The UK is fortunate in having a centralised bank clearing system that offers quick and easy money transfers. While some of the world’s major developed nations still maintain a disconnected, lengthy exchange process or a pay cheque culture, in the UK cheque payments for wages and salaries are all but dead.
Since 1968, BACS (the Bankers Automated Clearing System, which is now part of retail payment authority, Pay.UK) has offered employers an automated same day debit and credit capability based on a three-day submission cycle. This means that the instructions issued on day one can be applied as a same day transfer on day three.
Bacs Direct Credit claims to undertake 90% of all payroll payments to UK workers and remains for many employers the payment vehicle of choice. Her Majesty’s Revenue & Customs employs BACS alongside its regular Real Time Information Full Payment Submission using the BACS Hash to verify employee payments and give assurances to the Department for Work and Pensions in relation to Universal Credit claims. The method is generally perceived as reliable, secure and accurate – although it does depend on the correct payment details being provided, of course.
But over recent years, possible methods for transferring money have also been expanded to include mobile applications that facilitate transfers via banks using direct services; Faster Payment services; Chaps; PayPal and other forms of instant bank transfer at both a local and international level.
The problem is that along with access to faster services have come more opportunities for fraud and theft, with opportunist crime becoming more prevalent. As the UK’s Financial Conduct Authority (FCA) aptly put it: “Digital banking is a powerful tool. But powerful tools need safety features, especially when fraudsters are becoming increasingly inventive.”
In fact, it has become progressively clear that for “the practised fraudster, it’s relatively easy to convince people to transfer money to them”, the FCA continued. For example, Authorised Push Payments (APPs), which are based on faster payment methods, led to the theft of more than £200 million (US$252 million) in 2017.
Because of this situation, Pay.UK is introducing new obligations this year for push payments (online and faster payments) in the form of ‘Confirmation of Payee’ (CoP) requirements when employers set up a new payment or amend an existing one – although CoP will not apply to payroll BACS credit payments, which by nature consist of bulk batch-based credit.
Complying with CoP
To comply with CoP when making an electronic payment, it is necessary to provide banks with the payee’s personal details: sort code, account number, and the name of the person or organisation you wish to pay. Although banks currently use sort codes and account numbers to determine where payment should be sent, they are unable to check the name on the account being paid.
Therefore, CoP is a way of providing more assurance that payments are being sent to the intended recipient. In essence, it is an ‘account name checking service’ that can help avoid payments being misdirected due to errors.
CoP also helps to address certain types of APP fraud by introducing another hurdle for fraudsters to overcome and by providing warnings to customers about the risks of sending money to an account in which the name does not match that of the intended recipient.
CoP works on a principle of:
- Match: It will work even in the case of a single individual with a joint account;
- Fuzzy match: It will work even if the account name is similar but not exactly the same;
- Not recognised: This situation takes place if the name on the account is not the same or similar.
But in all three cases, payment can still take place if a confirmation to proceed is received.
To be more specific though, what exactly is meant by a fuzzy match? If I take myself as an example, while my full name is Philip Simon Parsons, no one has ever called me Philip, including my parents, as I come from an long-line of middle name users.
But if I received a payment targeted at ‘P Parsons’, ‘Philip Parsons’, ‘Simon Parsons’, ‘P S Parsons’ or any other like combination, which includes a range of prefixes such as ‘Mr’, in the case of push payments, they would all be either matched or fuzzy-matched to my account name.
The same is true of bank accounts that are in joint names as payroll payments are unlikely to be targeted at a joint account name but rather at the name of the individual employee.
For the time being though, payments made via BACS to an account with a name that is different to the target employee will not be rejected as the first phase of CoP does not apply to either payroll or Batch BACS payments. Additional facilities will also be made available in future to help with additional one-off identity verification as employees’ details do not tend to change that often.
Simon Parsons is director of payment, benefits and compliance strategies at HR and payroll services provider, SD Worx . He is also involved in a number of HMRC and government consultative groups and committees. As a fellow of the Chartered Institute of Payroll Professionals and one of the original Masters of Science in Payroll Management, Simon is also a regular author and speaker on payroll matters.
OTHER STORIES THAT MAY INTEREST YOU
Exploring the UK's electronic payment system options
The United Kingdom Payroll Library 2018/19
The UK is fortunate in having a centralised bank clearing system that offers quick and easy money transfers. While some of the world’s major developed nations still maintain a disconnected, lengthy exchange process or a pay cheque culture, in the UK cheque payments for wages and salaries are all but dead.
Since 1968, BACS (the Bankers Automated Clearing System, which is now part of retail payment authority, Pay.UK) has offered employers an automated same day debit and credit capability based on a three-day submission cycle. This means that the instructions issued on day one can be applied as a same day transfer on day three.
Bacs Direct Credit claims to undertake 90% of all payroll payments to UK workers and remains for many employers the payment vehicle of choice. Her Majesty’s Revenue & Customs employs BACS alongside its regular Real Time Information Full Payment Submission using the BACS Hash to verify employee payments and give assurances to the Department for Work and Pensions in relation to Universal Credit claims. The method is generally perceived as reliable, secure and accurate – although it does depend on the correct payment details being provided, of course.
But over recent years, possible methods for transferring money have also been expanded to include mobile applications that facilitate transfers via banks using direct services; Faster Payment services; Chaps; PayPal and other forms of instant bank transfer at both a local and international level.
The problem is that along with access to faster services have come more opportunities for fraud and theft, with opportunist crime becoming more prevalent. As the UK’s Financial Conduct Authority (FCA) aptly put it: “Digital banking is a powerful tool. But powerful tools need safety features, especially when fraudsters are becoming increasingly inventive.”
In fact, it has become progressively clear that for “the practised fraudster, it’s relatively easy to convince people to transfer money to them”, the FCA continued. For example, Authorised Push Payments (APPs), which are based on faster payment methods, led to the theft of more than £200 million (US$252 million) in 2017.
Because of this situation, Pay.UK is introducing new obligations this year for push payments (online and faster payments) in the form of ‘Confirmation of Payee’ (CoP) requirements when employers set up a new payment or amend an existing one – although CoP will not apply to payroll BACS credit payments, which by nature consist of bulk batch-based credit.
Complying with CoP
To comply with CoP when making an electronic payment, it is necessary to provide banks with the payee’s personal details: sort code, account number, and the name of the person or organisation you wish to pay. Although banks currently use sort codes and account numbers to determine where payment should be sent, they are unable to check the name on the account being paid.
Therefore, CoP is a way of providing more assurance that payments are being sent to the intended recipient. In essence, it is an ‘account name checking service’ that can help avoid payments being misdirected due to errors.
CoP also helps to address certain types of APP fraud by introducing another hurdle for fraudsters to overcome and by providing warnings to customers about the risks of sending money to an account in which the name does not match that of the intended recipient.
CoP works on a principle of:
- Match: It will work even in the case of a single individual with a joint account;
- Fuzzy match: It will work even if the account name is similar but not exactly the same;
- Not recognised: This situation takes place if the name on the account is not the same or similar.
But in all three cases, payment can still take place if a confirmation to proceed is received.
To be more specific though, what exactly is meant by a fuzzy match? If I take myself as an example, while my full name is Philip Simon Parsons, no one has ever called me Philip, including my parents, as I come from an long-line of middle name users.
But if I received a payment targeted at ‘P Parsons’, ‘Philip Parsons’, ‘Simon Parsons’, ‘P S Parsons’ or any other like combination, which includes a range of prefixes such as ‘Mr’, in the case of push payments, they would all be either matched or fuzzy-matched to my account name.
The same is true of bank accounts that are in joint names as payroll payments are unlikely to be targeted at a joint account name but rather at the name of the individual employee.
For the time being though, payments made via BACS to an account with a name that is different to the target employee will not be rejected as the first phase of CoP does not apply to either payroll or Batch BACS payments. Additional facilities will also be made available in future to help with additional one-off identity verification as employees’ details do not tend to change that often.
Simon Parsons is director of payment, benefits and compliance strategies at HR and payroll services provider, SD Worx . He is also involved in a number of HMRC and government consultative groups and committees. As a fellow of the Chartered Institute of Payroll Professionals and one of the original Masters of Science in Payroll Management, Simon is also a regular author and speaker on payroll matters.
OTHER STORIES THAT MAY INTEREST YOU
Exploring the UK's electronic payment system options
The United Kingdom Payroll Library 2018/19
