Confirmation of Payee - is it as poor for everyone else?

colsten

schiff said:

Today I've done a FP from Santander to my new Virgin HBC. The destination I put as Virgin HBC 3 (for my own purposes to differentiate it from the other Virgin HBC for future payments). Entered the sort code and my account number. It came up Virgin Bank so I knew I was on the right lines. Next page told me name not recognised and/or wasn't in the system so I carefully checked that I'd got the numbers right, overrode and sent the payment. It's the way I've been setting up new FPs and SOs since the start of CoP.

Same here. 

RetSol

If the use of Paym were more widespread, would that overcome some of these difficulties - https://forums.moneysavingexpert.com/discussion/6229155/why-does-no-one-know-about-paym#latest?

colsten

naedanger said:

colsten said:

robatwork said:

Still not sure if it's the way Santander have implemented it that has meant I have never had one match or even the option that says "it's close but no cigar".  For it not to work with the country's biggest businesses is, as Private Eye may say, pisspoor.

... as the main purpose of CoP is to exempt banks from any liability if the customer sends money to a wrong account.

Are banks liable if a customer sends money to the wrong account when CoP is not present? 

In some cases, banks have been deemed liable by the FOS, even though on the face of it, the account holder was a bit of a nitwit. It's cost the banks hundreds of millions each year. 

eskbanker

naedanger said:

eskbanker said:

naedanger said:

colsten said:

robatwork said:

Still not sure if it's the way Santander have implemented it that has meant I have never had one match or even the option that says "it's close but no cigar".  For it not to work with the country's biggest businesses is, as Private Eye may say, pisspoor.

... as the main purpose of CoP is to exempt banks from any liability if the customer sends money to a wrong account.

Are banks liable if a customer sends money to the wrong account when CoP is not present? 

Depends on the circumstances - if the customer simply makes a typo then the bank won't be responsible for that, but if it's an authorised push payment scam, under which the customer has been misled into paying a fraudster when thinking they're paying a legitimate company, then most major banks signed up to a voluntary code accepting liability for this in 2019:

https://www.moneysavingexpert.com/news/2020/02/funding-to-refund-money-transfer-scam-victims-extended-to-the-en/

In that case it is hard to see why someone would conclude CoP's main purpose is to exempt banks from liability if the customer sends money to the wrong account. (The banks are already exempt for that liability except if they have failed to follow properly industry fraud prevention practices.)

It seems what COP should achieve, once fully and properly implemented, is to reduce the instances where customers make typos. Personally I have always thought the lack of check digits is a significant design failure on a system that relies on customers not making typing mistakes. Make banks liable for this design failure and they will find soon find a solution.

It's the APP scam liability that the banks are trying to offload, not the typos (which as above they're not liable for).  If a customer was erroneously believing that they're transferring to funds to a 'safe account' with XYZ Bank, or to ABC Solicitors, but CoP tells them that the destination account isn't in the name they thought it was, then the bank can evade liability if the customer chooses to continue despite the CoP warning.  Obviously this depends on the credibility of CoP so it remains important for the banks to refine it to the point where it's actually reliable....

Edit: https://www.ukfinance.org.uk/system/files/Fraud-The-Facts-2020-FINAL-ONLINE-11-June.pdf explains the growing APP scam issue, where losses due to this reached £455.8m in 2019, up 29% on the previous year.  As explained on page 46, immediately before the 2019 APP code was introduced, banks reimbursed 19% of such claims, but this leapt to 41% after the code was implemented, so the imperative to contain their liability via CoP was clear, in the face of hundreds of millions of pounds of avoidable cost....

colsten

RetSol said:

If the use of Paym were more widespread, would that overcome some of these difficulties - https://forums.moneysavingexpert.com/discussion/6229155/why-does-no-one-know-about-paym#latest?

Aside from the fact that you couldn't use PayM to deposit money into many savings accounts (e.g. a Virgin Money, RCI, Skipton), I can't see how PayM would be more secure from scamsters. Besides, PAYM requires a mobile device, the very gadgets many of the people who struggle with payments to sort codes and account numbers don't have / don't want to have / say they can't use because they have no mobile signal etc etc lahdee-dah-dee-dah.

naedanger

eskbanker said:

naedanger said:

eskbanker said:

naedanger said:

colsten said:

robatwork said:

Still not sure if it's the way Santander have implemented it that has meant I have never had one match or even the option that says "it's close but no cigar".  For it not to work with the country's biggest businesses is, as Private Eye may say, pisspoor.

... as the main purpose of CoP is to exempt banks from any liability if the customer sends money to a wrong account.

Are banks liable if a customer sends money to the wrong account when CoP is not present? 

Depends on the circumstances - if the customer simply makes a typo then the bank won't be responsible for that, but if it's an authorised push payment scam, under which the customer has been misled into paying a fraudster when thinking they're paying a legitimate company, then most major banks signed up to a voluntary code accepting liability for this in 2019:

https://www.moneysavingexpert.com/news/2020/02/funding-to-refund-money-transfer-scam-victims-extended-to-the-en/

In that case it is hard to see why someone would conclude CoP's main purpose is to exempt banks from liability if the customer sends money to the wrong account. (The banks are already exempt for that liability except if they have failed to follow properly industry fraud prevention practices.)

It seems what COP should achieve, once fully and properly implemented, is to reduce the instances where customers make typos. Personally I have always thought the lack of check digits is a significant design failure on a system that relies on customers not making typing mistakes. Make banks liable for this design failure and they will find soon find a solution.

It's the APP scam liability that the banks are trying to offload, not the typos (which as above they're not liable for).  If a customer was erroneously believing that they're transferring to funds to a 'safe account' with XYZ Bank, or to ABC Solicitors, but CoP tells them that the destination account isn't in the name they thought it was, then the bank can evade liability if the customer chooses to continue despite the CoP warning.  Obviously this depends on the credibility of CoP so it remains important for the banks to refine it to the point where it's actually reliable....

I expect the scammers will just tweak their story slightly to account for the difference in account name. Might cut down a little, but probably not as much as you might think.

I do see it helping cut down significantly on the instances of customers from making typing blunders. 

eskbanker

naedanger said:
I expect the scammers will just tweak their story slightly to account for the difference in account name. Might cut down a little, but probably not as much as you might think.

But the point is that in such scenarios the customer would be liable if they continue while ignoring the warning, so even if the scams continue, the banks wouldn't be on the hook.

naedanger said:

I do see it helping cut down significantly on the instances of customers from making typing blunders. 

Yes, this should be expected too, especially when CoP has become established and reliable.

naedanger

colsten said:

naedanger said:

colsten said:

robatwork said:

Still not sure if it's the way Santander have implemented it that has meant I have never had one match or even the option that says "it's close but no cigar".  For it not to work with the country's biggest businesses is, as Private Eye may say, pisspoor.

... as the main purpose of CoP is to exempt banks from any liability if the customer sends money to a wrong account.

Are banks liable if a customer sends money to the wrong account when CoP is not present? 

In some cases, banks have been deemed liable by the FOS, even though on the face of it, the account holder was a bit of a nitwit. It's cost the banks hundreds of millions each year. 

No system is perfect, far less FOS, so I am sure they will have made some really bad decisions from time to time - some at the expense of the financial firms and some at the expense of customers.

However I think the banks were nitwits for using a customer operated system without check digits. (I am also slightly amused when I pay money in at the bank they get me to check they have entered the sort code and account number correctly - even if I give them proof of the correct number - e.g. from a cheque. Of course I don't blame them for that.  But customers don't get the same opportunity to have the banks check their typing.)

eskbanker

naedanger said:
I think the banks were nitwits for using a customer operated system without check digits.

Given a sort code and account number structure that has been in place for decades, well before any customer operation was technically feasible, how would you have superimposed a check digit system without disproportionately extortionate wholesale changes to data structures and systems?

naedanger

eskbanker said:

naedanger said:
I think the banks were nitwits for using a customer operated system without check digits.

Given a sort code and account number structure that has been in place for decades, well before any customer operation was technically feasible, how would you have superimposed a check digit system without disproportionately extortionate wholesale changes to data structures and systems?

I would have recognised that a system suitable for one purpose is not necessarily suitable for another. 

Banks have layers of qualified staff checking details, and if they do make a mistake they find it much easier to correct. Often they can just go back and reclaim the money. Whereas a customer can struggle even to identify where the money went. Therefore it seems pretty obvious that just rolling out to customers a process designed for use by bank staff is going to cause new problems for their customers.

The system I would have introduced is to make the banks liable for correcting the consequences of any typing errors their customers make. If they don't want to pay the costs of developing new processes and systems then let them bear the liability for fixing the new problems that will inevitably arise.