It’s often said that history repeats itself. It’s hard to look at the current state of play regarding instant, or real-time, payments in the EU and U.K. right now and not think about that adage. Because right after the EU standardized an ambitious plan to accelerate instant payments, the U.K. has countered with a proposal to slow them down.
Instant Brexit? Not really. But by raising the specter of slowing potentially suspicious transactions, the U.K. is risking a lack of interoperability between it and the EU. The UK also risks tapping the brakes on consumer and business adoption of instant payments at a critical juncture in their development.
The PYMNTS global real-time tracker report shows that the U.K. processed 4 billion real-time transactions in 2022 on the way to an estimated 6.1 billion in 2027. The EU member nations accounted for 13.2 billion transactions in 2022 and its projected adoption is much higher by percentage at 34.2 billion in 2027.
To understand the potential implications of the U.K.’s proposal, some background is necessary. On Feb. 26, the EU Parliament passed a series of regulations that gives consumers the option to transfer money within 10 seconds at any time of the day, including outside business hours, not only within the same country but also to another EU member state. Payment service providers (PSP) such as banks, will be required to offer the service of sending and receiving instant payments in euro. The charges that apply (if any) must not be higher than the charges that apply for standard credit transfers.
To at least partially mitigate and fraud concerns, under the new rules, instant payment providers will need to verify that the beneficiary’s IBAN and name match to alert the payer to possible mistakes or fraud before a transaction is made. This requirement also applies to standard transfers.
The U.K. had already been in the lead with developing what it calls “faster” payments. It rolled its system out in 2008 and its usage has grown steadily since. So has faster payments fraud. According to The World Bank authorized push payment (APP) fraud has resulted in over £1.2 million ($1.55 million) being stolen in 2022 alone. APP fraud accounted for 40% of financial fraud losses in 2022, with card-based fraud accounting for 45%. APP fraud typically uses Faster Payments, the United Kingdom’s faster payments service.
Stakeholders, including the payment systems regulators, Pay.UK and UK Finance, an industry association, have worked together on several solutions, including confirmation of payee (CoP). CoP is an automated name-checking service aimed at verifying both sides of a faster payments transaction.
The U.K. is also looking at a complete overhaul of its payments infrastructure to center around faster payments. That initiative — called New Payments Architecture — was scheduled to begin this year but was postponed as banks deal with financial pressures caused by the country’s cost-of-living crisis.
So why slow the faster payments train? Partially because APP fraud continues at unacceptably high levels. The U.K. government on March 12 proposed a draft bill that would let banks and payment service providers put suspicious-looking peer-to-peer payments on hold for up to four days to conduct security reviews. It’s part of a broader plan to mitigate fraud, but also poses the question: What is a suspicious transaction?
“This will be permissible only where there are reasonable grounds to suspect a payment order from a payer has been placed subsequent to fraud or dishonesty perpetrated by someone else (excluding the payer) and those grounds are established by no later than the end of the next business day following receipt of the payment order,” reads a draft of the proposal. “The delay may also be used where the payer’s PSP requires further time to contact the customer or third party, such as law enforcement, to establish whether to execute the payment.”
The draft goes on to say that the proposal will be presented during the summer of this year and will coincide with the U.K.’s new rules on APP fraud mandatory reimbursement. Those rules split the liability 50/50 between payer and payee. In 2022 APP fraud was £485 million with 40% of the scams being reimbursed to customers. According to John Bertrand, managing director of Tec 8 Limited in the U.K., that could mean a £290 million hit to the banking industry in 2025.
“To safeguard U.K.’s world leadership development of the instant payments, the actual four-business-day delay needs to be clearly defined and actions taken by the PSP/banks subject to third-party review,” Bertrand said. “Incentives to follow the rules are necessary. One incentive the social platform companies understand is the EU fine of up to 10% of annual worldwide revenues for being noncompliant. One U.K. bank was recently fined £60 million for regulatory failures. The EU max fine would have been £6 billion.”
Fines — if they come to pass — and more aggressive use of CoP should help the U.K. mitigate its faster payments fraud issues. So will the New Payments Architecture initiative, which has interoperability as one of its focus points.
The EU is betting that its IBAN mandate will serve as an impediment to fraudsters. But other observers say more guardrails will be necessary.
“The new EU rules will require instant payment providers to verify that the beneficiary’s IBAN and name match, and to alert the payer to possible mistakes or fraud before a transaction is made,” says a report from Hawk.ai. “The new regulations will place the financial burden of fraud onto the bank, even if the payee is not a customer. This change will mean an increased risk of fraud losses for banks. To mitigate the risk, banks will need to strengthen their fraud prevention capabilities with improved systems, processes, and technology.”