Alongside a massive shift to digital payments, 2020 has seen a dramatic rise in online fraud. The Confirmation of Payee (CoP) was just one industry initiative introduced to combat this disturbing trend but its adoption has been slow and the PSR had to intervene with mandated deadlines.
Here, Ed Adshead-Grant, General Manager & Director, Bottomline, explores how wider adoption of CoP will be instrumental in stopping fraudsters trying Authorised Push Payments (APP) in their tracks.
Effective. Straightforward. Affordable. And fraudsters hate it. What’s not to like about the Confirmation of Payee (CoP) scheme?
It’s not easy to find benefits arising from the Covid-19 pandemic. But this might be one: in 2020, lockdown restrictions led to a fall in UK contactless card and cheque fraud.
Don’t get too excited, though. This was counterbalanced by a rise in online fraud, resulting from the unprecedented shift to digital payments. As reported by UK Finance, Authorised Push Payments (APP) fraud, where a consumer or business gets tricked into approving a payment to a fraudster’s account, rose by 22% in 2020 to 149,946 cases, with collective losses of £479 million.
Yet this figure many assume would have been even higher if it hadn’t been for one key development: the introduction of the Confirmation of Payee (CoP) scheme by Pay.UK. The scheme provides an additional layer of security that checks automatically whether the recipient’s name matches the account number and sort code entered for a digital payment.
Introduced in early 2020, CoP enables regulated banks and building societies that own their own sort code to give users a real-time warning if the payee name and account details on file don’t match up. It provides the pause for thought customers might need to check for an error and to take responsibility for their decision on whether to continue with a payment.
A Solution That Works – but Only When Used!
In the first phase of the CoP implementation, which the industry expects to remain open for most of 2021, the UK’s six biggest banks – representing more than 90% of the country’s bank accounts – were mandated to implement CoP by the Payment Service Regulator. The less widely known fact is that any other FCA-registered institution with their own sort code (there are 396 of these in the UK, including challenger banks and other smaller players) have always qualified as well to join the safety of phase 1.
In our view, any organisation that’s entitled to join the CoP ‘movement’ should do so as quickly as possible. There are powerful reasons for this. First and foremost, the scheme works. Lloyds Bank, one of the clear front-runners, has publicly reported over a 30% decline in APP fraud since implementation.
Second, on a technicality not discussed widely, phase 1 and phase 2 of CoP do not speak to each other. This means that those waiting and joining phase 2 cannot see any of the activity of participants in phase 1 (currently >90% volume) and never will until the phase 1 participants switch their commitment across to using the technical domains set up for phase 2. The impact is that any new participant joining phase 2 surrenders their risk policy to the PSR6 banks’ project timetables to move.
Third, and perhaps most importantly, banks risk their competitiveness and customer loyalty by not offering CoP protection. There is already evidence that fraudsters are migrating to and targeting institutions that don’t yet provide CoP protection, making them more vulnerable to fraud and damaging their brand as the custodian of customer funds.
Despite these clear benefits, the rate of CoP adoption has been disappointingly slow. We’ve seen that some smaller banks are reluctant to join, assuming the implementation will be complex and costly. In fact, with the power of SaaS engineering, no capital expenditure is needed: we deliver our entire CoP service inbound and outbound via a fast onboarding program, a simple API link, and a single file download. We want to make it as straightforward and painless as possible for all banks and building societies to implement CoP as the industry goal for everyone is the ubiquity of use to stop criminal activity.
When phase two opens up for applications at some date in 2021, we’re ready to help other eligible organisations join, such as building societies with HOCA accounts, credit card companies, credit unions, and more. We help those already on CoP to spin up the new phase 2 environment quickly, easily, and seamlessly. Our drive is to achieve the payment industry’s ultimate goal: to protect people everywhere by reducing fraud and ensuring everyone’s payments are safe and secure.
Making Payments Safe and Secure
CoP is far from the only way of counteracting payment fraud. Many techniques and technologies exist, from encryption and device fingerprinting to predictive data, fraud-scoring tools, anomaly behaviour detection, address verification, and much more. But with the right support, CoP can be more straightforward to implement, is still highly effective, and won’t break the bank (or building society).
Just as no one wanted to be the last to put a chip on their bank card a few years ago, make sure CoP is on your to-do list for your payments in 2021.