Today (30 June) marks the final deadline for the UK's biggest banks to introduce Confirmation of Payee (CoP), a name-checking service for customers using online banking.
The scheme, which aims to help prevent bank transfer fraud by adding an extra level of protection to those who pay someone new or edit an existing payee, has already been beset by several delays.
It was originally due to come into force in July 2019, before being put back to 31 March 2020. However, the effects of the coronavirus crisis delayed the deadline further to 30 June.
Here, we explain how CoP works, and how it could protect you from fraud.
When you transfer money online to someone new, your payment is only processed using the account number and sort code - banks don't check whether or not the name you've entered actually matches the one with those account details.
For fraudsters posing as someone else, such as a solicitor or even another bank, this means they can provide a fake name with their own bank details and pocket the money before you've realised you've been scammed.
What's more, if you accidentally type in the wrong information, you could end up sending money to the wrong person and could face hassle getting it back.
Enter, Confirmation of Payee. With this added security, your bank will ask for the full name of the registered account holder before you send the money, and the type of account (personal or business). When you click to confirm the details, you'll encounter one of four outcomes:
If your payment doesn't match and your bank is signed up to the bank transfer (APP) scam code, they should give you guidance on what actions to take to address the risk.
CoP only affects 'Faster Payments' (including standing orders) and CHAPS in the UK; BACS payments, including direct debits, won't be included for now.
The checks will only take place when you pay someone new or alter an existing payment, as these occurrences carry the greatest risks of fraud or mistakes.
While CoP will make it more difficult for scammers to operate, it won't stop all bank transfer fraud, so you should still be vigilant.
Fraudsters could instead try to bypass namechecks by claiming that a business name is different because it's a related trading name, or they could set up a new business with a name that's deceptively similar to a legitimate one.
Which? wants all banks to sign up for CoP - not just the six largest banking groups. That way, fraudsters will be prevented from targeting banks that don't offer it, and consumers will see consistency among all providers.
The payments regulator has specified that the six biggest UK banking groups must offer CoP by 30 June. These include: Barclays, Lloyds Banking Group, Royal Bank of Scotland Group, Santander, HSBC Group (excluding M&S Bank) and Nationwide Building Society.
Lloyds Banking Group (Bank of Scotland, Halifax and Lloyds Bank) implemented CoP measures on 2 March 2020 - way ahead of the deadline. RBS and NatWest also have the services up and running already.
Several other banks are also signing up voluntarily. TSB, The Co-operative Bank, Starling, Monzo and Danske Bank - to name a few - all said they plan to implement CoP, some from 30 June and others by the end of the year. M&S Bank told us it has already implemented CoP for inbound payments, and has plans to deliver it for outbound payments, too.
Banks that fail to meet this deadline may face formal action from the Payment Systems Regulator (PSR).
If you decide you don't want to be involved with CoP, banks have to give you the option of opting out.
However, as the whole point of CoP is to reduce the risks of bank transfer fraud, or of you entering the wrong account details by mistake, you should think carefully before deciding to opt out.
If you're worried about the security aspect, know that your data will be stored securely, as banks will be using the directory service to exchange CoP requests. Firms will also be required to undergo rigorous security checks, and they'll be regulated by the FCA or European equivalents.