Confirmation of Payee (CoP) is a form of verification for digital payments that provides account name checking for service users. It can be helpful in preventing fraud, and makes it much more difficult for criminals to take advantage of customers and redirect funds to their accounts.
Generally, it also enhances accuracy in payments. A CoP functionality makes it less likely that money ends up being sent to the wrong account - whether through manipulation or a simple mistake.
In the UK, CoP was first rolled out in 2020. The Payment Systems Regulator (PSR) directed the UK’s six largest banking groups to introduce CoP for online and mobile payments before it got expanded to CHAPS (Clearing House Automated Payment System) payments. Beyond the six largest banks, the PSR rolled out CoP adoption to 50 other firms in June this year, and a further 400 firms are expected to introduce the measure by June 2024.
It is no wonder that the UK regulator has led the way here, too. The payments ecosystem has had to deal with eye-watering levels of authorised push payment (APP) scams, which overtook card fraud in the first half of 2021.
The UK’s CoP service is an interbank scheme managed by Pay.UK, and many banks have turned to solution providers operating in this space such as Bottomline, Banfico, and SurePay.
Surepay, having originally piloted a confirmation of payee service with Rabobank, quickly became a hit with consumer advocacy organisations, which in turn pressured all major banks in the Netherlands to join the scheme.
Across Europe, other initiatives have sprung up in different EU member states.
EBA CLEARING, the pan-European payment infrastructure provider, also intends to have a pan-European IBAN/name check in place by November 2023 as part of the company’s Fraud Pattern and Anomaly Detection (FPAD) solution.
On a cross-border level, SWIFT is seeking to address this problem space using their payment pre-validation service, JP Morgan using Confirm, and iPiD is making waves as the startup battling these goliaths.
Cross-border interoperability remains a challenge due to differing privacy/bank secrecy legislations as well as payment habits. The European Payments Council is currently working on developing a pan-European CoP rulebook, that will soon be available for public consultation.
Now, the EU has plans to legislate too
New legislation in the EU makes CoP a reality across the bloc in a way that it hasn’t been before.
For example, the EU’s instant payments regulation, which was released in October 2022, dictates that all PSPs who offer an instant payment service (including those not under an obligation to do so) are required to provide their users with a service checking that the payee’s IBAN matches the payee’s name and notifying the user of any discrepancies.
This notification must be given before the payer finalises the transaction and before the PSP executes it, with the user ultimately being able to decide whether to go through with the transaction.
Meanwhile, the EU’s Payment Services Regulation (PSR), which will eventually supersede the Payment Services Directive (PSD2), goes further than this, with a requirement for PSPs offering any credit transfer in any EU currency to provide CoP.
The EU has stressed since its Retail Payments Strategy was published in September 2020 that it wants to make instant payments the new normal. The roll-out of CoP alongside this shows that it wants to get ahead and prevent the same levels of fraud as has taken place in the UK since the roll-out of faster payments.
However, while CoP is arguably necessary for an increasingly digitised payments environment, it will come with costs to financial institutions.
For example, the impact assessment for the EU's instant payments regulation does acknowledge that there will be one-off implementation costs for institutions to check that the payee’s IBAN matches the payee name.
However, the European Commission also says that ongoing costs for PSPs would be limited and that the cost impact for PSPs would be neutral over time, in light of significant savings from less time and effort spent following up fraud and errors.
Not implementing a sufficient CoP model could also mean liability costs for PSPs. With the PSR, reimbursement of customers becomes mandatory in almost all instances apart from when the firm has reasonable grounds to believe that fraud is being committed by the customer.
So, having a form of CoP in place will make it less likely that customers will get to such a point and request to be reimbursed.