The Christmas period is usually a time where scammers are the most active, taking advantage of the influx of purchases to use phishing scams to con their victims into handing over large sums of money or to steal account details in order to wipe out bank accounts with the scammer’s own purchases.
The fraudulent attempts made to your company from a victim’s bank account could mean costly reversal measures, which is why it is always advised to have in place as many fraud prevention services as possible.
The best way to handle this fraud as a company, and make sure your customers are who they say they are, is to “Know Your Customer”. There are many different ways to help clarify if a bank account belongs to an account holder. The most important check will be to make sure the account is valid, this can be done using a modulus checking service which will check if the account number and sort code combination is valid, this will help the company make sure you can charge the account and also what types of transactions that account can process, which protects you from a scammer attempting random account details and also mean you aren’t processing invalid payments which may incur a fee to resolve, which ultimately protects the company itself from unnecessary costs. In terms of protecting the customer, you can also validate the address given, as scammers will often spoof an address if the service isn’t tangible, they may enter a fake address so that this can’t be tied to them, this can then let you make a decision on how to act on this purchase. Another is to validate the email address, scammers will likely not give a valid email address as this could also trace back to them, so making sure the email address is valid and better yet that they can verify ownership, you will be more secure in knowing they own that email address. Telephone number validation can also be put in place to add more certainty under the same principles. All of these methods together would ensure that you could pin down the customer to a location, email address and telephone number so that if anything goes wrong you can follow up on those.
Another method of determining the account is owned by the attempted customer is to use Open Banking, this can be used at the point of sale for a variety of things, but the most well know is the Account Ownership check, which will allow you to request that the customer verifies their account ownership of the account details used, by logging into their Banks online banking application. However, this does require the account holder to have opted in to the open banking network.
Lastly we have Confirmation of Payee (CoP). CoP is mainly used to prevent Authorised Push Payment fraud, where the payer is sending money directly to a payee’s bank account after being convinced the payee’s are a legitimate business. This check is mainly for the account holder’s protection and is already in place when using most banks online banking faster payments services, it will make sure the account the scammer is requesting you to pay in to is under the correct name. For example, if someone calls up saying you need to pay your TV Licence, and they give account details for you to send the money to, along with a name, Confirmation of Payee would check the name belongs to those account details and say if they are a match, close match or no match. It would also be up to the Account Holder to make sure the name the payee gives relates to the service or company they expect to pay, so any payments for a TV Licence in this example, you would expect to go to an account with the company name relevant to TV Licencing.
Another type of fraud that is on the rise at the moment, not particularly relevant to the Christmas period, is CEO fraud, this is where a scammer will contact the directors of the company, usually pretending to be another director, asking for financial statements in the hopes of obtaining sensitive information that could be used against the company. This is something to always be alert about.