Unlocking the future of secure payments
This article aims to elucidate the concept of Confirmation of Payee (CoP) and its significance in ensuring secure financial transactions. It delves into the evolving landscape of CoP processes and highlights the necessary measures that financial institutions should adopt to stay ahead in safeguarding their payment offering.
Background
Understanding Confirmation of Payee (CoP): Its Introduction and Purpose
The introduction of CoP represents a significant leap forward in supporting the security and precision of digital payments. Beyond safeguarding the financial services sector, CoP extends its protective mantle to both corporate entities and individuals alike. This chapter explores the fundamental purpose of CoP, elucidating its role in verifying payment recipient information before payment initiation. By empowering the payer to evaluate the accuracy of the payee’s payment account and, optionally, their name or identification number, CoP elevates the quality and efficiency of payment transactions. In doing so, it acts as a robust defense mechanism against misdirected and fraudulent payments, concurrently reducing payment rejections and returns. Ultimately, CoP enhances the overall customer experience by affording payers the assurance of payment correctness before making a payment.
How does CoP work?
When consumers and businesses make a payment, CoP shows them if the money is going to the right account. Before transferring the funds, they can verify that the name on the recipient account is the same person or business they intend to send the money to, ensuring the funds end up in the correct place.
In another word, it allows the payer to check that the name they provide for a new payee is the same as the account name held by the payee’s PSP.
When setting up a new payment, CoP lets the payer check the account details of the payee (person/business). The payer can then see whether the details are a match, a partial match, or no match. This outcome is then followed by an additional step enabling the payer to confirm whether the transaction should proceed or be cancelled. In an effort to mitigate potential fraud, both corporates and consumers are compelled to take more responsibility for the payments they process. This additional step allows the bank or PSP to warn payers about the risks associated with submitting a payment when there is a mismatch between the beneficiary and the account details. Payers should be advised to pause and perform further checks to verify the details with the payee to ensure the use of full and correct banking details.
CoP as a Complementary Scheme
It’s crucial to recognize that CoP operates as a complementary scheme rather than a standalone payment means or instrument. Its primary function lies in confirming the accuracy of payment account details before initiating a payment. The fundamental purpose of CoP is to enhance payment security without changing the basic way payment methods work.
The Functionality of a Request
A key component of CoP is the concept of a “Request.” A Request serves as a preliminary step before initiating a payment, confirming the payee’s accuracy. Its significance lies in its contribution to a streamlined, efficient payment process. By confirming the accuracy of the payee, requests serve as a protective shield against misdirected and fraudulent payments, reducing the occurrence of payment rejections and returns. This, in turn, results in an enriched customer experience, as payers gain confidence in payment accuracy.
Requests give the power to ascertain several critical elements:
· Payee’s Payment Account Existence: Requests can confirm the existence of the payee’s payment account.
· Matching the Payee’s Name: Requests can verify whether the payee’s payment account corresponds with the payee’s name.
· Matching the Payee’s Identification Code (not allowed for private individuals to initiate this matching): Requests can determine if the payee’s payment account aligns with their identification code.
Advancements and Innovations
Aligned with CoP, banks and financial organizations stand to gain newfound capabilities in introducing innovative services. CoP’s influence extends to promoting interoperability and the adoption of open standards, fostering improved financial integration. This, in turn, acts as a catalyst for the proliferation of an expanded array of financial products and services within the Nordic region.
What is the Current CoP Landscape in Nordic Countries?
Introduction to the CoP Scheme
The Nordic Payment Council (NPC) has introduced the Confirmation of Payee (CoP) Scheme, a comprehensive framework comprising roles, practices, and standards to be adhered to by participating entities. This scheme outlines specific data requirements for payers and payee payment service providers (PSPs), setting forth rules to be followed by payers and payee PSPs. Additionally, it outlines precise obligations for payee PSPs in their mandatory responses to CoP requests.
CoP Scheme Features
The CoP Scheme offers a range of features:
· Data Collection: The scheme stipulates a minimum set of data elements to be collected by payer PSPs from payers to verify payment information.
· Automated Processing: The CoP Scheme aims to automate request processing based on open standards and best practices, minimizing manual intervention.
· Harmonization of Standards: It provides a framework for standardizing practices, promoting uniformity, and eliminating hindrances within the payment ecosystem.
· Security and Efficiency: The scheme focuses on achieving high-security standards, mitigating risks, and enhancing cost efficiency for all participants.
· Market Development: It fosters a competitive market and improved customer services within the payment industry.
Types of CoP Requests
The CoP Scheme supports two types of requests:
· Confirmation of Account Request (CAR): This request type confirms the payment account number.
· Confirmation of Payee Request (CPR): This request type verifies both the payment account number and the payee’s name or identification code.
Requests can be sent as single requests in real-time or as bulk requests, with the latter typically initiated by non-private individual payers.
Key Actors in the Scheme
The CoP Scheme involves four main actors:
· The Payer: The customer initiating the request to the payer PSP.
· The Payer PSP: The participant receiving information from the payer and sending a request to the payee PSP.
· The Payee PSP: The participant receiving the request from the payer PSP and providing a response.
· The Payee: The customer of the payee PSP, holding the payment account to be confirmed.
Notably, the payer PSP and payee PSP may be the same participant.
The Model
The following diagram provides an overview of the contractual relationships and interaction between the main actors in the NPC model.
Source: NPC Confirmation of Payee Scheme Rulebook/NPC050-01 page 11.
Several contractual and operational relationships underlie the CoP Scheme:
· Contractual relationships governing the scheme to which all participants are bound.
· The relationship between the payer and the payer PSP regarding products, services, and terms and conditions.
· Relationships between payer PSPs, payee PSPs, and selected infrastructure providers, encompassing terms and conditions for services.
· The relationship between the payee and the payee PSP concerning the provision of a payment account.
These relationships and their functioning are not governed by the scheme but are crucial components of its operation.
NPC Rulebook
The NPC Confirmation of Payee Scheme Rulebook was published and agreed upon on 23rd February 2023, but it has not been implemented in Nordic banks yet. The expectation is that stakeholders will wait for more legislation and infrastructure to be set on the subject before adopting CoP, such as the implementation of PSD3/PSR.
What are the Benefits of CoP?
Prior to the introduction of CoP, payers would share payee details with their Bank or Payment Service Provider (PSP), and payments were processed based on these details, assuming their accuracy. However, there was no guarantee that the specified payee matched the actual account holder, leaving a vulnerability exploited by fraudsters through Authorized Push Payments (APP) and accidental misdirected payments. With CoP, a new era of payment security and accuracy is coming. CoP verifies that payers have the correct information for the intended payee. This verification process plays a pivotal role in shielding against APP fraud. Moreover, CoP acts as a safety net, preventing payments from reaching the wrong accounts. If the payee’s name does not match the account holder’s, CoP raises a red flag, mitigating risks.
By implementing CoP, the volume of incorrectly processed payments due to genuine human errors is significantly reduced. In essence, CoP not only fortifies the security of your payments but also ensures that your money reaches its intended destination, enhancing the overall reliability of the payment process.
Which Risks are being Mitigated by CoP?
CoP will not stop fraud altogether. But it’s part of a wider set of measures being put in place by the industry to fight fraud, so the idea is for CoP to work alongside a range of services to make it safer for everyone to send and receive payments.
For instance, Lloyds reported a 31% decrease in APP fraud after implementing CoP, highlighting its effectiveness.
Overall risk
CoP serves as a shield against errors and fraudulent activities, effectively diminishing the risk of misdirected payments and fraud attempts. Furthermore, it bolsters security by introducing an additional layer of verification, making it more challenging for malevolent actors to manipulate payment details. Importantly, CoP also reduces the risk of payment rejection or return attributable to inaccuracies, leading to a smoother and more reliable payment process for all stakeholders.
Financial risk
CoP reduces the risk of financial loss to businesses as well as individuals, reducing the time and cost spent on investigating and resolving fraud issues. It is reliable and cost-efficient because it uses a payee’s bank details in real-time and avoids more cumbersome verification methods such as a ‘penny drop’ check (where a very small test amount is sent to verify that it is being received by the intended recipient).
Reputational risk
Overlooking CoP implementation may result in problems impacting an institution’s reputation and its customer base, potentially leading to customer attrition. The overarching objective within the industry is to combat fraud and guarantee secure payments, with CoP playing a pivotal role in augmenting security, fortifying reputation, fostering customer trust, and nurturing loyalty. Payment providers that embrace CoP not only gain a competitive advantage but also reduce their exposure to liabilities compared to those who choose not to adopt it.
What are the Challenges to Consider?
Data Accuracy
If the recipient’s financial institution has incorrect information, then CoP will not be able to verify their identity, which could result in a payment being made to the wrong person. Financial institutions need to ensure that they have accurate and up-to-date information on all their customers to ensure that CoP works effectively. The CoP responder is liable if they provide incorrect information that results in transferring money to the wrong person.
Data Privacy
When a payment is initiated, the payer’s financial institution needs to share the recipient’s details with the recipient’s financial institution. This raises concerns about data privacy and the protection of sensitive information. Financial institutions need to ensure that they have appropriate security measures in place to protect the privacy of their customers’ data.
Technical Integration
Integrating CoP into existing payment systems can be a complex and time-consuming process. Financial institutions need to update all their systems and channels involved in transactions between the payer and payee.
Close Match Algorithm
The “close match” algorithm is designed to avoid immediately flagging a “no match” when there are minor differences between the Payee’s name as known by the Payer and the name registered by the Payee PSP. The key challenges with this algorithm are:
· Striking the Right Balance: Achieving the right balance between confirming a name with a close match and avoiding too many “no match” results requires continuous development and optimization.
· Handling Varied Deviations: The algorithm must address various types of deviations, such as missing or switched letters, phonetic substitutions, missing names, different name order, titles, diacritics, and more.
· Flexibility for Abbreviations and Nicknames: It should also be flexible enough to accommodate truncated or abbreviated names, initials, and well-known nicknames instead of formal names.
· Brand Name Recognition: The algorithm needs to recognize brand names confirmed by the Payee PSP, even if they differ from the legal name.
In summary, the “close match” algorithm aims to enhance user-friendliness by managing these challenges and ensuring a smooth payment process.
Cost
Implementing CoP requires financial institutions to invest in new technology and train their staff on how to use it. The cost of processing a real time request can be significant due to complexity in infrastructure but also for smaller financial institutions. Financial institutions need to weigh the benefits of CoP against the costs of implementation to determine whether it is a worthwhile investment.
Conclusion
In conclusion, Confirmation of Payee (CoP) emerges as a crucial mechanism in securing financial transactions and enhancing payment accuracy. The Nordic Payment Council’s CoP Scheme Rulebook sets the stage for a comprehensive framework, emphasizing the importance of confirming payee information for secure and accurate transactions. CoP, as a complementary scheme, introduces a series of requests that empower payers to verify the payee’s payment account and name, mitigating the risks of misdirected payments and fraud.
The CoP Scheme, with features like automated processing and harmonization of standards, fosters a competitive market and improved customer services in the payment industry. It acts as a shield against errors and fraudulent activities, reducing the overall risk of financial loss and protecting the reputation of financial institutions. While challenges such as data accuracy, privacy concerns, and technical integration exist, the “close match” algorithm aims to address these issues and enhance user-friendliness.
Ultimately, the adoption of CoP not only fortifies the security of payments but also ensures a reliable and efficient payment process, benefiting both financial institutions and their customers. As the financial landscape continues to evolve, CoP stands at the forefront, unlocking the future of secure payments.