Confirmation of Payee will mean that when you are setting up a new bank transfer, your payment provider will be able to check the name of the person or organisation you give, against the actual name held on the account.
Currently when you set up a bank payment, you provide a sort code and account number to route the payment. Whilst you may also provide a payee name, it isn’t checked against anything - it's just for your records.
Whilst CoP may make it more difficult for fraudsters to orchestrate Friday Afternoon Fraud (a form of Authorised Push Payment Fraud), it will not eliminate the risk entirely for law firms.
Consider a scenario whereby a fraudster registers a fake company along with a corresponding bank account (using false ID obtained through identity theft), with a name similar to that of a law firm.
The fraudster then contacts the client pretending to be the law firm - with a new set of bank details. Under Confirmation of Payee - not only are they providing a sort code and account number, they are providing an account name that looks authentic too.
This is one way in which a fraudster could manage to circumvent the Confirmation of Payee check. If the person making the payment felt the account name was close enough to that of the law firm, they may still proceed. Arguably they may be even more likely to proceed, as they have the confidence that the name of the payee looks correct.
Our “Attack Vector Scenarios“ cover a number of ways fraudsters can gain the information they need in order to successfully execute Friday Afternoon Fraud and Email Modification Fraud. These are available as a resource for Safe Capital members to help them understand the methods by which fraudsters could undertake an attack, and help them to analyse and mitigate the risks to their firm.