The rise of fraud in Faster Payments

There is now more choice than ever before about how we can pay for things, transfer money and set up payment plans for services. New payment methods have taken advantage of technology and the ways in which it has affected human behaviour. Immediacy is now critical to every day interactions when purchasing goods and services, and the same can be said for how we send and receive money. One widely adopted payment method to transfer and receive money immediately is ‘Faster Payments’.

The Faster Payments Service (FPS) was originally launched in May 2008, allowing payers to transfer sums of up to £100,000 via the internet and over the phone, clearing within a few hours. In recent years, as adoption of this method of payment has grown, the limits which can be transacted have also increased. It is now possible to send individual payments of up to £250,000 in a single transaction, but organisations offering the service can define higher limits depending how the payment is instigated and the type of account the payment is being sent from. The clearing time has significantly reduced, meaning that payments can be received in just a few minutes after sending.

In a previous blog post, we stated that adoption of the Faster Payments method by consumers and organisations alike can be an attractive target for fraudsters. Recently, changes to UK banking infrastructure, namely Confirmation of Payee, seek to increase checks made on accounts which funds are taken from or paid into, and reduce the overall associated fraud. Below, we look to expand upon our previous post and assess the rise of fraud within Faster Payments and what you can do to slow this statistic down.

With over 2.4 billion payments being processed, 2019 saw Faster Payments break the record for the highest amount of payments processed in a single year. This equates monetarily to £1.9 trillion, and with this exceptional amount of money being transferred throughout the year it can mean catastrophic monetary losses for individuals, along with businesses.

How can Faster Payments be used fraudulently?

Faster payments are an example of a ‘Push Payment’. This relies on your customers or clients actively sending or ‘pushing’ money to you, and vice versa if you were to pay, for instance, a supplier. Fraudsters utilise faster payments by sending communications to an individual or company, acting as if they were someone else in order for you to send payment to them. This may sound like something that you would spot from a mile off, but with fraudsters hacking email accounts along with using social media to gain information about the people they are impersonating, it can be harder to determine whether it is genuine or not.

What problems does this cause?

Once payment has been sent through, if the victim then realises that it has been sent to a fraudster, they will most likely notify their bank as soon as possible to try to get their money back. Faster Payments unfortunately act exactly as their name suggests – they are transferred very quickly and fraudsters utilise this to their advantage by transferring them on to other accounts, as quickly as they came in.

Unlike other payment methods, clearing is almost instantaneous and there is currently little opportunity to cancel a payment. As the money is instantly cleared, there is no physical way that banks can reverse transactions, as is possible with Credit Cards for instance. In 2019, over £600 million was fraudulently obtained using Faster Payments in just the first six months of the year.

Surprisingly, until the introduction of Confirmation of Payee, banks themselves, despite asking consumers for confirmation, did not issue any stringent checks against the name of the account owner or the account itself, so seemingly innocent transactions could easily end up in the hands of criminals with no recourse.

Furthermore, due to the payment being made via the ‘Push’ method and issued by the victim, this made it more challenging to get their money back, because of the difficulty of proving that they had no idea that this money would end up in the wrong hands.

How is this being combatted?

The introduction of Confirmation of Payee, should assist people who are sending out payments. According to Pay.UK, Confirmation of Payee (CoP) is “a way of giving end-users of payment systems greater reassurance that they are sending their payments to the intended recipient. It is, in essence, an ‘account checking service’ that can help avoid payments being accidentally misdirected.”

Confirmation of Payee works by allowing a payer to check that the name (including a personal/business account indicator) they give for a new payee is the same as the account name/type held by the payee’s bank. This all sounds great in theory, but according to data acquired by LexisNexis, at the start of 2019, around 35% of authorized push payment frauds happening at that moment would generate a ‘match’ or ‘possible match’ within the fraudster’s details, meaning that the victim would have no way of knowing whether it was fraudulent or not.

Following a complaint issued by Which?, the FCA and Payment Systems Regulator (PSR) worked together to investigate this type of fraud, named Authorised Push Payment fraud (APP), finding ultimately that receiving PSPs could do more to identify fraudulent incoming payments. The PSR developed a voluntary industry code aiming to release a set of standards for PSPs to help prevent fraud and to protect and reimburse victims.

Launched in May 2019, the Contingent Reimbursement Model (CRM) was introduced to increase consumer protection against APP fraud. These measures include:

• Better education for consumers about current APP fraud scams
• Identification of higher risk payments and user groups at risk
• Providing warnings and slowing payments where a risk is identified
• Acting more quickly when a scam is reported
• Taking further steps to stop fraudsters opening bank accounts to be used for APP fraud.

In some circumstances, banks have agreed to reimburse consumers who have been victims of APP fraud where protective steps have been taken and can be illustrated.

Other methods to combat

A strong method to combat fraudulent Push Payments, is to consider using ‘Pull Payments’ instead. As the name suggests, instead of a payer pushing the payment to someone, a Pull Payment is set up via an initial agreement from the supplier to the buyer beforehand, then the supplier instructs the money to be ‘pulled’ over when the time comes to make that payment. Types of Pull methods include recurring card payments and Direct Debits.

At SmartDebit, we help organisations use the trusted Pull Payment method of Direct Debit to take recurring payments, thereby improving cash flow and reducing customer churn. Contact Us to find out more.