Community
This is the fourth blog out of eight in our series on the Contingent Reimbursement Model code (“CReM”) that purports to offer customers strong protection against certain types of Authorised Push Payment Fraud, or “APPF”.
We made the point in Part III that firms demanded Name + Sort Code + Account Number as mandatory information for instructing payments through the eBanking services that provide the seed bed for APPF, and that firms should be held to executing the payment on the basis of all this information, and not just the Sort Code + Account Number.
It would surely follow, even if it is not explicitly stated in the 2017 Payment Services Regulations (the “PSRs”), that the firms, having demanded the mandatory information before entering into the contract to make the payment, have the responsibility for ensuring that the payment is executed through a mechanism that guarantees the validation of that information by the beneficiary firm before the amount is credited, or else, if they cannot guarantee that, the firm bears the risk of incorrect application of the money.
The sending firm chooses the mechanism through which it sends the payment. If the mechanism does not support the validation, then the payer must have a blanket indemnity against incorrect application. The payer has this for cheque payments, thanks to the crossing “Account payee”: if a firm allows the cheque to be paid in to an account with different naming than the payer has stated in the payee line, the firm is liable to the payer for its mistake.
The range of possible outcomes for a “push payment” should be:
The 2017 PSRs are the law now, and these matters need to be tested in the light of them. There is a disconnect between the assumptions behind the PSRs as we read them (that firms will check the “information” and behave as set out above in the case of a mismatch) and how UK “push payments” are processed in practice.
The CReM code accepts the way in which UK “push payments” are processed in practice as a given, and this serves to undermine the protection that the PSRs were, in our view, intended to give the customer – and not just the customers in-scope of the CReM but all of them.
The real solution to “wrong name” APPF is for firms to re-gear their IT infrastructure and payment schemes to validate the name. Indeed, the proposed Confirmation of Payee service has been designed by Pay.uk to validate the name. So, if it can be done through this service, why cannot it be done on every payment and without the need to build a new service?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Prashant Bhardwaj Innovation Manager at Crif
05 December
Tachat Igityan Founder and CFO at destream
03 December
Ritesh Jain Founder at Infynit / Former COO HSBC
Erica Andersen Marketing at smartR AI
02 December
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.