The UK’s Confirmation of Payee (CoP) initiative, aimed at validating bank account ownership, has emerged as a pivotal tool in the fight against Authorised Push Payments (APP) fraud in the UK.
By October 2023, CoP had achieved 99% coverage of GBP accounts addressable by Faster Payments and has already shown promising results, with a 17% reduction in APP fraud in 2023. However, compared to initiatives like the IBAN name-check in the Netherlands, which achieved an 81% reduction in fraud within foreign domestic transfers, CoP’s impact might seem less impressive.
Expanding CoP
One of the key lessons learned from CoP implementation is the necessity of a holistic approach to fraud prevention.
Focusing solely on APP fraud leaves other payment types vulnerable to exploitation – for instance, direct debits. While the CoP use case has been extended to allow use of the service to verify payers when creating new DDIs, the lack of a formal mandate for use, as given for APP, leaves consumers and businesses susceptible to fraudulent activity. Extending CoP to encompass direct debits could provide a comprehensive solution to mitigate fraud across various payment methods.
Mark Bish of Bottomline
Looking to the future, there is a growing consensus on the need to expand CoP beyond bank-to-bank transfers, with a clear need to drive ubiquity of use for all direct debits and direct credit payments, and explore its application to digital wallets and credit cards, which could address existing gaps in fraud prevention.
While credit card schemes offer some protection against fraudulent transactions, the inability to confirm the account holder’s name leaves a significant vulnerability. Introducing a CoP-like mechanism for credit cards could enhance security and bolster consumer trust.
Limitations of CoP
Despite its efficacy, CoP is not without its shortcomings. The system’s flexibility, while advantageous in accommodating minor errors like ‘fat fingers,’ also opens the door to potential abuse. Distinguishing between accidental errors and malicious intent remains a challenge, highlighting the need for additional layers of protection or AI-driven tools to discern intent accurately.
Moreover, the current payload of CoP queries is insufficient, lacking crucial contextual information that would enable easier detection of suspicious activity and allow for a more nuanced response.
Providing additional information, including who is making the request, their account details, the purpose of the request and the associated risk or value, strengthens fraud detection efforts by allowing the recipient to include these details as part of their risk assessment, vary flexibility in matching logic and temper the answer they return.
Bottomline’s Erez Nounou
By enhancing CoP’s capabilities to include this information, recipients are better able to make more informed decisions regarding transaction legitimacy, protect themselves from indemnity claims, and provide the sender with a response that offers greater protection for them and their customers. This is particularly important with the introduction of mandatory reimbursement for APP fraud.
Collaboration is key
As the financial landscape evolves, collaboration between stakeholders becomes paramount. Payment service providers (PSPs), regulators, and solution providers must work together to streamline CoP implementation and address emerging challenges. Bottomline, for instance, offers comprehensive fraud prevention solutions that complement CoP, providing support throughout the transaction journey.
Looking ahead, the expansion of CoP presents a significant opportunity for the UK payments sector. By broadening eligibility criteria and introducing new technical models, CoP aims to enhance coverage and effectiveness in combating fraud. The next stage must be to mandate CoP for corporates for all payment channels to further drive down payment fraud.
However, for mandated PSPs, the priority must be CoP integration, leveraging resources and guidance provided by regulatory bodies and solution providers.
In conclusion, CoP represents a crucial step forward in fraud prevention within the UK payments sector. By addressing its limitations, expanding its scope, and fostering collaboration, CoP has the potential to revolutionise payment security, ensuring a safer and more reliable financial environment for all stakeholders.
Mark Bish is product lead risk solutions – corporates and Erez Nounou is product lead risk solutions – financial messaging at Bottomline
This article was first published in ‘Rising to the Fraud Challenge 2024’, an Open Banking Expo report in association with Bottomline. Download your copy of the report here.
