Bank transfer fraud is no small matter – £800,000 ($970,160) is estimated to be stolen from victims every day. According to UK Finance data, there were 84,624 cases of Authorised Push Payment (APP) fraud in the UK in 2018, with a total of £354.3m lost to these types of scams. Gregor Dobbie writes
In an authorised push payment scam, a fraudster tricks their victim into sending money from their bank account to the criminal’s account – often by impersonating the genuine person or business the victim wants to pay.
Part of the problem is that when a bank transfer is made and the name of payee, bank account number and sort code are entered, the name is not validated against the name of the recipient registered at their bank. This means that money can be sent to the wrong person, either as a result of fraud or human error; research shows that one in 10 people have accidentally misdirected a payment in the UK.
Matching the name entered to the one associated with the recipient account might sound like a simple task, however it is more complex than it appears because the way we pay each other makes matching difficult. If a direct (i.e. perfect) match between the submitted name and the name associated with the end beneficiary was to be rigidly applied, typographical errors in the name field, abbreviations, joint accounts, phonetic spelling, and the use of nicknames would lead to payments being delayed or declined. This approach would risk a poor user experience, with customers either left unable to pay a legitimate individual or organisation, or forced to ignore red flags and send the funds against the system’s recommendation. Either of these outcomes would risk undermining trust.
The introduction of a ‘direct match’ name verification system would also have a significant impact on the banking sector. Managing customer queries and payment declines cost the industry time and money, and there is an additional – intangible – cost in the loss of customer confidence.
Something does need to be done, however, to address the current losses due to fraud and error being experienced by people and businesses in the UK every day.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataLast year, the Payment Systems Regulator (PSR) set out proposals for a Confirmation of Payee system which would require banks to check whether the name on the account that payer is sending money to matches the name they have entered. The PSR were originally looking for Confirmation of Payee to be introduced in July this year, but it’s now been confirmed that it won’t be implemented until 31 March 2020. With millions of pounds lost to payments fraud every year, initiatives such as Confirmation of Payee are absolutely vital for both consumers and businesses.
The process of implementing the Confirmation of Payee system could potentially be a complex one for some banks. There is also a huge challenge in tackling the vast account profile complexity which was highlighted in recent Vocalink research with four major UK banks. As a result of variations in spelling and format when people make payments to an account, our research found only 20% of accounts have a single dominant name, and 60% of UK accounts have three or more name variations associated with them. Staggeringly, the number of name variations can rise to over 1,300 for a single account, while 80% of transactions are sent to accounts with three or more name variations.
This variation can occur as a result of banks recording names in different formats, because of how accounts are structured differently for businesses or joint ownership, and because of widespread use of shortened or preferred names. For example, you might have a business account that is associated with RH Plumbing, RH Plumbing Limited, Plumbing and Robert the Plumber; or you may have a personal account that G Dobbie, Gregor Dobbie, and G H Dobbie are all associated with. The scope for a huge rise in payment delays or declines, therefore, is significant.
Vocalink has already successfully developed technology to check the name of the account holder whilst also taking into account name and spelling variance. Vocalink’s Account Verification Solution uses historical payments data and sophisticated algorithms to match the name of the account holder to the sort code and account number with a high degree of accuracy, and is ready for banks to implement today with minimal IT impact.
Account Verification scores and forensically analyses the names in a payment, including phonetic analysis, to provide high confidence matching with low false rejections. On average, over 95% of transactions correctly score a strong positive match reducing the need to respond with a “close match” result. The algorithms ensure genuine transactions are approved even when name variations in relation to an account are high. The solution builds our industry-wide anti-money laundering technology – Mule Insights Tactical Solution – which helps trace stolen funds and provide alerts as they move through the banking network and therefore there is even greater potential to tackle fraud by combining the two solutions.
Despite the launch of Confirmation of Payee being later than originally envisaged, it’s encouraging that solutions already exist that enable banks to get a head start in advance of the mandatory implementation dates that the PSR is planning to set. The fight against fraud is gaining ground and banks have also recently agreed to a new voluntary industry code of best practice to refund victims of APP scams when they are not at fault. This is very positive news for victims but there’s no doubt that protection and prevention is in the interest of all individuals and small businesses, as well as being more cost-effective for the banking sector than compensating after a loss has occurred.
UK businesses already believe that payments fraudsters are ahead of the game and research by Vocalink shows that 82% want banks and the government to do more to protect them. The UK financial services sector can take this opportunity to remind their customers that they are placing transactional security and fraud prevention at the heart of what they do. That’s why, at times such as these, it’s absolutely vital the industry works together to tackle fraudsters, including investing in the latest fraud-fighting technologies. It’s time to get ahead of the criminals.
Gregor Dobbie is the UK Managing Director at Vocalink, a Mastercard company.