New alert system to help reduce bank transfer scams

09/03/2020

A new system designed to reduce the risk of consumers and businesses losing money to bank transfer scams will be in force by the end of the month, according to the UK’s biggest banks.

The Confirmation of Payee (CoP) service is an account name checking service which will alert someone transferring money via Faster Payments or CHAPS (including online and mobile) if a recipient’s name does not match their bank details.

It was supposed to be introduced in July 2019, but the deadline was scrapped after feedback from banks revealed that this was unachievable due to the complex IT changes it required.

The UK’s six largest banking groups now have until 31 March to bring in the system.

Barclays, HSBC, Lloyds, Nationwide Building Society, RBS and Santander, which cover about 90% of bank transfers between them, say that they are on track to meet the deadline.

Bank of Scotland customers have already begun to benefit from the new name checking service.

What is it?

CoP will give end-users of payment systems greater assurance that they are sending their payments to the intended recipient.

It is, in essence, an ‘account name checking service’ on sterling payments transacted within the UK that can help avoid payments being accidentally misdirected.

Currently, the recipient’s name is ignored by the bank when making a payment, as only the account number and sort code are used to determine where a payment is sent.

If the confirmation system works, alerts will notify those sending a payment when there has not been a match, meaning corrections can be made before the payment is sent, rather than scam victims having to try and claw back the money afterwards.

How does it work?

The CoP check starts when a payer begins setting up a new payee.

The payer provides the account name, sort code, account number and indicates whether the account is personal or for business. The information given is then checked.

Once checked there are four possible outcomes.

1. Yes – The name and account type you supplied matched the details on the account
2. No – the name is a close match
3. No – the name doesn’t match the name held on the account
4. Unavailable – it has not been possible to check the name because of timeout, account doesn’t exist etc.

The payer can then use the result to make a more informed decision as to proceed with the payment or not.

Why is it important?

The new CoP system is designed to act as a check against Authorised Push Payment (APP) scams, where customers willingly transfer money into the account of a scammer.

APP fraud cost UK consumers £345m in 2018, of which only £83m was recovered.

It is hoped that CoP will help to reduce this by introducing another hurdle for fraudsters and giving effective warnings to customers about the risks of sending payments to an account where the name does not match.

Will it help to combat fraud?

Of course, this is a step in the right direction and there are many benefits that CoP will bring to help combat the issue of bank transfer scams.

But fraudsters are creative and use multiple techniques to achieve their objectives, therefore banks and their customers must continue to be vigilant and proactive in their fight against fraud.

What other precautions can businesses take against fraud?

This is by no means an extensive list but, by implementing better controls and improving visibility of your supply chains and payments, your business can reduce the risks of fraudulent invoices.

1. Always check who you are doing business with

Always check your suppliers are legitimate by checking they’re registered, verifying endorsements and scrutinising their website.

It’s important to do this regularly as sometimes fraudsters rely on your familiarity with invoices, and small changes such as an email address that now ends in .org instead of .com will often go unnoticed.

2. Train employees to spot fraud

You can help to protect your business by educating your employees on some of the indicators of fraud. These include but are not limited to:

• The name of the person or business you’re paying not matching the name held on the account
• Pressure to make a payment
• Payment requests from people you don’t know
• Anyone asking you to continue with a payment when the details don’t match
• A fuzzy logo on an invoice – often a result of fraudsters scanning legitimate letterheads
• A change in account numbers – does the font styling match the rest of the invoice?
• A change in contact information – encourage employees to always verify contact details
• Round pound value invoices – invoices in even amounts should be an automatic red flag
• Duplicate invoices – have you already received/paid this invoice?

3. Put plans in place

It’s important to implement policies on how to act in certain situations to limit the damage to your business. These procedures should be explained to your staff and strictly adhered to at all times.

These steps could include:

• Check all invoices for any of the red flags highlighted above
• Any change of bank account by a supplier should always be validated by a channel other than email
• Report all suspicious activity to the bank in order to block transfers

4. Utilise technology

Digitising your invoicing process could be the key to reducing the risks to your business as it can be hard to spot inaccuracies or unusual activity on paper documents.

Whereas electronic invoices can flag errors and omissions so that those with inaccurate information are not processed.

Plus, digitising your invoicing process means all of your supplier data will be in one place and it will be easier to regularly review supplier lists and highlight any red flags.

This could minimise duplicate suppliers, limit payment errors and ultimately save your business countless headaches and even some money.

For more information on Confirmation of Payee, visit UK Finance.