Bank Account Name Checks - When a Match may be Misleading
When making a payment, a positive match from an account name check (known as "Confirmation of Payee") is not confirmation that a bank account actually belongs to a client. In this article we explore the benefits and risks that account name checks can bring to a law firm.
“Fraudsters understand the CoP functionality including its limitations and will adapt their approach accordingly. Examples of this include ... Setting up accounts in the name of the business or individual they are impersonating so that a CoP ‘Match’ gives confidence to the target that they are paying a genuine beneficiary”
Barclays Bank - "Verbal checks and confirmation of payee"
What is Confirmation of Payee (CoP)?
When someone needs to make a payment from their bank account to a new person, they enter the name of the payee along with their account number and sort code.
Confirmation of Payee (or CoP for short) is the name for the account name checking service that banks offer their customers as part of the payment process. CoP checks the name of the payee as it was entered by the payer, against the name registered to the bank account details provided.
How does CoP work?
CoP checks the name of the payee against the name registered to the bank account details provided. If the name matches exactly, or the name is a close match - the payer is asked to confirm the name is correct and can then proceed to make payment. If the name does not match, the payer is usually asked to check the name and try again.
Image credit: Pay.UK (https://www.wearepay.uk/what-we-do/overlay-services/confirmation-of-payee/)
When a CoP match may be misleading
CoP is a useful component of a fraud prevention strategy; however as the banks themselves are keen to highlight, it should not be relied upon in isolation.
Image credit: Barclays Bank PLC (https://www.barclayscorporate.com/insights/fraud-protection/confirmation-of-payee/)
Barclays Bank note in their fraud prevention guide "Verbal checks and confirmation of payee" that:
“Fraudsters understand the CoP functionality including its limitations and will adapt their approach accordingly” which may include “Setting up accounts in the name of the business or individual they are impersonating so that a CoP ‘Match’ gives confidence to the target that they are paying a genuine beneficiary”
What should Confirmation of Payee be used for?
Because Confirmation of Payee is only checking the name of the account owner held against a set of bank details, it should only be used to check that:
- a bank account is active
- bank details have been entered correctly
The limitations of Confirmation of Payee
When considering the movement of funds from a regulatory and best practice perspective, it's important to understand the limitations of Confirmation of Payee.
1) The account may not be under the control of the client
A successful Confirmation of Payee check is not verification that a bank account actually belongs to a client.
"Money due to a client should only be transmitted to an account, details of which have been verified as belonging to the client, ideally at the outset of a transaction."
CA Future Digital Conveyancing Protocol 2023
Criminals can exploit fake documentation to commit identity theft. By stealing personal information a criminal may be successful in opening a bank account in the name of a law firm client.
Clients could be deliberately targeted if criminals become aware that they are due to receive a particularly large sum of money, either through email conversations being monitored between the firm and the client, or the client oversharing on social media.
"With some high value legal transactions (such as conveyancing and probate) taking months to complete there is plenty of time for a criminal to arrange a false set of bank details and work on supplying them to the law firm prior to completion."
With some high value legal transactions (such as conveyancing and probate) taking months to complete there is plenty of time for a criminal to arrange a false set of bank details and work on supplying them to the law firm prior to completion.
The bank details would pass the CoP check, but would in fact be under the control of the criminal. Add to this the ability for criminals to leverage emerging tools such as voice cloning and deepfake technology to successfully pass any verbal confirmation checks, and the potential for a criminal to succeed increases.
Arguably, this is even easier for criminals to achieve for corporate matters. Criminals are able to register companies at Companies House in a similar name to an existing business. They then use false or stolen documentation to open a bank account in that name, which would be close enough to get through a CoP check. This is also a potential risk when client money is being sent to another law firm as part of a transaction.
2) The account may have been opened recently
A bank account that has been opened recently is a potential red flag, because it may have been opened by a criminal rather than the client. Checking that a bank account has been in use for over twelve months is one check firms can conduct to reduce this risk.
"Obtain evidence that the bank account is properly constituted as an account conducted by the seller for a period of at least 12 months."
Law Society Conveyancing Protocol 2019
Confirmation of Payee only indicates that a bank account is live. It does not provide any indication that the account has been in use for over 12 months in line with best practice.
3) The check may come too late
Because a CoP check only identifies that the account name does not match at the the time the payment is being made, it has the potential to delay transactions and create risk.
If the account name does not match, the law firm will need to go back to the client and identify why the name does not match. For a time sensitive transaction, such a delay could be problematic.
In addition, any change of bank details at this stage increases the risk. If a criminal has been monitoring communications between a law firm and their client, they may take the opportunity to attempt to supply false bank details, knowing that the firm may be under pressure to make the payment quickly.
How can the process to obtain client bank details be improved?
The easiest way for law firms to obtain the correct bank details for their clients is through open banking. Open banking is a system that allows clients to securely share verified information directly from their own bank with trusted third parties.
Whilst obtaining the bank details it's also possible to check that the bank account has been active for over 12 months.
Benefits of Open Banking
1) Correct Details
Open banking enables the client to share their bank details directly from their own bank with the law firm. This ensures that the bank details supplied have actually come from the client.
2) Accurate Details
Because the details came from the client’s own bank, they are accurate. When a firm comes to make payment, the details will pass through the Confirmation of Payee check and payment can be made. This eliminates the risk of payments being delayed because details are found to be inaccurate only at the time payment is being made.
3) Account Age Check
Using open banking, the transaction history on the account can be checked at the same time the bank details are retrieved, to ensure the account is over 12 months old.
Try Open Banking for Yourself
"Safe Capital has streamlined our collection of bank details, given our clients confidence in receiving our bank details, and helped to reduce our exposure to bank detail-related fraud"
Chris White, Tinklin Springall Solicitors
Firms use our platform to obtain bank details directly from their clients using open banking.
If you want to try out the process for yourself (from both the firm and client perspectives) get in touch with us today >>
Conclusion
Whilst Confirmation of Payee (CoP) offers an additional layer of fraud prevention for law firms, it shouldn't be the sole defence. This article has highlighted the limitations of CoP, including the risk of criminals exploiting fake documentation and the potential for recently opened accounts to slip through the cracks.
Open banking is a powerful tool to help law firms ensure they're sending money to the right place. By allowing clients to securely share verified information directly from their banks, open banking eliminates the chance of human error and ensures accurate bank details are supplied. Additionally, open banking can confirm an account's age, exceeding the best practice threshold of 12 months.
Ultimately, a multi-layered approach to fraud prevention is key. Combining CoP with open banking verification, along with maintaining a healthy scepticism towards unexpected changes in bank details will help keep client money safe. Don't let a seemingly simple name check lull you into a false sense of security.
About Safe Capital
Safe Capital makes it simple for law firms to request, receive or return client money swiftly, safely and securely.
Share & Receive Bank Details Securely- Obtain verified bank account details for each client at the outset of the matter
- Share your client account bank details securely with your clients only when needed
- Return client money promptly at the end of a matter using the bank details on file
- Complete register of your residual balances, with detailed history of the steps taken to return funds to your clients
- Variety of workflows for contacting clients, depending on the size of the balance and contact information available
- Auto generation of forms and letters, including SRA withdrawal authorisation requests and charity indemnities
- Swift and secure client payments with one consistent payment workflow for your clients
- Clients can pay by open banking, credit/debit card or manual bank transfer
- Keep client account details away from money launderers and protect clients from payment fraud
