In the relentless battle against authorised push payments (APP) fraud, the UK has spearheaded efforts to fortify its payment verification systems, with Confirmation of Payee (CoP) emerging as a pivotal tool. However, as financial institutions seek to stem the tide of fraud, not only domestically but also globally, it is crucial to extract key lessons from CoP implementation and augment existing processes.
Hailed as a pre-verification mechanism, CoP scrutinises payee details to thwart inadvertent errors in transaction inputs. Yet, as the landscape of fraud evolves, there’s merit in considering an additional layer: verifying the payer. This proactive approach aims to identify anomalous behaviours, such as unauthorised individuals initiating large transactions, thus fortifying defences against insider threats.
Taking an holistic approach
Transaction and behavioural monitoring, synergistically integrated with Verification of Payee, furnish a holistic fraud mitigation strategy. By flagging suspicious activities—like unusual transaction volumes or unfamiliar beneficiaries— these mechanisms pre-empt potential fraud attempts, mitigating risks in real-time.
However, the efficacy of CoP is tempered by the constraints of legacy infrastructure, which remains a bastion for fraudsters seeking vulnerabilities. Institutions tethered to archaic systems face mounting pressure to fortify defences amid escalating threats. Patching vulnerabilities and system upgrades, albeit essential, present logistical and financial hurdles, underscoring the imperative for concerted investments in modernisation.
Furthermore, the advent of real-time payments has become a double- edged sword, offering unparalleled convenience but also fertile ground for fraudsters. The urgency to scrutinise transactions within milliseconds underscores the need for swift, adaptive fraud prevention solutions.
As the UK seeks to continue to mitigate APP fraud, the discourse has shifted from CoP to a broader narrative of fraud prevention. Mandatory reimbursement provisions incentivise payment service providers to embrace comprehensive fraud mitigation measures, encompassing CoP alongside other fraud checks, like sanction screening and behavioural monitoring. However, the limited information provided within the current payload for CoP queries makes it difficult for recipients to make more informed decisions regarding transaction legitimacy when responding to CoP queries, and to protect themselves from mandatory reimbursement claims that they could otherwise have blocked.
Looking ahead, the trajectory of fraud prevention hinges on global collaboration and regulatory alignment. Will mandatory reimbursement schemes and extended validation windows, pioneered in the UK, find resonance internationally? We suspect so, in light of the expansion of CoP-like mandates in Europe and beyond. The impetus lies in transcending geographical boundaries to forge a unified front against fraud.
In closing, CoP serves as a cornerstone in fraud prevention, but its efficacy is magnified when integrated into a multifaceted approach. By fortifying legacy systems, embracing real-time analytics, and fostering regulatory convergence, the financial ecosystem can strengthen its defences against the ever-evolving spectre of fraud.
Mark Bish is product lead risk solutions – corporates and Erez Nounou is product lead risk solutions – financial messaging at Bottomline
This article was first published in ‘Rising to the Fraud Challenge 2024’, an Open Banking Expo report in association with Bottomline. Download your copy of the report here.
