UK regulator expands APP fraud plan
Payment systems regulators (PSRs) in the UK announced on Tuesday (May 24th) that they will have to extend an important deadline for businesses to comply with new requirements to combat authorized push payment (APP) fraud. However, the regulator plans to expand the number of companies covered given the success of the program.
In 2020, the regulator started working with the UK’s six largest banking groups to adopt so-called Confirmation of Payee (CoP) bank account name verification services. CoP was designed to help stop fraud and accidentally misdirected payments by verifying that a payee’s account name matches the name and account details provided by a payer.
In February 2022, the PSR released a new rule that paved the way for more banks and building societies to adopt the CoP. The deadline to comply with phase 1 was May 31. However, the regulator has just announced that this deadline will be extended until June 30. This change occurred because some Phase 1 participants experienced technical issues while migrating to the Phase 2 technical environment. This delayed their readiness to deliver the CoP in the Phase 2 environment before until Phase 1 is officially decommissioned on May 31.
“The PSR allowed for a short extension of the operation of the Phase 1 technical environment to allow delayed companies to undertake the work necessary to complete their migration to Phase 2,” the regulator said in a press release.
On the same day, the regulator announced new plans to increase the number of companies offering CoP to 400 by 2024, from 33 companies currently offering the services, including banks and payment service providers (PSPs). ). The regulator has launched a consultation which will be open until July 8.
According to analysis by the regulator and CoP participants, the program has shown that it has helped curb increases in certain types of APP fraud, reduced levels of fraudulent funds received on accounts by PSPs that have implemented the CoP, and that there has been a reduction in payments accidentally misdirected to the wrong person/account.
“Protecting people who make payments should be a top priority for all financial companies. Those who have not yet introduced beneficiary confirmation need to step up their efforts to ensure their customers are protected,” said Genevieve Marjoribanks, Policy Officer at PSR.
This data likely encouraged the regulator to push for wider acceptance of the CoP. Yet, given the volume of PSPs involved and the different levels of readiness, the regulator proposes to divide the requirements for PSPs to implement the CoP into two groups.
The first group will be prioritized based on the complexity and size of the institution and/or businesses where adopting CoP could have the greatest impact on preventing APP scams. This first group would see an increase in CoP coverage from 92% of transactions made through Faster Payments to 99%. This group should have implemented the CoP by June 30, 2023.
The second group includes all other companies that either use unique sort codes or build companies using a Secondary Master Data (SRD) reference type. This group should have implemented the CoP by June 30, 2024.
Read more: UK payments regulator to get more powers to tackle authorized push payment fraud
Additionally, the PSR closed a consultation in January 2022 where the regulator proposed several measures to combat APP fraud. Under the proposal, some of the biggest banks will have to publish data on their performance with regard to APP scams, levels of reimbursement for victims, and the bank and building society accounts that are used to receive the fraudulent funds.