BBC article covers the new system that will come in to place next summer.
In essence it will mean that, to send money, you will have to enter not only sort code, and account number correctly but also the payee name. If it is correct, all is well. If close, then you are promoted with the correct name. If wrong, you cannot send money.
The aim is simple, to reduce the significant amount of fraud where people are duped in to sending money to the wrong place. This is a good aim, I agree.
Of course, with any new system like this, there is the trade off of increased inconvenience caused by the new system, verses the reduced fraud. The trick is getting these well balanced and ideally not failing in one or both of these objectives.
We find it very difficult to get people to type the right reference on payments, and that is basically a letter and some numbers. As such, I have concerns :-)
The most obvious concern when this was all mooted a while ago is that having a means to find someone's name from their bank details is a privacy issue. If you could just get a name from account details you could easily use that information.
For example, if you are calling what you think is your bank, they ask for bank details, and come back and say, "And can you confirm that is Mr John Smith?", you are immediately re-assured the they must in fact be your bank.
Thankfully the article does address this - the name will only be given if the name you tried is similar. But the devil will be in the detail - what is similar? Too broad, and you have the same privacy issue, e.g. "And can you confirm your surname?"... "Smith"... "And that is Mr John R Smith is it?"... Again, an issue. Of course, if too narrow, you have inconvenience, see below.
We find it hard to get people to type a reference in correctly. I imagine we will have problems getting people to type "ANDREWS&ARNOLD LTD" correctly, and that is not that hard. Note the lack of spaces around the & so that it fits in an 18 character BACS reference, but we do have a space before Ltd. Yeh, that will be fun.
I am sure if your name is "JOHN SMITH" all will be well, but what if your name is "Quvenzhané Wallis" and you want someone to send you money? Good luck getting someone to type that on a phone keypad and even hit the "similar name" logic. Indeed, I know people that are known by their middle name not their first, and people that have names which are spelt differently if you don't have accented characters available.
Update: As per one of the comments, this gets even more complex if you are known by more than one name - I do hope banks will allow other names to be recorded for verification.
I can see some horror stories coming out of this whole system.
A lot of businesses have different trading names. Heck, even we do, as we use "AAISP" a lot. So that will not match. Hopefully banks will allow trading names to be registered for this as well - though that then opens things up for scammers to register a trading name.
Of course, this will have side effects. If you are expecting to pay, say "Red Dwarf Building Contractors" you may be told "you need to put 'Kryton Ltd' as the payee name as that is our parent company".
Once people get used to that happening, scammers can easily just tell people what to type. They tell them the sort code and account number now, they'll just tell them the payee name to type. They'll also make it nice and simple to type correctly.
Of course the banks will be happy as the customer will have told the bank who to pay, and the bank will have done as they were told. The fact it is not who the customer actually wanted to pay will be the customer's fault again. Yay!?!!
The focus is on consumers being defrauded, but I have seen many cases of businesses being defrauded, and for much larger amounts (hundreds of thousands).
This system is almost certainly not going to impact any business using BACS files to send money, as a lot of larger companies do (even we do). BACS two day payments are still used for payroll and paying suppliers by a lot of companies. Unlike the on-line and mobile banking, these systems don't have the same interactive process - a file is submitted with some specific fields, and maybe a day later any errors are reported in a file. If payee name checks happened on BACS files, then suddenly a lot of outgoing payments (perhaps even payroll payments) would start failing and being delayed, so I seriously doubt this will impact BACS.
So businesses will still be vulnerable, and maybe fraudsters will move their focus to businesses. Before people start saying businesses can look after themselves, remember, a lot of businesses are quite small and could easily go bust as a result of a fraud like that - causing hardship for employees and business owners.
Fraudsters will simply adapt, sorry.
This system will help massively with silly typing errors on sort code and account numbers. It will however add inconvenience when people cannot type the right payee reference, more so for people with harder names.
But fraudsters will simply create accounts (after creating Ltd company) with a "similar name" to the one supposedly being paid, or register a trading name matching, or more likely tell you "Put XYZ as the payee name as that is our parent company" and people will just fall for it.
So I predict it to help a bit in the short term, to inconvenience a bit long term, and ultimately not help.
Does that make it not worth doing? - hard to say - it is all down to a trade off of inconvenience vs security, and that is always a tricky call.
P.S. The problem here is that the banks have not been doing anything wrong. Yes, I know it is odd my saying that. For a long time there was call to allow faster / instant payments and banks did that. Now, when people ask a bank to send money to somewhere, and the bank does that, the bank has done exactly what it was told. It is one of those occasions where it is not the bank being defrauded. So I can see why the banks have taken time to "do anything" as it is not actually them that has the "problem" here, but under pressure, they are now doing something, so well done. What this will do is again make it 100% clear it is not the bank's fault - when someone pays someone thinking they are paying one person but actually (for whatever reason) they confirm they are paying someone else (maybe as instructed by fraudster) the bank can be even whiter than white and say that they did as they were told and paid the right person not just by sort code and account number, but by name.
As previously posted , I am quite impressed with Shelly stuff anyway, but the new "Plus" range has allowed some interesting develo...
The ASR33, like most teletypes of the era, works at a fixed rate. It does 10 characters per second. It is 110 Baud, using 1 start, 8 data (i...
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
I am using KiCad for PCB design, and it is pretty impressive, but KiCad version 6 has just been released. There are lots of small changes, b...