Fraudulent activities in the UK have reached concerning levels. Driven largely by advancements in technology[1] and widespread conversion to electronic bank transfers and digital transactions, the most recent data indicates that more than £570 million was stolen through authorised and unauthorised fraud in the first half of 2024[2]. The total cost of fraud this year is well on its way to being similar to the amount of £1.17 billion stolen in 2023[3].
But there is good news: October 2024 saw the introduction of two new initiatives by UK banks that are expected to significantly address the problem of fraud. New reimbursement obligations for authorised push payment fraud came into force on 7 October 2024, and on 31 October 2024 the name-checking service, Confirmation of Payee (CoP) was rolled out to safeguard over 99% of transactions using Faster Payments and CHAPS.
What can go wrong when you make a payment?
We have highlighted previously that when payments are made or received by businesses or individuals there are usually three types of things that may go wrong:
- A mistaken payment may be made because of an accidental error.
- An unauthorised payment may be made because of theft of a card, hacking, or other form of fraud and the payer’s credentials are used without their knowledge.
- An authorised push payment (APP) may be made willing because the payer has been tricked or scammed.
Although making a mistake such as mistyping or misdirecting a payment is very stressful and potentially costly, according to UK Finance, the biggest cost to individuals and businesses in the UK is from the two other types of wrongful payments, unauthorised and authorised push payments, both ultimately generated through fraud.
The consequences of unauthorised payment fraud
Transactions without the consent of the customer who owns an account have been covered by banking and finance regulations for some time. Provided that the individual or business who is the bank’s customer uses the payment instrument, such as a bank card, correctly, and reports any unauthorised transaction or of the loss or theft of the bank card to the bank promptly after becoming aware of this, they will receive a full refund.
Nevertheless, taking steps to keep bank cards, passwords, PINs and identity safe should be standard practice for us all. This will avoid undetected fraud, embarrassing cash flow problems and potential repayment delays while a bank investigates the unauthorised payment. If you are unhappy about your bank’s decision about an unauthorised payment, you may make a complaint to the Financial Ombudsman Service.
Addressing APP fraud
Increased APP fraud losses appear to be driven by the abuse of online platforms and telecommunications. Criminals use websites, phone calls, text messages and emails to encourage the fraudulent transfer of money through investment, romance or purchase scams. With the advent of generative AI and deepfakes, the number of impersonation scams has risen substantially. Individuals and business of all sizes have fallen victim to this type of fraud, including a British multinational engineering firm whose finance department was tricked into paying out US$25m to fraudsters who digitally posed as the CFO of the company during a video call.
The protections that came into operation in October relate to APP fraud. While the new fraud reimbursement obligations only apply to individuals and very small businesses, the extension of CoP should benefit both business and individuals.
APP fraud reimbursement protections
These protections apply to payments under the value of £85,000, within the UK, to individuals, microenterprises or charities. Victims of such fraud must be reimbursed by banks within five business days. We have previously given more detail about these protections.
Remedies for businesses
Since the new payment protection rules only apply to individual consumers, smaller charities (under £1 million annual income), and businesses (with fewer than 10 people and turnover under £2 million), CoP has become an essential anti-fraud tool for businesses. Implementing verification procedures is vital to avoid fraud. This includes checking payment details before making any financial transaction, and always using the account verification service that all banks should provide.
How to make the most of CoP protection
To make the most of CoP protection, when making or accepting payments businesses should take the following steps:
- For payments to you, be sure to give your business or trading name that’s registered on your account.
- Before you make a payment, contact the person or business you want to pay, and check the name on their account.
- Be sure to select the correct type of account for the person or business you are paying.
- If you are paying a person, use their first and last name, and if you are paying a business, use the business or trading name registered to their account.
- If you don’t get a match, you should contact the person or business you are trying to pay to confirm the account name, sort code and account number.
When contacting a supplier or other payee to check banking details and name, if you are making a payment in response to an email to check that the request is genuine speak to the person who sent the message or someone you know at the company concerned, either in person or over the phone. When calling that person, use a telephone number you know to be correct – do not rely on any telephone numbers quoted in the email itself.
Exercise caution if you have received correspondence, supposedly from a supplier, claiming that their bank account details have recently changed.
Once CoP is implemented, who is liable if a payment goes to the wrong place?
CoP is the latest in the banking industry’s initiatives to combat fraud. Since 2019 most major banks voluntarily use the Contingent Reimbursement Model for APP scams. This outlines who is liable if money is lost but depends on the facts of each case. Liability could lie with the paying bank or the receiving bank, the victim or some combination of these different parties. A business may also have other legal remedies if a bank does not take adequate steps to attempt to recover the money transferred once it knows of the fraud.
Summary
The improved protections relating to reimbursement obligations and confirmation of payees should help to address the high incidence of APP fraud and its consequences. But proactive vigilance by businesses and individuals is needed to avoid falling victim to fraudulent payments.
[1] https://www.financial-news.co.uk/recognising-emerging-fraud-threats-in-the-uk/ 20 November 2024
[2] https://www.ukfinance.org.uk/news-and-insight/press-release/over-ps570-million-stolen-fraudsters-in-first-half-2024
[3] UK Finance: Annual Fraud Report 2024
The information provided in this article is provided for general information purposes only, and does not provide definitive advice. It does not amount to legal or other professional advice and so you should not rely on any information contained here as if it were such advice.
Wright Hassall does not accept any responsibility for any loss which may arise from reliance on any information published here. Definitive advice can only be given with full knowledge of all relevant facts. If you need such advice please contact a member of our professional staff.
The information published across our Knowledge Base is correct at the time of going to press.
