Fraudsters are relentless – always finding new ways to steal other people’s money. And with Authorised Push Payment (APP) fraud levels on the rise, clearly, they think they’re getting away with it.
In the first half of 2023, UK Finance reported losses of £239.4 million, with cases rising by 22% during that period.
This is a problem that affects not just individuals, but businesses, banks, and financial service providers. It typically sees scammers tricking individuals and businesses into transferring large sums of money into accounts that they control.
Alternatively, a fraudster may convince victims to hand over sensitive personal and payment data through authentic-looking scams – think fake investment schemes, romance scams, or deceptive shopping offers.
Even the most tech-savvy and security-conscious individuals and businesses are susceptible, since these types of scams can look very genuine.
An increasing number of individuals and businesses are getting caught up in APP fraud scams, with their identities or brand names impersonated by fraudsters to perpetrate theft. It can erode the trust that people have in the businesses they deal with, haemorrhaging profitability as a result.
Many victims, who are understandably angry and upset at being duped, have left scathing reviews of businesses, accusing them of stealing money or ignoring their pleas for help to get their money back. The fact is that these businesses often had nothing at all to do with the fraud.
Without intervention, this problem is only going to get worse as most APP fraud transactions (around 98%) are made through the UK’s Faster Payments rails, and the number and value of Faster Payments transactions is growing.
Steps to tackle APP fraud
The scale of APP fraud losses has prompted regulators to intervene with new measures to counter this insidious threat. The UK Payment Systems Regulator (PSR) has published a new rule requiring financial institutions to adopt Confirmation of Payee (CoP) to enable them to verify the accuracy of accounts sending and/or receiving funds in real-time. But how does CoP work?
Previously, an individual or a business wanting to make a payment would give their bank or payment service provider the payee’s details. These might include the bank sort code and account number, along with the name of the person or organisation that the funds were being sent to. The bank or payment provider facilitating the payment would then verify the sort code and account number. Then, if everything was deemed correct, the funds would be sent.
However, this method lacked the security checks needed, as payers had no means of checking the name of the account against these details.
CoP offers the real-time security checks that can stop APP fraud from happening. When a payer triggers a payment initiation request, CoP checks the name of the account to which payments are being made and displays this to the payer. This enables the payer to be sure it’s going to the right account, and they can then decide whether to proceed with the payment.
The onus is on the payee to authorise the payment; therefore, CoP works to remind them of their responsibility to make sure account details are correct.
All details can now be cross-checked instantly, and any discrepancies prevent the payment from being processed. This makes it virtually impossible for APP scams to work.
Don’t stand back
While the PSR is directing 400 banks and payment providers to roll out CoP in staggered phases – culminating in a mandatory deadline of October 2024 – we all know fraudsters will be scrambling to up their efforts ahead of this.
Clear Junction depends on the trust and security of our clients and their customers, and we want to ensure that fraudsters are stopped at every opportunity.
While APP fraud is rife, it’s vital to us that our clients feel safe. As such, Clear Junction has launched its CoP service a year ahead of the mandatory deadline. And we urge others to do the same.
Customer trust is the most important asset that any business has, but it can be easily damaged. We, in the fintech industry, bear the responsibility of ensuring that transactions are as secure as they can possibly be.
Dima Kats is chief executive officer of Clear Junction