UK Payment Regulator Expands Plan to Fight Authorized Push Payment Fraud

fraud prevention

The U.K. Payment Systems Regulators (PSR) announced on Tuesday (May 24) that it will need to delay an important deadline for companies to comply with new requirements to fight authorized push payment (APP) fraud. However, the regulator is planning to expand the number of companies covered given the success of the program. 

In 2020, the regulator started to work with the U.K.’s six largest banking groups to adopt what is called Confirmation of Payee (CoP), the bank account name checking services. CoP was designed to help stop fraud and accidentally misdirected payments by checking whether the name of a payee’s account matches the name and account details provided by a payer. 

In February 2022, the PSR published a new rule that paved the way for more banks and building societies to adopt CoP. The deadline to comply with Phase 1 was May 31. However, the regulator just announced that this deadline will be extended to June 30. This change has happened as some Phase 1 participants have experienced technical issues with their migration to the Phase 2 technical environment. This has delayed their readiness to provide CoP in the Phase 2 environment before Phase 1 was formally decommissioned on May 31. 

“The PSR has allowed a short extension to the operation of the Phase 1 technical environment to allow delayed firms to undertake the necessary work to complete their migration to Phase 2,” the regulator said in a press release. 

On the same day, the regulator announced new plans to increase the number of companies offering CoP to 400 by 2024, up from the 33 companies offering the services now, including banks and payment service providers (PSPs). The regulator has launched a consultation that will be open until July 8. 

According to the regulator’s analysis and evidenced from CoP participants, the program has shown that it helped to curtail the increase in some types of APP fraud, it reduced levels of fraudulent funds received into accounts by PSPs that have implemented CoP, and there has been a reduction in accidentally misdirected payments being made to the wrong person/account. 

“Protecting people who make payments should be a top priority for all financial firms. Those that have not yet introduced Confirmation of Payee need to step up to make sure their customers are protected,” said Genevieve Marjoribanks, head of policy at the PSR. 

This data has probably encouraged the regulator to push for a broader acceptance of CoP. Yet, given the volume of PSPs involved and the different levels of readiness, the regulator is proposing to split the requirements for PSPs to implement the CoP into two groups.  

The first group will be prioritized based on the complexity and size of the institution and/or firms where the adoption of CoP could have the biggest impact in preventing APP scams. This first group would see an increase of CoP coverage from 92% of transactions made via Faster Payments to 99%. This group would need to have implemented CoP by June 30, 2023. 

The second group includes all other firms which use either unique sort codes, or that are building societies using a Secondary Reference Data (SRD) reference type. This group would need to have implemented CoP by June 30, 2024. 

Read more: UK Payment Regulator to Get More Powers to Fight Authorized Push Payment Fraud 

Additionally, the PSR closed a consultation in January 2022 where the regulator proposed several measures to fight APP fraud. Under the proposal, some of the largest banks will have to publish data on their performance in relation to APP scams, reimbursement levels for victims, and which banks and building societies’ accounts are being used to receive the fraudulent funds.