-
Confirmation of Payee

Verbal checks and confirmation of payee

Fraudsters are forever adapting their approach. Make sure you tick all the boxes to help protect your business from fraud.

As fraudsters employ new tactics to try and trick you into sending them money, it’s important to always verify any new payment requests, and any requests you receive asking you to update existing contact details or bank account details.

Fraudsters continue to find new tactics to target businesses through Authorised Push Payment (APP) scams. These scams – where fraudsters impersonate suppliers, management teams and financial controllers in an attempt to redirect payments to them, continue to contribute to devastating financial losses to businesses.

In an uncertain and face-paced business world payments to your suppliers can be more ad hoc and less regular. Fraudsters are adopting new tactics with a view to winning big. Their game-plan is to impersonate your suppliers, management teams or financial control by email or phone share their ‘updated’ account details and prompt you to inadvertently redirect payments to them. The account name might even match the intended payee making it harder to spot the fraud this can mean a long-term hit to your business.

In 2019, UK businesses lost £138.7m to this type of fraud alone. But you can take steps to strengthen your defence. Ask yourself:

  1. Am I completely confident I’m talking to the person I think I am?
  2. Have I done everything possible to validate this request?
  3. Am I comfortable putting my name against this payment?

If the answer to any of these questions is ‘no’ use a call back to validate the payment. A call back is where you confirm any instructions using a trusted number you have on file. When making a call back:

  1. Never rely on an in-bound call for confirmation
  2. Use the contact details you hold on file – as fraudsters can set up fake websites and email addresses
  3. Speak to an individual to validate the payment verbally
  4. And never feel pressured to make a decision

Using these tactics can help you stay one step ahead of the fraudsters.

Don’t let fraud be a game-changer for your business.

For more information on how you can stay ahead of fraudsters search ‘Barclays Corporate fraud awareness’

Remember the importance of verbal checks

Following the below steps can help to protect your organisation from Account Push Payment scams such as invoice and CEO Fraud:

Do

Always conduct verbal checks over the phone with any new or amended payment instructions

Always conduct verbal checks on all types of communication, including requests to amend contact details

Use contact details you hold on file, and apply the same principles to requests from within your organisation

Ask your contact to read the beneficiary bank details back to you. This will confirm whether they match the details provided to you in the instruction

Don't

Never rely on an in-bound call for confirmation

Don’t use a number included within the request as this could result in you speaking with the fraudster

Never feel pressured to make a decision

Please note: Barclays will not refund any transactions that have been authorised by users of Barclays digital channels.

Please refer to your Digital Channels Security User Guide for more information.

Wake up to the reality of Authorised Push Payment (APP) Scams

£77m the value of business lost to APP scams ref: 1
78% of APP fraud starts online ref: 2
207,372 The number of reported APP scams ref: 3

Confirmation of Payee (CoP Check) – why a match is not enough

The Confirmation of Payee service enables consumers, businesses and corporations to check the name of an account against the sort code and account number, however to facilitate these scams fraudsters will create accounts that will match the name of the intended recipient, which is why this service cannot be relied upon alone to validate that a payment request is genuine.

What to consider when using Confirmation of Payee

When using CoP it’s important to understand it’s limitations, and that it should be used in conjunction with strong fraud controls such as conducting verbal checks on payment requests.

The following payment types are in scope for CoP when submitted as single payments electronically via our online payment channels:

Faster Payment Service (FPS)

CHAPS

Standing Orders

BACS and currency payments are currently out of scope.

Fraudsters understand the CoP functionality including its limitations and will adapt their approach accordingly. Examples of this include:

  • Setting up accounts in the name of the business or individual they are impersonating so that a CoP ‘Match’ gives confidence to the target that they are paying a genuine beneficiary
  • Convincing the target to ignore any ‘No Match’ results with reasons as to why this may have occurred such as ‘an issue with our account that’s being looked into with our bank’.

To protect your organisation from fraud you should conduct verbal checks using a trusted number held on file regarding any new payment requests, or requests to amend account details to pay before entering the details into our online channels.

If you receive a ‘partial’ or ‘no match’ response on entering payment details, this should serve as a reminder to conduct verbal checks if they have not been carried out in the first instance.

Strengthening your defences against APP Scams

These simple tactics can help to protect you and your business from fraudsters.

When dealing with a request to amend records or make a payment, ask yourself the following questions:

Are you completely confident that the person you’re speaking to is who they say they are?

Are you certain that you have done everything possible to validate this request?

Are you comfortable putting your name against this payment?

Wherever possible you should make a call to validate the request. Using a trusted number that you have on file, and not one included in the instruction, to contact the individual or business that appears to have made the request. When making a call back:

Never rely on an in-bound call for payment confirmation

Use the contact details you hold on file – as fraudsters can set up fake websites and email addresses

Speak to an individual to validate the proof of payment verbally

And never feel pressured to make a decision.

Fraud and Scam toolkit