Confirmation of Payee (CoP) checks were introduced on 30 June 2020. The system is a new way for banks to check the account details of a payee (that is the recipient – whether a person or a business – of a bank transfer) before the payment is sent. This helps to avoid a payment being sent to the wrong account, whether as a result of a mistake or a fraud.
The CoP mechanism was originally due to be introduced in late March 2020, but it was postponed due to COVID-19. The six principal banking groups in the UK were all required to implement the new protection by this date, though some smaller banks and building societies may also choose to introduce it.
Previously when processing a payment mandate, only the payee account number and sort code were checked. This left an opening for fraudsters to substitute their own bank account details for those of the intended recipient of the funds as nobody would check whether the payee’s name matched the name on the account to which the funds were to be transferred. However, from 30 June 2020, when a customer sets up a new payee or changes the payee details on an existing payment mandate, a CoP check will be run to confirm whether the payee’s name is in fact the same as that of the accountholder.
There are three possible responses from a CoP check. First, the payee bank may confirm an exact match between the payee name and the name of the accountholder in which case the payment will be processed as planned. Alternatively, there may be a partial match. The customer making the payment will then be shown the name of the accountholder in order to verify whether this is in fact the correct payee. Lastly, there may be no match, in which case the customer is asked to check the payee name and account details before proceeding with the payment.
The new system is intended to reduce the risk of authorised push payment (APP) fraud, as well as innocent mistakes made by customers. APP fraud happens when fraudsters deceive individuals (either consumers or employees of a business) into making a payment to the fraudster’s bank account. An example of this would be sending an invoice that looks very similar to one which the individual is expecting, such as an invoice from a supplier, but which includes the fraudster’s own account details. The individual arranges payment of the invoice but has unknowingly paid the fraudster instead of the legitimate recipient.
While it is expected that the CoP checks will reduce instances of fraud, there are limitations to the new system. CoP checks can only be carried out where both the paying and payee banks have implemented the mechanism and, at least for the time being, only where the payments are being made by the Faster Payments System or by CHAPS. CoP checks also cannot be carried out for international payments. Fraudsters are likely, therefore, to adapt their approach, for example, by opening accounts with banks which do not have the CoP mechanism in place.
The existence of the partial match response may also lead to fraudsters opening accounts using names which are very similar to the names given on the fake invoices in the hope that the bank customer won’t notice the slight discrepancies or that they will assume it’s a mistake on the invoice. Bank customers should be check partial match responses very carefully to avoid this risk, and if necessary, contact the payee to confirm the account details. Where contacting the payee, make sure to use a different contact method than the one used to send the invoice, for example, by calling a supplier instead of replying to the email attaching the invoice.
Businesses should also take appropriate steps to limit the risk of customers not getting an exact match on a CoP check when paying an invoice, for example, by ensuring that the payee name listed on their invoices is an exact match for the name on the bank account.
This marks a significant milestone in reducing Authorised Push Payment (APP) scams. This new service is designed to make it harder for fraudsters to pretend to be someone else, helping to reduce fraud (particularly APP scams) and accidentally misdirected payments.