Confirmation of Payee (CoP) is a real-time name-matching service that checks whether the payee name provided by a sender corresponds to the name registered to the destination account at the recipient’s bank or payment service provider, before the payment instruction is processed. The check is embedded in the payment journey at the pre-authorisation stage, giving the payer the opportunity to review, correct, or cancel the payment if a discrepancy is identified. CoP addresses two distinct risks: Authorised Push Payment (APP) fraud, in which a payer is deceived into sending funds to an account under a false name, and misdirected payments caused by data entry errors or outdated payee details.
As illustrated in a typical CoP payment flow, the payer enters the recipient’s name, account number, and sort code in their payment interface. The sending institution submits an encrypted CoP query to the receiving institution via a secure API connection. The receiving institution runs the supplied name against its account records using a predefined name matching algorithm and returns one of four responses: match, close match, no match, or unable to verify. The sending institution presents the result to the payer and applies its decision logic. A match result allows the payment to proceed. A close match or no match result triggers a warning that the payer must actively acknowledge before the payment can continue. The entire process completes in under two seconds, enabling CoP to operate within the response time requirements of real-time payment systems including Faster Payments.
Key Takeaways: #
- Confirmation of Payee (CoP) is a real-time name-matching service that verifies whether the payee name entered by a sender matches the name registered to the destination account, before a payment is authorised;
- In the UK, CoP was mandated by the Payment Systems Regulator (PSR) in 2020 for all banks and building societies connected to the Faster Payments Service and CHAPS, and is governed by the Pay.UK CoP scheme rules;
- CoP is the UK-specific implementation of payee name verification. The EU equivalent, Verification of Payee (VoP), is mandatory for all PSPs offering SEPA credit transfers under the Instant Payments Regulation, with Eurozone PSPs required to comply by 9 October 2025.
Why Confirmation of Payee Matters #
APP fraud prevention: APP fraud is one of the most prevalent and costly forms of payment fraud in the UK, accounting for hundreds of millions of pounds in annual losses. CoP is a direct control against this fraud type, as it catches name-to-account mismatches at the point of payment initiation, before funds leave the payer’s account. By alerting the payer to a discrepancy that may indicate the account is not held by the intended recipient, CoP disrupts the fraud attempt at the earliest possible stage.
Misdirected payment prevention: Beyond fraud, CoP reduces the volume of payments sent to unintended recipients due to typographical errors, transposed digits, or outdated account details. Surfacing these discrepancies before payment submission reduces the operational burden of investigating and recovering misdirected funds, and the associated costs for both the payer’s and recipient’s institutions.
Regulatory compliance in the UK: CoP was mandated by the PSR in 2020 under the Specific Direction 10 (SD10), initially requiring the six largest UK banking groups to implement the service. The requirement has since been extended to all PSPs connected to the Faster Payments Service and CHAPS. The Pay.UK CoP scheme rules define the technical standards, matching logic requirements, response types, and user-facing messaging that participating institutions must follow. PSPs that fail to implement CoP in accordance with the scheme rules are subject to enforcement action by the PSR.
Customer trust and operational efficiency: CoP provides payers with real-time confirmation that their payment details have been verified against the recipient’s account record, increasing confidence in digital payment channels. For financial institutions, a reduction in misdirected payments and APP fraud incidents translates into lower dispute resolution costs, fewer regulatory incidents, and reduced exposure to reimbursement obligations under the PSR’s mandatory APP fraud reimbursement rules, which came into force in October 2024.
Key Technical and Operational Considerations #
Scheme rules and standardisation: CoP operates under the Pay.UK CoP scheme rulebook, which defines the mandatory rules for how queries are formatted, how name matching must be performed, what response types must be returned, and how results must be presented to the payer. Standardisation across all participating institutions ensures a consistent user experience and prevents individual institutions from applying inconsistent matching thresholds that could undermine the effectiveness of the service.
Name matching algorithm design: The matching algorithm must balance fraud detection effectiveness against the risk of false mismatches that reject legitimate payments. The algorithm must handle common name variations including abbreviations, diacritics, alternative business name formats such as Ltd versus Limited, differences in name ordering, and spacing variations. The Pay.UK scheme rules define the framework within which matching logic must operate, but participating institutions retain some discretion over specific implementation details. Institutions should monitor their mismatch rates and review matching rules regularly to ensure the algorithm remains calibrated appropriately.
API connectivity and routing: CoP queries are transmitted between sending and receiving institutions through secure APIs. In the UK, the routing of queries to the correct receiving institution is managed through the Pay.UK CoP directory service, which maps account identifiers to their respective PSPs. Institutions must maintain accurate and current records in the directory to ensure that queries are correctly routed and that their own accounts can be verified by other participants.
Scalability and performance: CoP queries must complete within the sub-second response times required to support real-time payment processing. PSPs must ensure their CoP infrastructure can handle peak transaction volumes, maintain continuous availability, and meet the latency requirements defined in the Pay.UK scheme rules. Performance failures that delay or prevent CoP responses can cause payment processing failures and degrade the user experience.
Fallback and exception handling: Where a CoP query returns an “unable to verify” response, the sending institution must apply a defined fallback policy. This may involve allowing the payment to proceed with a warning displayed to the payer, or imposing additional verification requirements depending on the transaction risk profile. Institutions should ensure their fallback logic is documented, consistent, and aligned with the Pay.UK scheme requirements.
Data privacy and GDPR compliance: CoP returns a match status rather than disclosing the account holder’s personal data to the requesting institution. This confirmation-without-disclosure model limits the personal data transmitted during the check to what is necessary for the verification purpose, in line with GDPR data minimisation principles. Institutions must ensure that CoP query logs and match results are retained and processed in accordance with their GDPR obligations, including defined retention schedules and access controls.
Limitations and Common Risks #
False mismatches: Overly strict matching logic can generate false mismatches for legitimate payments where the payee name is formatted differently from the account record, for example where a business trades under a shortened name or where personal names include titles or middle names not recorded in the account data. Institutions should maintain accurate customer name records and calibrate matching thresholds to minimise unnecessary friction for legitimate payers.
Partial participation: The effectiveness of CoP depends on the breadth of participation across the payment ecosystem. Where the receiving institution is not a CoP participant, the query will return an “unable to verify” response rather than a confirmed match or mismatch, limiting the protection available for those payment flows.
User override risk: Where payers are permitted to proceed with a payment despite receiving a no match or close match warning, the protective value of CoP is diminished. Institutions should implement clear, unambiguous messaging that explains the implications of a mismatch and requires a deliberate payer action to override the warning, rather than allowing passive dismissal.
APP fraud reimbursement context: Under the PSR’s mandatory APP fraud reimbursement rules, which came into force in October 2024, sending PSPs are generally required to reimburse victims of APP fraud up to a defined limit. The payer’s response to a CoP warning is relevant to the reimbursement assessment: where a payer proceeded with a payment despite a clear mismatch warning, this may be considered in determining whether the payer took adequate precautions.
CoP and VoP: UK and EU Frameworks Compared #
Confirmation of Payee and Verification of Payee are functionally equivalent services operating under separate regulatory frameworks in different jurisdictions. CoP is the UK scheme, governed by Pay.UK and the PSR, operating within the Faster Payments and CHAPS infrastructure. VoP is the EU scheme, governed by the EPC VoP scheme rulebook and mandated under the Instant Payments Regulation (EU 2024/886), operating within the SEPA credit transfer infrastructure. Both services perform the same core function: verifying that the payee name entered by the sender matches the name registered to the destination account before a payment is authorised. PSPs operating in both the UK and EU must implement both schemes independently and in accordance with the respective scheme rules and regulatory deadlines applicable in each jurisdiction.
FAQ: #
What is the difference between a “close match” and a “no match” response in CoP?
- A close match response indicates that the name supplied by the payer is similar but not identical to the name registered to the account, for example due to a minor spelling variation, abbreviation, or formatting difference. The payer is advised to review the details before proceeding. A no match response indicates that the name supplied does not correspond to the account record. The payer is strongly advised to verify the payee details with the intended recipient before proceeding. In both cases, the payer may choose to continue the payment, but doing so after a no match warning increases the payer’s responsibility for any resulting loss under the PSR’s APP fraud reimbursement framework.
Does CoP apply to international payments sent from a UK bank account?
- CoP applies to domestic UK payments made through the Faster Payments Service and CHAPS, where both the sending and receiving institutions are CoP participants. For international payments, including SWIFT-based transfers and SEPA credit transfers sent from a UK account to an EU account, CoP does not apply. PSPs processing cross-border payments should assess what alternative payee verification controls are available for those payment flows, and should be aware that the EU VoP requirement applies to SEPA credit transfers processed by EU-licensed PSPs rather than to payments originating from the UK.
