Guarding Against APP Fraud by Adopting Confirmation of Payee

Alberto Céspedes-Sharp

By Alberto Céspedes-Sharp, Pre-Sales Compliance Officer (First Line of Defence) at Clear Junction

In an era where fraudsters relentlessly find new ways to steal other people’s money, the threat of Authorised Push Payment (APP) fraud looms large. Daily headlines recount new and ingenious methods that strike fear into the hearts of individuals who find themselves caught in the crosshairs of these bad actors.

We vigilantly guard our PINs at the ATM, use complex passwords online, and the mere thought of leaving a credit card on a café table sends shivers down our spines. Yet, despite our best efforts, fraudsters continue to evolve, growing smarter and more sophisticated in their methods of attack.

APP fraud, with its staggering financial losses, has become a menace not just to individuals but to businesses, banks, and financial service providers.

But how big is the problem?

APP fraud involves tricking individuals and businesses into transferring large sums of money into accounts controlled by fraudsters. It can involve a fraudster convincing victims to hand over sensitive personal and payment data under the guise of, say, fake investment schemes, romance scams, or deceptive shopping offers that make people think they’re bagging a bargain.

APP fraud attempts can look very authentic, so even the most tech-savvy and security-conscious individuals and businesses can fall prey to it. Sadly, this means that, alongside the devastating impact of financial loss, it can impact people’s confidence and trust when transacting online.

A growing number of individuals and businesses are getting caught up in APP fraud scams, with their identities or brand names impersonated by fraudsters to perpetrate theft. It can erode the trust that people have in the businesses they deal with, haemorrhaging profitability as a result.

Many victims, who are understandably angry and upset at being duped, have left scathing reviews of businesses, accusing them of stealing money or ignoring their pleas for help to get their money back. The fact is that these businesses often had nothing at all to do with the fraud.

The magnitude of which APP fraud is growing is alarming. UK Finance reports losses of £239.4 million in the first half of 2023, with cases rising by 22% during that period.

Around 98% of APP fraud transactions are made through the UK’s Faster Payments rails. So, with the number and value of Faster Payments transactions surging, the ability to cross-verify sending and receiving accounts in real-time is crucial.

Stopping APP fraud at its core

Recognising the urgency of deterring APP fraud, the UK Payment Systems Regulator (PSR) has published a new rule requiring financial institutions to adopt Confirmation of Payee (CoP) as a means of reducing the number of individuals and businesses falling victim to these scams.

CoP enables financial institutions to verify the accuracy of accounts sending and/or receiving funds. But how does it work?

Previously, an individual or a business wanting to make a payment would give their bank or payment service provider the payee’s details. These might include the bank sort code and account number, along with the name of the person or organisation that the funds were being sent to. The bank or payment provider facilitating the payment would then verify the sort code and account number. Then, if everything was deemed correct, the funds would be sent. However, this method lacked the security checks needed, as payers had no means of checking the name of the account against these details.

CoP offers the real-time security checks that can stop APP fraud from happening. When a payer triggers a payment initiation request, CoP checks the name of the account to which payments are being made and displays this to the payer. This enables the payer to be sure it’s going to the right account, and they can then decide whether to proceed with the payment.

The onus is on the payee to authorise the payment; therefore, CoP works to remind them of their responsibility to make sure account details are correct. All details can now be cross-checked instantly, and any discrepancies prevent the payment from being processed. This makes it virtually impossible for APP scams to work.

Don’t stand back

The PSR is directing 400 banks and payment providers to roll out CoP in staggered phases, culminating in a mandatory deadline of October 2024. But we know fraudsters will be scrambling to up their efforts ahead of this deadline, and they will look to exploit any existing avenues of attack.

Clear Junction depends on the trust and security of our clients and their customers, and we want to ensure that fraudsters are stopped at every opportunity. We’ve always maintained exceptionally high compliance and data security standards like ISO 27001. We also devote significant resources to our risk management, anti-money laundering and Know Your Customer processes.

While APP fraud is rife, it is vital to us that our clients feel safe. So, we’ve launched our CoP service a year ahead of the mandatory deadline, and we urge others to do the same. Customer trust is the most important asset a business has, but it can be easily damaged. We in the fintech industry have a responsibility to ensure that any payments and transactions that we facilitate are as safe as they can possibly be.