Why banks need Confirmation of Payee (CoP) to prevent APP fraud - Image by Mohamed Hassan from Pixabay There’s no depth that fraudsters won’t sink to in order to get their hands on other people’s money. Every day, there seems to be headlines announcing evermore devious and devastating fraud incidents. Authorised push payment (APP) fraud is the latest weapon in fraudsters’ armouries. Understandably, people are frightened.

It’s become second nature for us to shield our PINs at the ATM and to enter passwords for practically every online activity. We shudder at the thought of leaving our payment cards on a table in a café, or our phones unlocked and left alone in a public place.

But not only do fraudsters manage to stay one step ahead, they’re getting smarter and more sophisticated with their methods of attack. APP fraud is causing losses of such magnitude that regulators are now stepping in to enforce new measures to counter it. But before we look at those, we need to understand why APP fraud is such an insidious and dangerous threat – not just to individuals, but to businesses, banks, and other financial service providers.

Scoping out the threat

APP fraud typically involves individuals and businesses being tricked into sending large amounts of money to accounts controlled by fraudsters. They can also include tempting people to hand over sensitive personal and payment data to fraudsters who are pretending to be someone else. Examples include fake investment schemes, romance scams, or shopping offers that deceive people into thinking they’re getting a bargain or exclusive item or service.

What makes APP fraud so alarming is how authentic looking it can be. Any incident of fraud is devastating for victims. APP fraud methods are so sophisticated that even the most tech-savvy and security-conscious individuals and businesses can fall victim to it.

The insidious nature of APP fraud makes a devastating impact in more ways than just financial loss. It can shatter a person’s confidence. It can erode the trust they have in the businesses they deal with, haemorrhaging profitability as a result. Unfortunately, many innocent individuals and businesses have been caught up in APP fraud scams, with their identities or brand names impersonated by fraudsters to perpetrate theft.

Many victims, who are understandably angry and upset at being duped, have left scathing reviews of businesses, accusing them of stealing money or ignoring their pleas for help to get their money back. The fact is that these businesses often had nothing at all to do with the fraud.

What’s also causing concern is how rapidly it’s growing. Figures from UK Finance reveal that £239.4 million was lost to APP fraud in the first half of 2023. The number of cases rose 22% during that period. Around 98% of APP fraud transactions are made through the UK’s Faster Payments rails.

UK APP fraud volumes are predicted to double, reaching £1.3 billion by 2026. With the number and value of Faster Payments transactions surging, the ability to cross-verify sending and receiving accounts in real-time is crucial.

Thwarting APP fraud at the first step

That’s why the UK Payment Systems Regulator (PSR) has published a new rule requiring financial institutions to adopt Confirmation of Payee (CoP) as a means of reducing the number of individuals and businesses falling victim to APP scams. CoP enables financial institutions to verify the accuracy of accounts sending and/or receiving funds. But how does it work, and how will it help to reduce the number of APP fraud incidents?

Previously, an individual or a business wanting to make a payment would give their bank or payment service provider the payee’s details. These might include the bank sort code and account number, along with the name of the person or organisation that the funds were being sent to. The bank or payment provider facilitating the payment would then verify the sort code and account number. Then, if everything was deemed correct, the funds would be sent. However, this method lacked the security checks needed, as payers had no means of checking the name of the account against these details.

CoP offers the real-time security checks that can stop APP fraud in its tracks. When a payer triggers a payment initiation request, CoP checks the name of the account to which payments are being made and displays this to the payer. This enables the payer to be sure it’s going to the right account, and they can then decide whether or not to proceed with the payment.  The onus is on the payee to authorise the payment; therefore CoP works to remind them of their responsibility to make sure account details are correct. All details can now be cross-checked instantly, and any discrepancies prevent the payment from being processed – making it virtually impossible for APP scams to work.

Acting early is key

Right now, the PSR is directing 400 banks and payment providers to roll out CoP in staggered phases, with the final phase scheduled for October 2024. By this time, CoP will be mandatory for all banks and payment providers. But we know fraudsters will be scrambling to up their efforts ahead of this deadline, and they will look to exploit any existing avenues of attack.

At Clear Junction, we depend on the trust and security of our clients and their customers. We want to ensure that fraudsters are thwarted at every opportunity. We’ve always maintained exceptionally high compliance and data security standards like ISO 27001. We also devote significant resources to our risk management, AML and KYC processes. While APP fraud is rife, it is vital to us that our clients feel safe against fraud. That’s why Clear Junction has launched its CoP service a year ahead of the mandatory October 2024 deadline.

By doing so, we are giving a clear message to the market to follow our example. Customer trust is the most important asset any business can ever have. Because it can be damaged so easily, we in the fintech industry have a responsibility to ensure that any payments and transactions we facilitate or make are as safe as they can possibly be. We are now calling for other financial institutions and payment service providers to adopt CoP way ahead of next year’s deadline, so that the industry can build trust into payments and tackle APP fraud together.

ClearJunctionClear Junction is a global payments solutions provider that was established in 2016. The company was founded by a veteran team of financial professionals with many years of experience in cross-border payments and banking. Over the years, we have worked tirelessly to build and develop our own proprietary technology to facilitate an end-to-end regulated payments solution.

With a niche in correspondent banking, Clear Junction provides payment services to financial institutions, banks, remittance companies, payment service providers and crypto companies.

We are licensed and regulated by the Financial Conduct Authority and have offices in multiple locations across the UK and Europe, including London, Poland and Latvia.

Previous articleLaw firms will adopt generative AI but for what?
Next articleNavigating the IT Governance in the era of citizen development
Dima Kats
Dima Kats has more than two decades’ experience in the fintech industry. His career commenced in 2000 when he joined E4X, a company providing FX conversion for online global merchants. After seven years, he moved to Payoneer as VP of Product responsible for the former Soviet Union countries and Commonwealth of Independent States. This evolved into Payoneer’s largest market. In 2012, Dima began consulting payment, fintech and financial companies. He saw a trend in clients asking how to build certain payment and banking relationships, and it became clear that access to those banking services and relationships needed to be improved. He founded Clear Junction in 2016 to give financial institutions the payment services that they were missing but deserve. With a niche in correspondent banking, Clear Junction provides payment services to financial institutions, banks, remittance companies, payment service providers and crypto companies. Dima believes each of these segments have been badly underserved and unbanked in recent years due to risk considerations of processing payments for other financial institutions. He built Clear Junction with the right AML and KYC controls, risk management, methodology, and technology to handle those risks properly. About one-third of Clear Junction’s technology is tasked with risk management.


Please enter your comment!
Please enter your name here