The UK’s Payments Systems Regulator (PSR) has eased a March deadline for banks to implement new fraud protection plans, despite the nearly £1 billion losses suffered as a result of Authorised Push Payment (APP) fraud in the past three years.
Implementation of Confirmation of Payee (CoP) is designed to curtail APP fraud by ensuring banks confirm the validity of payment recipients, but the PSR said it would be taking a lenient approach to those failing to meet that deadline in the light of the COVID-19 pandemic. The deadline had already been extended by a year.
Banks have publicly lamented the challenges of rolling out CoP: changes are typically required across online and mobile applications, need to integrate with payments systems, then ensure counter party banks can funnel confirmation back to customers.
(The decision is the second major delay to tighter security rules in the financial services sector over the past half-year. In August 2019 the Financial Conduct Authority gave banks and other payments providers 18 months more to introduce “Strong Customer Authentication” measures required under Europe’s PSD2 directive.)
The PSR said this week: “We are acutely aware of the current and significant pressure on organisations to do all they can for their customers, while also effectively looking after the people who work for them and making sure the UK’s banking industry can continue to be resilient. This means we have carefully considered our regulatory approach to the implementation of this system.
Banks must continue to take “appropriate steps to roll out CoP, taking into account the impacts of COVID-19, even if that means they do not meet the original 31 March 2020 deadline” it added, saying it will keep the arrangements under review.
What is APP Fraud?
Authorised Push Payment fraud happens when fraudsters deceive consumers or businesses into sending them a payment under false name, to a bank account controlled by them. As payments made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realise that they have been conned.
Compensation was provided to some customers under the voluntary code on APP fraud, introduced on 28 May 2019. Data from a report published last week by UK Finance shows that customers have so far received £41 million in compensation in cases assessed under the code since it was introduced.
Currently, when a payment is made, the banks are not able to check the name of the organisation or person who is to be paid. If the sort code and account number do not match this will be flagged, otherwise the money goes straight through.
After the introduction of Confirmation of Payee, banks will be able to check the name of the account of the person or organisation who is getting paid.
They will then let the account holder know the outcome of this check and advise them on the best way forward.