This is the fifth blog out of eight in our series on the Contingent Reimbursement Model code (“CReM”) that purports to offer customers strong protection against certain types of Authorised Push Payment Fraud, or “APPF”.
Here we focus on who qualifies for cover, who is offering cover, and the vague contingency of cover on the as-yet non-existent Confirmation of Payee service.
If applicants for reimbursement under the CReM were the Grand National field, half the horses would fall at the first hurdle:
- The CReM is only voluntary for the 2,000+ firms with whom UK customers might hold payment accounts;
- It is in no sense legally binding upon the firms that do sign up to it;
- Only consumers, microenterprises and smaller charities are eligible under the code to even have their cases considered;
- Businesses that are SMEs or larger, and larger charities, are ineligible.
The field of eligible claims will be further thinned out during the first circuit of the track by the stipulation that the CReM does not cover “any payments completed before the coming into force of this Code”, as per para DS2.2.c, and it only comes into force at the end of May 2019.
Even if a claim is upheld there is no certainty that it will be paid if it is raised after the end of December 2019. The scheme is only funded from the end of May until the end of December 2019 – 7 months. After that no funding is place and UK Finance, the firms’ trade body, envisages that there will be a levy on all customers to fund it i.e. some account holders will subsidise others.
A dependency is established upon the usage of the new service called Confirmation of Payee, which does not exist now and is unlikely to exist in 2019. Its aim is to confirm the missing link in “wrong name” fraud by having the customer send a request to check that the name to which they want to direct a payment is the same one as is associated in the books of the beneficiary firm with the stated Sort Code and Account Number.
Surely it would be as easy for this check to be embedded in the processing of all payments as a given, and not to construct a new service around the problem.
The CReM states that the customer will be ineligible for reimbursement if they have used Confirmation of Payee and received the “Red Cross” (= no name match) as a response, before going ahead with the payment, but it is opaque:
- Whether the customer must have attempted to use Confirmation of Payee;
- What the customer’s coverage will be once Confirmation of Payee exists under the dozen or more possible permutations in any one fraud case that (i) one, both or neither of ther firms supports the service, and (ii) one, both or neither of the firms is a signatory to the CReM.
This is hardly a recipe for ensuring victims are compensated when they are not at fault.