Implementing Verification of Payee – Challenges and Recommendations

What is Verification of Payee?

Verification of Payee (VoP) is a requirement for European Financial institutions introduced by European Instant Payment Regulation (Regulation (EU) 2024/886) to tackle rising fraud.

Its primary purpose is to ensure that any funds transferred by a banking customer are sent to the intended recipient. It works by matching the name provided by the payer, during a transaction, with the name registered to the recipient’s bank account. The system alerts the user when there is a mismatch, thereby reducing the risk of fraud and human error in payment processes. VoP is particularly relevant in the context of Instant Payments, which allow funds to be transferred in real-time, 24/7. This immediacy, while convenient, also heightens the risk of fraud and errors. VoP addresses these risks by verifying the recipient’s details, preventing misdirected payments and reducing the likelihood of fraud.

For more details on VoP concept and fundamental please refer to our recent blog, Navigating Verification of Payee: UK, EU and globally.

How does VoP work?

The implementation of Verification of Payee (VoP) involves two primary requirements based on the request’s direction: a requesting service and a responding service. Before initiating a payment, the payer’s bank (acting as the requesting Payment Service Provider) sends a request to the beneficiary’s bank to verify the beneficiary’s name and account details. The payer bank uses a VoP Directory service which provides the API endpoint of the beneficiary bank. The beneficiary’s bank (acting as the responding PSP) checks if the provided information matches their records and sends a response back to the payer’s bank. The result can be a complete match, a partial match, or no match. The payer’s bank then informs the payer of the result, allowing them to decide whether to proceed with the transaction (in cases of a partial or no match) or to amend the details before continuing.

Although this closely resembles the Confirmation of Payee (CoP) service launched by Pay.UK in the UK, there are some key distinctions. For instance, CoP mandates a check only for every new payee whereas VoP check is required for every payment. CoP verification also relies on a sort code and account number, whereas VoP uses an IBAN. Additionally, the Open Banking Implementation Entity (OBIE) oversees the CoP verification directory, while the VoP directory will be managed by the European Payments Council in collaboration with SWIFT, according to a recent announcement.

Note: Although the diagram above shows a direct API call, a bank may also opt to use a provider known as RVM’s (Routing and or Verification Mechanisms)

What happens if there is a Close/Partial Match or a No Match?

While a VoP check is performed as part of the payments process, it occurs before the transaction is initiated to the beneficiary bank. A negative VoP response or a ’Partial Match‘ does not imply that the payment is cancelled. Even if there is a ‘No Match’, the payer can still proceed with the payment. This serves merely as a caution, that the payment might be directed to an unintended recipient. The payer is then advised to double check the details with the beneficiary before proceeding with the payment. The regulation is not prescriptive on the message to be provided back in the case of a partial or a no match. It is instead left to the banks to decide on the messaging. Provided below are examples of two UK banks that have implemented a very different style of messaging back to the customer in case of a ‘No match’.

VoP implementation challenges and recommendations

While checking the name and account details with the beneficiary bank may appear to be a small change, the impact is significant.

Challenges for a requesting PSP:

1. Impact on customer segments and journeys: The change affects all customers as the regulation applies to all customer segments – individual as well as businesses. Hence, all channels that offer a payment initiation service need to be integrated with the VoP solution and must be updated to request and provide a VoP check result. This also applies to channels where a bank colleague initiates a payment on behalf of a customer. Therefore, integration of all these channels with a VoP in a short time frame is crucial.
2. Acting as a responding PSP: A requesting PSP must also function as a responding PSP in situations involving on-us or book payments.
3. Processing Bulk requests: While business/corporate customers can choose to ‘Opt out’ of VoP for Bulk payments, they are still in scope. They may submit a Bulk request, however, the requesting PSP can only send individual VoP request. This increases the challenges for the requesting PSP to de-bulk the requests and provide the responses within the SLA’s while also ensuring to handle exceptions without disruption to the batch in case of a partial or a no match.
4. Scalability of the solution: As the volume of instant payments continues to grow steadily worldwide, it is crucial that any Verification of Payee solution implemented is scalable to accommodate this increasing demand in the foreseeable future.

Challenges for a responding PSP:

1. Data quality: Customer names on bank records have not been used for validation purposes until now. In some cases, where customer data has been transferred from legacy systems or retained for a long time, it may need to be re-verified and updated.
2. Matching challenges: Matching seems straightforward for individual customers, but it becomes more complex when dealing with joint accounts, double-barrelled last names, or names with accented characters. Corporate names present their own challenges, as customers may use trading names.
3. Response times: The responding PSP only has a few milliseconds to match and provide a response to the requesting PSP. This could potentially prove challenging for a responding PSP with a large customer base due to the size of the customer records and the volume of requests.

Insights and Recommendations

With the regulatory deadline approaching in October 2025, it’s crucial for PSPs to act swiftly to achieve VoP compliance. To build an effective VoP solution, banks should think strategically to implement a common solution that supports multiple name checking services and should draw on the experiences of established VoP providers. Key best practices include ensuring robust data security measures are in place to protect sensitive information and prevent fraud. Banks should also prioritise seamless integration capabilities with existing systems to minimise disruptions and maintain operational efficiency. Additionally, scalability is crucial, allowing the solution to handle increasing transaction volumes without compromising performance. Implementing digital operational resilience strategies will help banks quickly recover from unexpected disruptions, maintaining customer trust and avoiding financial losses. By focusing on these areas, banks can develop a reliable and secure VoP solution that meets regulatory requirements and enhances customer confidence.

To streamline the implementation of VoP, banks may consider partnering with specialised VoP software solution providers like Icon. Icons IPF (Icon Payments Framework) includes a VoP Module that supports multiple VoP/CoP schemes and leverages name matching algorithms based on AI technology. IPF offers both a VoP requesting service as well as a VoP responding service. Additionally, it is scalable to support large volumes of name matching requests and offers easy integration with various channels. The matching algorithm is already optimized to deliver the best results.

Partnering with Icon allows banks to streamline their operations by focusing on refining internal procedures and ensuring regulatory compliance. This collaboration frees banks from the complexities of software development and integration, enabling them to deliver seamless and efficient services to their customers.

This approach can help banks efficiently manage the VoP process, minimise operational disruptions, and ensure they are prepared to meet stringent regulatory timelines.