Preventing fraud in financial services: account verification and multi-user controls
Article snapshot
In financial services, especially lending and insurance, payout fraud can cost firms millions. This post explores how Fire's Verification of Payee solution helps confirm account ownership before funds move, reducing fraud risk and improving compliance across platforms.
The role of account verification and multi-user authorisation in fraud prevention for financial services
–
The high cost of payout fraud in regulated sectors
Regulated sectors such as lending, insurance, and other financial services might seem well-protected, but they are far from immune to payout fraud. In fact, these sectors are some of the biggest targets for scammers looking to exploit complex processes and high-value transactions. In the United Kingdom (UK) alone, fraudulent insurance claims totalled £1.1 billion in 2023, a 4% increase on the previous year. These losses not only reduce profitability for insurers, but also ripple across the wider financial services ecosystem, affecting lenders that depend on insurance data to make accurate risk decisions.
New advancements in the payments sector, including Confirmation of Payee (CoP) in the UK and Verification of Payee (VoP) in the EU, are helping to prevent fraud in financial sectors. Early 2024 data indicates that effective payee-name verification is already reducing the financial impact of fraud, with CoP protecting over 99% of Faster Payments and Clearing House Automated Payment System (CHAPS) transactions.
At Fire, we see payee name verification as a supporting service that reinforces strong due diligence and multi-user authorisation, including segregation of duties, in payment workflows supporting fraud prevention for financial services.
Understanding payout fraud
Payout fraud is a specific type of fraud involving the transfer of funds from a victim’s account to a fraudster’s account via electronic funds transfers (EFT), such as SEPA payments or Faster Payments. The Central Bank of Ireland reports that fraudulent payments in Ireland rose to €160 million in 2024, up from €129 million in 2023, reflecting the ongoing need for effective fraud prevention.
Generally, payout fraud can be divided into two main types: Authorised Push Payment (APP) fraud and Unauthorised Payment Fraud.
Authorised Push Payment (APP) fraud
APP fraud occurs when a business or individual is deceived into transferring funds they should not have sent. It usually involves falsifying information, such as fake invoices, forged signatures, impersonation or investment scams, or other fraudulent claims to make the victim believe a legitimate payment is owed.
Unauthorised Payment fraud
Unauthorised payment fraud occurs when a fraudster gains control of a victim’s account, typically through malware or social engineering. In these cases, the fraudster obtains the account login credentials and can access the account without the legitimate account holder’s knowledge.
How fraud prevention strengthens financial services
As with most problems, prevention is better than cure when it comes to fraud. Once funds are sent to a fraudster, they can be difficult to recover, as fraudsters often layer payments through multiple accounts and jurisdictions to cover their tracks.
With the rollout of verification services such as CoP in the UK and VoP in the EU, it is now possible to carry out a higher level of proactive verification before sending a payment, rather than relying solely on reactive investigations. These tools focus on preventing fraud but also provide early indicators that can support fraud detection and investigation.
Let’s take the example of an online lending company. Fraudsters have long targeted this sector by submitting false documentation and diverting disbursements to accounts they control. Real-time verification tools, such as Confirmation of Payee (CoP) and Verification of Payee (VoP), help prevent these losses.
These tools work by:
-
Eliminating account swapping – Fraudsters cannot change the destination account after approval, because the lender has already confirmed account ownership.
-
Adding a deterrent layer – Knowing that payees are validated makes it more difficult for fraudsters to succeed with synthetic identities or stolen credentials.
-
Reducing manual review load – Automated verification filters out the majority of legitimate applications, allowing staff to focus on the few high-risk cases.
-
Supporting detection efforts – Verification mismatches, unusual patterns, or repeated failed attempts can trigger alerts, helping fraud teams identify potential fraud attempts in real time.
By integrating real-time payee verification alongside multi-user authorisation into the loan-disbursement workflow, a lending company prevents funds from landing in unauthorised accounts and also provides early signals to detect suspicious activity, reducing overall fraud losses.
How fraud prevention supports secure financial transactions
Taking a preventive approach strengthens the payment workflow by addressing risks before funds are released. This reduces reliance on reactive investigations and supports a more secure and efficient process. Key benefits include:
-
Stops loss before it happens – Preventive checks block fraudulent transactions at the source, so the lender does not part with funds that later need to be recovered.
-
Reduces recovery costs – Recovering money after fraud occurs can be costly and time-consuming. Prevention helps avoid these downstream costs.
-
Maintains customer trust – Verifying payees in advance protects both customers and the organisation, supporting long-term client relationships.
-
Reduces operational workload – Automated verification limits the number of high-risk cases reaching review teams, allowing staff to focus on genuinely suspicious activity.
How account name-checking works through CoP and VoP
Real-time account name verification is a key tool in preventing misdirected payments and fraud. In the UK, Confirmation of Payee (CoP) applies to Faster Payments, while Verification of Payee (VoP) covers SEPA payments in the EU.
When a payment is initiated, the sending provider submits the account number or IBAN along with the account holder name to the receiving provider. The receiving provider then verifies the details and returns one of four results: full match, partial match, no match, or unable to match.
This verification gives the sender actionable information before funds are sent, helping ensure payments reach the intended recipient and reducing the risk of fraud.
For further information on how Verification of Payee works and what name should be used for Verification of Payee, please refer to our Business FAQs.
The role of multi-user authorisation in securing payouts
As noted earlier, name-checking services are only one part of securing payouts. Multi-user authorisation is another essential control that businesses processing high-value or high-risk payments should implement. By implementing multi-user authorisation into payment workflows, a business adds an additional layer of control, ensuring segregation of duties within financial teams and limiting permissions according to operational needs and the organisation’s risk appetite.
The following examples show how multi-user authorisation strengthens payment workflows and reduces fraud risk.
Maker-checker model
The maker-checker model, also called dual approval, is a widely used process for fraud prevention in financial services and risk mitigation across other sectors. It is a two-person control ensuring that no single individual can both initiate and approve a critical transaction.
In this workflow, a control layer can be implemented where one user initiates a payment, but a secondary review and approval are required before funds are released. The maker-checker model adds an additional level of oversight, helping to identify transactions that appear unusual or incorrect. This model can be tailored to align with the business’s risk appetite and control requirements.
Tiered approval model
The tiered approval model, also called multi-level authorisation, sets thresholds that determine when payments require approval from a designated role or multiple colleagues before processing. It often involves more than two people and can be hierarchical, with higher-value or higher-risk transactions receiving additional scrutiny.
For example, in alternative lending workflows, analysts may review and approve lower-value, lower-risk loans, while larger loans require managerial or multi-level approval prior to disbursement.
Fire’s approach to secure payment workflows
Built-in pre-payment validation for every transaction
Fire’s platform integrates payee verification directly into the payout process. When a payee is added or a SEPA payment is initiated, Fire sends the account number or IBAN and the provided payee name to the receiving Payment Service Provider (PSP). The PSP then returns a real-time response (full match, partial match, no match, or unable to match) allowing the calling application to:
-
Submit only fully matched payments for processing.
-
Prompt a review of the payment or correct a partial match.
-
Stop the transaction if no match is found or the check cannot be completed.
Because verification occurs before funds leave the account, it prevents fraudsters from redirecting payments or using false identities. This creates an automated first layer of protection that operates efficiently and at scale, without increasing manual workload.
Multi‑user authorisation: Operational security through segregation of duties
Fire combines Confirmation of Payee (CoP) and Verification of Payee (VoP) with a flexible multi‑user authorisation service that accommodates maker‑checker, tiered approval, or custom workflow models. Key capabilities include:
-
Role-based permissions – Responsibilities for creating, reviewing, and releasing payments are clearly assigned to specific roles.
-
Threshold rules – High-value or high-risk payouts are routed to senior approvers automatically.
-
Audit-ready logging – Actions, including initiator, approver, verification outcome, and timestamps, are recorded immutably, supporting regulatory reporting and forensic review.
These controls help protect against external threats, such as compromised credentials, and mitigate the risk of insider misuse, ensuring that no single individual can authorise payments without the appropriate oversight.
Seamless API integration for fintechs and enterprise platforms
Fire provides both payee verification and multi-user authorisation through a single, developer-friendly The Fire Payments API that can be embedded into any fintech stack, core banking system, or enterprise resource planning (ERP) platform, enabling secure and seamless integration with Fire’s services.
By offering verification and authorisation as composable services, Fire enables financial institutions to retrofit rigorous fraud-prevention controls onto legacy systems or build them into next-generation digital products, while maintaining a smooth, frictionless user experience.
Case study
Here’s a fictional example that shows how Fire’s pre-payment verification and multi-user authorisation help maintain secure and efficient operations by preventing fraudulent claims and reducing administrative errors.
For this scenario, ACME Insurance Ltd is a hypothetical medium-sized motor and home insurance provider in Ireland, with a claims team managing up to 300 claims each week across the EU. The company employs 30 people across departments and uses a legacy system to manage claims and payouts.
Pain points
|
Pain point |
Impact |
|---|---|
|
Manual payee entry – Claims handlers enter IBANs and beneficiary names into the legacy claims system. |
Typos can cause payment errors, sending money to the wrong account and making funds difficult to recover. |
|
High‑volume APP fraud – Fraudsters submit forged repair invoices and request that disbursements be sent to an account they control. |
The insurer loses an estimated €120,000 per quarter to fraudulent claims. |
|
Limited oversight – Only a single user can create and approve a payout, increasing the risk of insider abuse and overlooked red flags. |
Compliance audits highlight weak segregation of duties. |
How Fire can help
Manual payee entry
The Fire Payments API automates the payment process, allowing ACME Insurance Ltd to manage claim payouts without manual data entry. Claimant details, including name, IBAN, and claim ID, are taken directly from applications and converted into payments automatically. For SEPA payments, Fire’s built-in Verification of Payee solution checks that the payee name and account details match on the beneficiary side, enabling the claims system to make automated decisions, process verified payments, or automatically block and route claims for further review.
High‑volume APP fraud
Fire’s Verification and Confirmation of Payee (VoP/CoP) responses help ACME Insurance Ltd prevent APP fraud by identifying when a beneficiary account does not match the claimant. These real-time checks flag potential fraud or misdirected payments, prompting further review before any payout is made. In this example, the use of verification checks alone can reduced APP fraud by 35%.
Limited oversight
ACME Insurance Ltd implemented multi-user authorisation for all payments through their Fire accounts. Claims handlers are designated as Payment-Only Users, with a rule that any payment over €1,000 requires approval from a Full User or Admin. Team Leads are Full Users, and the department manager is an Admin, ensuring comprehensive coverage for payment approvals. This approach closes audit gaps and enforces strong segregation of duties across financial processes.
Impact
Implementing Fire’s account name-checking and multi-user authorisation controls can significantly reduce fraudulent payouts, minimise administrative errors, speed up claim processing, and improve compliance oversight. Even in a short period, these measures provide a clearer, more secure, and efficient workflow for claims management.
Minimising fraud with verification and controlled workflows
Implementing proactive, preventative processes allows financial services teams to significantly reduce the risk of payout fraud while improving operational efficiency. Automation and real-time verification help ensure funds reach the correct, legitimate beneficiaries, reducing manual overhead and enabling faster payment processing.
Clear segregation of duties strengthens compliance and gives auditors confidence that payment workflows are secure. Crucially, these measures also support long-term customer trust, reassuring clients that their funds are protected and that the organisation takes security seriously at every stage of the payout process.
–
Fire provides real-time payment capabilities that help insurers and lenders embed fraud prevention for financial services directly into their payout processes. Interested in learning more? Contact us today to discuss how we can support you in strengthening your fraud prevention without slowing down operations.
