Identity and security
In March 2019 a Lithuanian man was convicted for stealing over $100 million from Google and Facebook through a wire fraud scam. Evaldas Rimasauskas impersonated an Asian hardware vendor and, over a three-year period, sent fraudulent invoices for items that had never been sold or provided. The tech giants combined bill came to $120million.
The fraud was complex and involved a dummy company, fake invoices, and forged contracts. However, at its heart the scam relied on the tech companies not realising who they were truly paying. And, in that sense, was no different from the ‘too-good-to-be-true’ investment email that could be waiting in your personal inbox this very minute.
Anyone can be a target
Fraud has been around ever since a human acquired enough wealth to be considered worth stealing from. However, modern banking and online transactions have allowed fraudsters to steal more money than ever before and at a far faster rate. It is an issue at an individual level, for the world’s largest corporations and for every business in between.
Consumers and businesses are being targeted from all angles with increasing frequency. The FCA reported that £27m has been stolen through the kind of investment scam mentioned above in 2018/19 and UK Finance has reported that businesses lost almost £93m to invoice fraud (similar to the Rimasauskas scam) in 2018. Confirmation of Payee is an attempt to stem this tide.
What is being done?
At the moment, online transfers do not involve checking the sort code and account number against the name of the account holder. Criminals can exploit this loophole by posing as someone else and tricking people into sending money to the wrong account. As we’ve seen, this has worked at every level. The Confirmation of Payee service will therefore apply to both individual and company accounts and require banks to double check whether the name attached to a payment corresponds to the account number and sort code.
Both the sender’s and the recipient’s banks need to be involved in the check and the complexities of putting this in place have meant that the start date has been delayed past the original deadline of 1st July 2019. As things stand, the revised start date is the 31st March 2020. By this time, banks must send confirmation of payee checks to their customers. In the meantime, by 31st December 2019 banks should have the capability to respond to confirmation of payee requests from other banks.
How it will work
When these checks are carried out, the individual making the payment will receive one of three responses from the bank:
- “Yes”. The bank will confirm that the name and details do indeed match and the payment can go ahead.
- “No, please check”. If the name is similar to the correct account holder – perhaps, for example, due to a spelling mistake – the bank will reveal the actual name of the account holder. If that name is correct, the payment can continue or be cancelled until the payee’s details are checked.
- “No, the name is wrong”. If the name doesn’t match the account details and isn’t even close, the bank’s advice will be to cancel the payment and contact the payee. There will still be a choice to continue with the payment, but it will be undertaken at your own risk.
Google and Facebook continue to operate as before, despite their losses. Though some money was recovered, the fate of £61million remains unclear. Not every business as large, powerful or resilient as these companies and, for many, losses on this scale would be devastating.
For many, the Confirmation of Payee service can’t arrive soon enough. Until then, be sure to remain vigilant when it comes to making payments and, if you have any questions, feel free to contact Briars Group here.