UK: Banks to start checking name of who you're sending cash to online

[Lightning]

Interesting development in the UK where banks will start checking if the name of the person that you are paying matches the name on the account.

Good fraud prevent measure. Should help prevent people wiring money to wrong accounts.

If it works, hopefully Irish banks will start doing something similar.

More .

 

[Brendan Burgess]

This has come from a concerted campaign from consumer advocates suggesting that the banks should compensate people who are victims of push fraud, where someone is conned into transferring money into the fraudster's account.

These same advocates shouted for years about banks taking too long to transfer money.

A much simpler solution would be for transfers to take two days. That would catch most frauds.

Brendan

 

[hfp]

A much simpler solution would be for transfers to take two days. That would catch most frauds.

Brendan

Would it though? It appears that the recent increase in this sort of fraud is due to the use of email as a form of communication which is insecure and liable to interception, not payments crediting faster.

In most cases that I have read about the fraud does not come to light until the intended recipient queries why they have not received payment - this would still be the case if the anticipated due date is in 2 days time or 2 hours time. Similarly the fraudsters are withdrawing the funds as soon as they hit the account leading to the payment being non-recoverable, again this would be the case whether the payment goes in straight away or in a few days.

 

[Brendan Burgess]

It is amazing the number of people who realise immediately afterwards that they have been scammed. But as you say

Similarly the fraudsters are withdrawing the funds as soon as they hit the account

So if the victim realises it in time, they have two days to stop it.

Brendan

 

[Lightning]

I don't think fraud should be a reason to stop the speeding up of payments.

There have been great strides to increase payment times in recent years. 10 years ago, it was common for payments to take 3-4 days, now it is often under 1 day and sometimes even quicker.

Quicker payments have helped speed the adoption of electronic payments.

The pros of quicker payments outweight the cons.

Ireland should introduce the same name check as the UK.

 

[Protocol]

I'm surprised this isn't done already.

Online transfers ask that the payer state the name of the payee account, surely that is checked as well as the IBAN?

 

[Lightning]

Currently IBAN is the only field used to identify where the money is going.

 

[Jim2007]

So if the victim realises it in time, they have two days to stop it.

First of all most fraudulent transactions take well over two weeks to be detected and more likely a month. Second there is no legal way to stop a validated transition in an international payment system short of a court order.

My experience working on SEPA payment system implementation back in the day.

 

[Jim2007]

Good fraud prevent measure. Should help prevent people wiring money to wrong accounts.

SEPA transactions carry details of both the debitor and creditor accounts and many banks across Europe already validate account names. However it does very little in helping fraud detection since the originating bank can only validate the source account and the receiving bank can only validate the target account. So at best a bit of error detection. And a good PR exercise.

There is good news for the receiving bank though, since they are still valid transactions they get sent to suspense rather than being returned and who can benefit from the suspense balance??? I don’t have much regard for UK banking practices.

As most of these blocked transactions need to be released manually it can become a real hassle if you have an account name that can be easily misspelled such as Smith - Smyth, Brown - Browne, Jon - John and so on.

 

[Paul M.]

Ireland should introduce the same name check as the UK.

I'd imagine that any introduction of a name check would have to be done at an EU level as it'd need to be on the entire SEPA payments system:- just adding it on transfers received into Irish bank accounts wouldn't be very effective. Honestly, I think a more effective measure might be greater encouragement of the use of the SEPA Direct Debit scheme (with all of its consequent refund guarantees). GoCardless.ie is a good example of how this can be done but I've not seen huge take up of it.

This is probably going to be more of an issue in the future as SEPA Instant becomes more available.

 

[Jim2007]

I'd imagine that any introduction of a name check would have to be done at an EU level as it'd need to be on the entire SEPA payments system:- just adding it on transfers received into Irish bank accounts wouldn't be very effective. Honestly, I think a more effective measure might be greater encouragement of the use of the SEPA Direct Debit scheme (with all of its consequent refund guarantees). GoCardless.ie is a good example of how this can be done but I've not seen huge take up of it.

This is probably going to be more of an issue in the future as SEPA Instant becomes more available.

My previous post just above yours:

SEPA transactions carry details of both the debitor and creditor accounts and many banks across Europe already validate account names. However it does very little in helping fraud detection since the originating bank can only validate the source account and the receiving bank can only validate the target account. So at best a bit of error detection. And a good PR exercise.

 

[moneymakeover]

Would it be a "loose" name match?

Because if there was any ambiguity the payment would fail. And that might not be good either.

 

[RedOnion]

To clear this up a little, the UK system will tell the sender, before the funds are sent, if the receiver account name matches.

If it's an exact match, all fine.
If it's a close match (e.g. Smith Vs Smyth) the sender will be shown the correct name, and can amend details before proceeding.
If it's not a close match, they'll be told the name doesn't match.

That's it.

No suspense accounts.
No banks holding funds for their own benefit.
The receiver bank doesn't manually intervene.
It's all in the control of the sender.

 

[Jim2007]

To clear this up a little, the UK system will tell the sender, before the funds are sent, if the receiver account name matches.

Do you have a reference for this? I have not heard of this before and in order for it to work it would require the banks to share customer data which would cause data protection issues at a very minimum. And in general banks do not like to provide their competitors with their customer lists. It would also have tax implications as well since it would be possible for revenue or anyone of that matter to on fishing expeditions to discover foreign held accounts etc.

It is possible that the new third party processors could offer such a service, but since their use is optional you’d never know if an account does not exist or if the customer just opted out. There is also the challenge of the small or private banks in mainland Europe who use partner banks to process their SEPA transitions where the customer name is not the account name.

Like I said I’d be very interested to have your reference on this.

 

[Jim2007]

OK I had a chat with a colleague and got a link:



The service will be offered by Pay.UK one of the major transaction processors. It will be based on data held by them from previous processing and not data held by the banks. This has implications:
- They will not be aware of all accounts even in the UK
- They will not be aware of closed or blocked accounts
- They will not be aware of situations where the receiving bank intervened, so an invalid account will remain as valid
- A serious of invalid transactions can produce a temporary valid account rule.

So it adds another layer, but it is no fool proof and of course depends on the payment processors being used. And about all depends on people not overriding the warning.

No suspense accounts.
No banks holding funds for their own benefit.

And yes this will apply if the transition gets processed.

 

[RedOnion]

The service will be offered by Pay.UK one of the major transaction processors. It will be based on data held by them from previous processing and not data held by the banks. This has implications:
- They will not be aware of all accounts even in the UK
- They will not be aware of closed or blocked accounts
- They will not be aware of situations where the receiving bank intervened, so an invalid account will remain as valid
- A serious of invalid transactions can produce a temporary valid account rule.

Do you have a reference for any of this? It seems to contradict details in the website you linked to.

Do you have a reference for this?

I design banking / payments systems for a living. However, I didn't say anything that wasn't included in the article linked in the first post. It appeared that there were some contributions from posters who didn't fully understand what there were saying.

it would require the banks to share customer data which would cause data protection issues at a very minimum. And in general banks do not like to provide their competitors with their customer lists.

There are no shared lists needed. This is all based on API standards, where messages are passed between banks. Anyone operating faster payments is already operating in a message based payment infrastructure.
Pay.uk have already completed a GDPR assessment, but it's up to each PSP to ensure compliance.

The service will be offered by Pay.UK one of the major transaction processors.

Pay.uk are a payment services authority. They set the industry standards around both BACs and Faster Payments. There's not much goes on within domestic payments in the UK that isn't in their remit.

It will be based on data held by them from previous processing and not data held by the banks.

So, they're not going to do what they actually said they will, when they said the check is done by the recipient bank?

So it adds another layer, but it is no fool proof and of course depends on the payment processors being used. And about all depends on people not overriding the warning.

In combination with the proposed compensation scheme, there will be strong buy-in from banks.

And yes this will apply if the transition gets processed.

No differently to how it currently does. The receiving bank won't check names once it receives the payment, only the initial message request.
The UK already has Faster Payments where situations like closed / blocked accounts are handled.

There is also the challenge of the small or private banks in mainland Europe who use partner banks to process their SEPA transitions where the customer name is not the account name.

That is an interesting challenge to be overcome in a SEPA context, but the UK solution is a domestic one only.
There will be smaller institutions that will struggle with this. But remember, this is all happening alongside PSD2 regulations which they have to overcome too.