legally liable for payment fraud like the case highlighted, they do have a responsibility to protect their customers. The last thing a bank wants is to acquire a reputation of being unsafe or susceptible to fraud.
CoP protocols ensure greater consumer trust in the banking system. If the payee's name (as entered by the payer) doesn't match the name on the recipient account (as provided by the recipient's bank), an alert message warns the customer of the possibility of fraud.
The customer can immediately double-check whether the recipient's account number is correct or if there's a spelling mismatch. The result is that APP fraud is prevented. As consumer trust grows, banks that choose to delay CoP adoption will suffer.
Thanks to system alerts when transferring money, institutions that don't support CoP protocols can be easily identified. Business customers that routinely receive bank transfers at such institutions will rethink their banking relationships if CoP protection isn’t in place.
CoP isn't just a technical protocol. It's a differentiator that banks can use to illustrate their desirability and steal a step on their competitors.
Decreased Fraud Mitigation Costs
Fraud costs money. A 2019 study by UK Finance indicated that fraudulent transactions between£1,000 and £25,000 £24,574 to investigate and resolve. Note that this isirrespective of whether banks could reverse fraudulent transactions and reimburse their customers.
Banks spend a ton of money mitigating the risk of fraud, and CoP fits well into a larger risk management framework. For starters, the number of fraud complaints decreases due to consumers receiving a warning before initiating transactions.
Secondly, CoP also prevents users from “fat-finger”, the miskeying of payments that increase the operational burden on banks. CoP protocols include an outbound confirmation (request) andan inbound confirmation (response) service. The former is used when a customer initiates a bank transfer to a recipient.
Alerts and name confirmations are a part of outbound CoP. In addition to this, outbound CoP also verifies the name and credentials of the payee's bank from the open banking CoP directory, which lists all CoP participant information.
If the recipient bank isn't a member of the CoP directory, the customer receives an alert notifying them of this case. If the recipient's name as provided by the payer doesn't match the name provided by the recipient bank, outbound CoP gives the customer the option to transfer funds anyway, and release their bank from any liability.
Inbound CoP is used when the bank's customer is a recipient in a transaction. In this case, it confirms the recipient's name and verifies that the payer's bank is legitimate using the CoP directory.
Once these checks are completed, a message confirming the legitimacy of the transaction is sent to the payer's bank, and funds are transferred. The net result of a CoP framework is that fraud mitigation costs decrease due to the checks carried out before funds are transferred.
Better Audit Compliance
With CoP's system of checks in place, identifying fraud liability is a simple task, and this reducesany legal expenses that a bank might have incurred pre-CoP. All checks are electronic, and a clear audit trail that can be verified and logged securely is established.
A possible ramification of CoP is that non-participating banks might face greater liability in fraudulent transactions. Customers who transferred money erroneously or to fraudulent accounts could hold recipient banks liable if they don't check for fraud.
CoP adoption thus insulates a bank from possible legal claims arising from APP fraud. Thanks to an audit trail that quickly identifies liability, banks can rest assured that their reputation and customers' safety are in the right place.
Simple but Powerful
On the surface, CoP sounds like a simple account holder verification service. However, the protocol is far more powerful than that, and its features bring a wide variety of benefits to banks and consumers. Delaying CoP adoption or choosing to skip adoption holds many risks, ones that financial institutions can ill-afford to take.