The Client

Pay.UK is the recognized operator and standards body, governed by the bank of England (FMID) and Payment Services Regulator (PSR), for the United Kingdom’s retail interbank payments, including Faster Payments and the BACS payment system. Through its infrastructure and services, it ensures the seamless, secure, and safe transfer of billions of pounds’ worth of payments every single day, and over £10 trillion annually.

Pay.UK powers payments, champions innovation, and gives the UK choice in how it pays. Alongside maintaining the current retail interbank payment systems, Pay.UK is working to modernize the UK’s national payments infrastructure through the creation and application of industry standards.

The Obstacles Faced

Recent PSR’s direction aimed at curbing the £750+ million annual Authorized Push Payment (APP) fraud toll in the UK has increased the responsibility of financial institutions to reimburse the victims of fraud scams within 5 business days of a claim being made. The direction requires that the cost of reimbursing fraud is split 50:50 between the sending and receiving organizations, thereby protecting consumers in a fair manner. An implementation deadline of October 7th 2024 was introduced in the direction

Pay.UK was tasked with implementing two directions simultaneously: firstly, the Confirmation of Payee (CoP) account name-checking service needed to be extended to over 400 financial institutions by October 31^st 2024, in order to reduce the volume of APP fraud. Secondly, a whole-of-market Reimbursement Claims Management Service (RCMS) needed to be introduced to enable the efficient provision of the new reimbursement legislation between the sending and receiving organizations by the October 7^th deadline set by the PSR.

In order to introduce these changes, Pay.UK chose to implement a new secure identity directory and API management platform that would act as the trusted framework between financial market participants. The directory provides a central authority to assert the identity of trusted API services within the market and serves as the foundation for the extended and additional overlay services (such as CoP and RCMS) which Pay.UK manages for the utilization by UK financial institutions and payment service providers (PSPs). The directory features an identity lifecycle management platform for organizations, participant representatives (users), certificates, and software, coupled with an authentication engine and a financial-grade authorization server.

Due to the critical nature of this project, Pay.UK needed to partner with industry leaders who had a proven track record of ensuring the highest levels of security and compliance. The solution would have to deliver robust business continuity and disaster recovery mechanisms with high availability in order to ensure the platform would remain operational in the face of potential disruptions or outages.

Ensono was selected to spearhead the development of the directory, within the accelerated timeframe mandated by the regulation. Ensono was selected due to its strong track record of working with highly regulated, security-conscious public and financial services institutions around the world. Ensono’s innovative solution architecture, strong partnerships with leading identity and access management (IdAM) and API Management software vendors, along with their ability to collaboratively build and test the solution within an accelerated 8-month timeline while providing long-term platform support over 5 years, made them the ideal partner for the program.

The Journey

Pay.UK needed a secure network and front-end portals to be built for the reliable identification and authentication of financial institutions and PSPs and to ensure that sensitive information was protected. It also needed to develop a dynamic routing mechanism that could locate the correct API endpoint for each PSP, based on destination account information. The solution had to be able to handle many PSPs at once (up to 400 initially, scaling to 200,000). It also had to manage a high API request volume (500 million per month, scaling to 1 billion), with millisecond response times. This required highly scalable and high-performing architecture.

Compliance and security were top priorities, and adherence to strict financial services security standards and best practices such as FAPI and OWASP API Top Ten were absolutely essential. Seamless integration and adoption by the financial services industry, considering existing industry standards such as Open Banking, were also important considerations.

Ensono proposed and implemented a comprehensive solution, leveraging existing, proven technologies with minimal custom development, to ensure faster implementation and reduced risk.

Now that the API framework and directory are live, Ensono provides end-to-end support through advanced cloud infrastructure and modern application services, enhanced by its global Site Reliability Engineering (SRE) teams, to ensure reliable and continuous operation.

The Outcomes Achieved

Ensono’s solution effectively addressed Pay.UK’s challenges and delivered significant benefits across multiple areas:

Ensono’s use of existing technologies and its Ensono Stacks framework (for open-source, cloud software development) accelerated the implementation, enabling Pay.UK to realize the benefits of the solution quickly and achieve the hard deadlines mandated by the regulator. The solution also prioritized the ease of adoption for PSPs, leveraging industry standards and providing comprehensive documentation and support.

Ensono’s managed service ensures ongoing platform stability, security, and performance, allowing Pay.UK to focus on helping the UK financial services industry deliver innovative customer experiences while protecting the billions of transactions it facilitates annually.

The Future

Pay.UK and Ensono continue to deepen their strategic partnership, with enhancements and expansions to existing systems planned. The National Payments Vision, announced by the Chancellor of the Exchequer in November 2024, reiterates Pay.UK’s strategic role in delivering innovative services across the payments landscape in an agile and modular manner. The directory and surrounding services provide the foundation for Pay.UK to deploy more fraud prevention services to the UK payments market, reducing the risk and cost of fraud to customers and service providers alike.

These initiatives will help to continually advance the technological framework at Pay.UK, ensuring its systems are future-proof within the UK’s world-leading financial services sector.

“Partnering with Ensono enabled us to build the CoP and RCMS services from the ground up in less than 8 months, ensuring we delivered to the exact dates that were set by the regulator, which many in the industry thought would be unattainable. The platform ensures that we can continue to offer the highest levels of security and fraud prevention to the millions of UK citizens that rely on our services for their everyday financial transactions.”

– Chief Operations Officer

Get more client success stories like this

Case Study

Bolstering Confidence Across 10 Million People While Combating Fraud

Learn how Ensono’s identity specialists helped enhance the security and reliability of a government-run company register while reducing fraud and increasing information accuracy for over 10 million people.

Read the case study

Case Study

State Future Proofs Mainframe to Safeguard Critical Services for Over 5 Million Citizens

Learn how a U.S. state secured 24/7 public service delivery by modernizing its mainframe with Ensono MFaaS, eliminating risk, ensuring compliance, and enabling scale.

Read the case study