Adam Bottley, Risk and Compliance Manager discusses the looming deadline for the big banks to deliver Confirmation of Payee (CoP) anti-fraud reforms and the many technical questions still to answer.
This article was published in Mortgage Finance Gazette magazine, December 2019 edition.
According to UK Finance, in H1 2019 UK customers lost over £207 million to online Authorised Push Payment (APP) scams. The UK Payment Systems Regulator (PSR) has ordered the ‘big six’ banks to ensure CoP implementation by 31 March 2020, ahead of the rest of the market. This is an area for concern for everyone else as they may not necessarily have in place some of the required functionality – leaving customers to perceive them to be less ‘secure’.
CoP, as a name checking service, will allow consumers to check the name entered matches that which was intended. When it goes live, CoP requests will be sent directly between providers via APIs without the need for a central database. Instead, Pay.uk have confirmed that the Open Banking Directory will provide details of the API endpoints. This does mean though that providers will need to be FCA-registered and enrolled with Open Banking.
As the payment authority Pay.uk have specified, this means that applications can’t be accepted from organisations in certain scenarios such as: organisations whose customers are addressed via a secondary reference; organisations not registered with the FCA; or non-Account Servicing Payment Service Providers (ASPSPs). This can pose a challenge to firms using a sponsor bank, such as building societies, who will fall within the ‘cannot offer CoP’ bracket.
This may also cause confusion amongst consumers once a go live transition takes place. Many people may find that some of their accounts can be checked at some of their providers, but others can’t. In addition, the current capability focuses only on FPS and CHAPS payments, giving no space for payments using BACS such as corporate or direct debit payments.
Pay.uk have however stated that they want all other providers to be able to plug in to CoP and that the proposition will expand to cover them; DPR is watching this space closely in order that we can design, build and offer the best solutions for our clients. There are more technical challenges that still need to be overcome to ensure full market coverage but engagement with your platform vendor can ensure that your solution achieves the best customer outcome.
But the most important take-away to leave with is: don’t forget about the customer. Early engagement with customers will help them to understand the changes and their impacts and ultimately, it will help to reduce fraud.
For a more detailed discussion on how DPR manages regulatory change with our clients, or how DPR can help you, contact us via firstname.lastname@example.org.