Online fraud has blossomed, and it’s easy to become a victim

In recent months we’ve seen a dramatic increase in fraudsters exploiting our increased volume of online shopping to con innocent victims into sending vast sums of money and personal details. 

The latest research published by UK Finance suggests that UK Finance members reported 149,946 incidents of Authorised Push Payment (APP) scams in 2020 with gross losses of £479 million.

Fraud can begin with an unthreatening, exceptionally well-crafted, email or text message sent en masse to addresses that have somehow previously leaked onto the Internet.  Messages will compel you to urgently update your details or send money to complete a transaction.  The realism of the message combined with the urgency is enough to persuade many of us to act and comply with the fraudsters demands. 

It’s so easy for fraudsters to engage in this type of activity, as buying bulk lists of email addresses is cheap.  As a fraudster, you only need a small number of responders to fall for your scam to make the business case stack up. 

Your only recourse, as a victim, is to contact your bank to seek help.  Most high street banks have signed up to a voluntary industry code to reimburse customers who’ve fallen victim.  However—as reported by Which?—only 46% of losses have been reimbursed. Not great odds, then.

Prevention is better than a cure

The financial services industry’s voluntary code contains a commitment by enrolled banks to educate customers on the risks associated with APP fraud.  Many will be familiar with communications from their bank instructing them to never click on a link asking for payment.  Sage advice indeed. 

Online payment options can confuse consumers

Unfortunately, many of these same banks also invest in, or offer directly, services asking customers to click on payment links thereby normalising this fraud vector.   The real issue that the industry needs to deal with is that the business case for delivering services over e-mail and SMS is currently too good for banks and fraudsters to ignore.

Thankfully, it’s now possible to implement online payments without asking recipients to click on a dodgy link with ‘who knows what’ level of threat hiding behind it.

Request to Pay is an alternative communication channel that was launched last year.  It securely forges a secure communications channel between banks and payment service providers.  In other words, access to it is controlled by regulated companies who must abide by the rules and regulations for the use of the service. 

How Request to Pay works

As a payer you choose which payment app/mobile bank app you want to receive your requests.  You can then instruct your billers to send you payment requests to that app.  Each biller must then send you a pre-authorisation message to confirm that you do indeed want to establish that payment relationship. The above process vastly limits potential fraud as it:

  1. Ensures that providers are regulated and follow scheme rules
  2. External third parties cannot send you a Request to Pay message
  3. No one can send you unsolicited messages
  4. You receive all of your messages in an app that you have chosen and trust
  5. You do not share your payment details with anyone

This makes it much harder for a fraudster to implement a phishing attack, whilst also ensuring that banks and payment providers have an outstanding business case; so, they can reap commercial rewards while complying with their own voluntary code.

For all of us, as bill payers, the introduction of Request to Pay is good news

In addition to minimising fraud other great benefits include the ability to see all of your bill payment requests in one place enabling you to prioritise which ones you want to pay first.

 As Request to Pay a communication tool you can also request to part-pay or ask for a payment deadline extension from your biller to help you manage your money more effectively.  As you have the choice of which app you want to use you can choose what payment methods you want to use to pay for your bills.  You have more freedom than before but with greater security.

There are benefits for billers too

Industry adoption of Request to Pay is bad news for fraudsters but the added security it offers to banks and bill payers doesn’t come at the expense of billers. 

Billers pay a fixed price for each request sent meaning no variable costs of payment processing. 

Where the payer may use different payment methods, the biller receives a bank transfer from the payer’s provider each and every time meaning they now have only one process to manage. 

Lastly, as it is an end-to-end communication channel, the transaction reference numbers needed for reconciliation are immutable, meaning they’re carried unchanged from being specified by the baller at the start of the request to the payment of the request saving thousands in messy reconciliation processes.

Request to Pay—the future of bill payment without the phishing risks

Request to Pay will very soon become the normal way to bill pay as deployments continue to roll out. 

In the UK the standard was launched in 2020, Europe launches in June 2021 and services are planned or are piloting in Australia, Canada and the US.

Join Answer Pay’s webinar: Request to Pay: Lead or Lag?

If you are a bank or PSP who are reading this and want to find out more about how you can combat APP fraud with Request to Pay, please join Answer Pay’s free webinar on the 22nd June, 2021 at 2pm BST, where we’ll be joined by Accenture and FIS to explain how Request to Pay is transforming the bill payments landscape, and how your business can get started with its own Request to Pay strategy. 

Sign up here… 

Guest Blog: Peter Cornforth

This is a guest blog by Peter Cornforth. Peter is the Commercial Director at answer pay and a payments product specialist with over 10 years experience in the payment arena with Santander, Vodafone, Amazon and Paysafe.