Has Confirmation of Payee been successful in combating APP fraud?

With millions being lost to Authorised Push Payment (APP) scams, and the number continuing to increase this presents a serious issue for the finance sector.

Over 90 per cent of respondents in a recent poll undertaken by UK Finance, in collaboration with Synectics Solutions, said that APP scams were among the highest-level priorities within their fraud prevention activities for 2022.

A recent Treasury Committee review recommended measures such as: mandatory reimbursement to those customers that fall victim to the scams; legislative changes; and the establishment of a new government department to deal with fraud and economic crime.

We look at the backdrop to APP fraud, the relative success of current responses and new ways of tackling this fraud that show very promising results.

Difficult to detect

APP fraud is one of the most popular weapons in a fraudster's arsenal. Based on duping victims to make a payment to what they believe to be a genuine beneficiary account, the impact on people's lives can be heart-breaking. It is often instigated through some form of social engineering, such as impersonating employees, replicating email or SMS communications of a genuine company, and timing it around when a customer might be legitimately expecting to make payment. APP fraud can be incredibly difficult for banks to detect and prevent.

Unintended consequences

The Payment Services Regulations 2017 has strict requirements for firms to execute payment transactions. While this has achieved good customer outcomes by providing, through Faster Payments, near real-time receipt of payment; these requirements have also created an environment for APP fraud to thrive. Why? Because funds are transferred in real-time, firms have little opportunity to delay payments, and the window for fraud detection has been significantly reduced. Fraudsters can immediately take the money and run.

The introduction of the Contingent Reimbursement Model and Confirmation of Payee

Following the 2016 ?Which?? super complaint to the Payment System Regulator around push payment scams, changes have been made to combat APP fraud and to protect customers who have fallen victim.

One such protection mechanism is the Contingent Reimbursement Model (CRM), a voluntary code that UK banks can sign up to. The CRM code aims to give customers who have fallen victim to APP scams the confidence that they will be reimbursed if they have acted appropriately.

Part of the answer

Confirmation of Payee (CoP) was introduced at the end of March 2020. With CoP, the name associated with a new payee's account can be checked against the sort code and account number. The service has been identified by the industry as a tool that can help consumers better protect themselves and make sure they are paying in to the correct account.

But how well is it working?

Despite voluntary and technical advances APP fraud is still on the rise. UK Finance has reported significant losses arising from APP-related fraud scams.

Supporting this, our recent poll found that 43 per cent of those surveyed felt that the value of using CoP to help tackle APP fraud had been neutral at best if not useless.

The scale of the problem has prompted a Treasury Committee to call for tougher measures including mandatory reimbursements for those who have fallen victim to APP scams.

The banking sector needs to act now as it is caught between rising levels of fraud and increased regulatory scrutiny.

What can be done?

Quite simply, the best protection against fraud is a layered one. The specific issue of tackling APP fraud doesn't change that.

A recent poll from UK Finance and Synectics Solutions discovered that over 30 per cent of those surveyed didn't undertake any additional checks against fraud databases, and solely relied on Confirmation of Payee checks when performing customer payment instructions.

Our recommendation is to apply additional defences at both ends of the transaction:

  • Screening payment beneficiaries using known fraud data and intelligence, both at payment initiation and as part of a regular back book screening
  • Greater analysis of incoming payments to identify potential ?mule? beneficiary accounts, supplementing existing Anti-Money Laundering controls and identifying suspect accounts.

You may be interested in

Over £200 million of fraud stopped by rapid scam response scheme

31.03.22

Press release

Over £200 million of fraud stopped by rapid scam response scheme

Branch staff at banks, building societies and Post Offices have worked with the police to stop £202.8 million of fraud through the Banking Protocol rapid scam response scheme since it launched in 2016, according to the latest figures from UK Finance. Last year £60.7 million was stopped through the scheme, 34 per cent more than in 2020.