The PSR Mandate: Enhancing Payment Security in the UK with Confirmation of Payee

Every day, billions of pounds traverse the UK's payment infrastructure. Initiatives such as CoP ensure these transactions occur seamlessly, underscoring the importance of advanced security measures in the current financial ecosystem.

Launched in 2020, the Confirmation of Payee (CoP) system stands as an added layer of protection, allowing payers to authenticate the recipients of their transactions prior to execution. Its integration spans across a wide array of UK banks, building societies, and payment service providers, encapsulating more than 98% of total payments. At its core, CoP's mission is twofold: to robustly address Authorized Push Payment (APP) fraud and to eliminate misrouted payments.

Before the advent of CoP, users entrusted their Payment Service Provider with essential recipient information, such as the bank sort code, account number, and name, which was then used to facilitate the transaction. However, this system had an inherent vulnerability: it lacked a method for the payer to validate the recipient's name. CoP fills this gap by granting payers the capability to verify the account holder's name, significantly diminishing the risk of fraud.

The CoP mandate, unveiled by the Payment Systems Regulator (PSR), is a strategic countermeasure against payment fraud. It mandates that banks and payment service providers (encompassing services like Faster Payments, BACS, and CHAPS) cross-verify the recipient's name against account details before authorizing a transaction.

This regulation will be applicable to over 400 financial institutions, each of which must adopt both a Requestor & Responder (Outbound & Inbound) solution by either 31 October 2023 or 31 October 2024.

The evolving nature of fraud means that perpetrators are consistently identifying and exploiting weak points. According to the PSR, fraudsters are now zeroing in on market segments and financial institutions that have been sluggish in partnering with CoP providers.

Recent statistics highlight a concerning shift in criminal activity, focusing predominantly on authorised push payment (APP) fraud. Fraudsters employ an array of tactics, ranging from scam calls and deceptive text messages to counterfeit websites and misleading social media content, all designed to hoodwink individuals into releasing personal data or approving fraudulent payments.

As per recent data:

• 2018: £354.3 million
• 2019: £456 million (29% increase)
• 2020: £479 million (5% increase)
• 2021: £583.2 million (21.7% increase)
• 2022: £485 million

While there's a visible decrease in 2022, it's crucial to note that these figures represent only reported losses. The true magnitude of unreported losses remains elusive.

In June 2023, the PSR unveiled updated guidelines concerning the reimbursement stipulations for APP fraud via the Faster Payment Scheme. Key takeaways include:

• Victims of APP fraud will be compensated by their PSP unless demonstrated that they were “Grossly Negligent”.
• Reimbursements are to be completed within five working days post reporting, with certain scenarios permitting extended durations.
• The liability will be shared equally between the sending and receiving PSP.
• Specific exemptions are in place for vulnerable customers.
• PSPs must report APP Fraud metrics, both inbound and outbound, to the PSR for public disclosure.

Further details, inclusive of the implementation date, are scheduled for consultation in Q3 2023, with an anticipated 2024 roll-out.

Integrating Confirmation of Payee within payment pathways is a decisive step in bolstering fraud protection for PSPs and their clientele. A transaction that doesn't match the expected customer name is 25 times more likely to be fraudulent. When considered alongside the inherent risks of transacting with a new beneficiary (4 times higher fraud likelihood), a mismatched new beneficiary payment can be up to 100 times riskier.

Moreover, in light of the impending PSR regulations regarding mandatory reimbursements for APP Fraud, the inclusion of CoP stands as an indispensable component of a comprehensive fraud defence arsenal. By leveraging CoP, institutions can fortify their financial positions, mitigating liabilities and potential losses. Additionally, this proactive approach safeguards an institution's reputation, especially given the imminent publication of effectiveness league tables pertaining to APP fraud countermeasures.

With the PSR mandate's deadlines fast approaching, now is the time to begin your Confirmation of Payee implementation. Form3’s API driven solution is the vital line of defence against APP scams and misdirected payments, ensuring your customers enjoy a secure and reliable payment experience. Experience the power of Form3's cutting-edge Confirmation of Payee service, designed to provide unparalleled security and compliance. Our solution offers:

• Swift onboarding process led by a dedicated manager
• Responder and Requester roles for flexibility
• Compatibility with Faster Payments and CHAPS transfers 
• High-resilience through cloud-based infrastructure
• Coverage of UK personal and business accounts, including those needing Secondary Reference Data