Verification of Payee (VoP) is a real-time name-to-account matching service that checks whether the payee name entered by the sender corresponds to the name registered to the destination account at the recipient’s payment service provider, before the payment instruction is executed. By surfacing mismatches at the pre-authorisation stage, VoP gives payers the opportunity to confirm, correct, or cancel a payment before funds leave their account. The check applies to both exact and approximate name matches, with the matching logic designed to accommodate legitimate variations in name formatting while flagging discrepancies that may indicate fraud or data entry error.
As illustrated in a typical VoP payment flow, the payer enters the destination IBAN and payee name in their payment interface. The requesting PSP submits a VoP query containing the name and account identifier to the responding PSP, typically via an API connection or directory routing service such as the EPC Directory Service in SEPA. The responding PSP runs the name against its account records and returns one of four results: match, close match, no match, or unable to verify. The requesting PSP presents the result to the payer and applies its decision logic, which may allow the payment to proceed, display a warning, or block the transaction depending on the result and the PSP’s internal policies. The entire process occurs within seconds for instant payment transactions.
Key Takeaways: #
- Verification of Payee (VoP) is a real-time check that verifies whether the payee name entered by a sender matches the name registered to the account at the recipient’s bank, before a payment is authorised;
- In the EU, VoP is mandatory under the Instant Payments Regulation (IPR) for all payment service providers offering SEPA credit transfers. The compliance deadline for Eurozone PSPs is 9 October 2025, with non-Eurozone EU countries required to comply by July 2027;
- VoP is a primary control against Authorised Push Payment (APP) fraud, in which fraudsters deceive payers into sending funds to accounts under false names, and against misdirected payments caused by data entry errors.
Why Verification of Payee Matters #
APP fraud prevention: Authorised Push Payment (APP) fraud occurs when a fraudster deceives a payer into sending a payment to an account under a false or misleading name. VoP is a frontline control against this type of fraud, as it catches name-to-account mismatches before funds leave the payer’s account. By alerting the payer to a discrepancy at the point of payment initiation, VoP disrupts the fraud attempt at the earliest possible stage, before any financial loss has occurred.
Misdirected payment prevention: Beyond fraud, VoP also addresses the risk of misdirected payments caused by typographical errors or incorrect account details. Even a minor difference in name spelling or account number can result in funds being sent to the wrong recipient. VoP surfaces these discrepancies for the payer’s review before the payment is submitted, reducing the volume of misdirected payments and the operational cost of investigating and reversing them.
Regulatory compliance: Under the EU Instant Payments Regulation (IPR), VoP is a mandatory requirement for all PSPs offering SEPA credit transfers within the EU. Eurozone PSPs must implement VoP by 9 October 2025. PSPs in non-Eurozone EU member states have until July 2027 to comply. The European Payments Council (EPC) has published a VoP scheme rulebook defining the uniform rules, technical standards, and practices that PSPs must follow to deliver a compliant implementation.
Customer trust and operational efficiency: VoP reduces the volume of payment disputes, misdirected payment investigations, and customer support cases arising from payment errors. For PSPs, this translates into lower operational costs and fewer regulatory incidents. For customers, the real-time confirmation that a payment is going to the intended recipient builds confidence in digital payment channels.
Implementation and Technical Considerations #
Directory and routing infrastructure: Routing a VoP query to the correct responding PSP requires a directory or routing service that maps account identifiers to their PSPs. In the SEPA context, the EPC Directory Service provides this routing function. PSPs must connect to the relevant directory infrastructure and ensure their own account data is accurately registered and maintained within it.
Name matching algorithm design: The matching algorithm must balance two competing requirements: sufficient strictness to detect fraudulent mismatches, and sufficient tolerance to avoid rejecting legitimate payments where name variations are innocuous. The algorithm must handle common variations including abbreviations, diacritics, alternative spellings, business name suffixes such as Ltd or GmbH, and differences in the ordering of first and last names. The EPC VoP scheme rules define the framework within which matching logic must operate, but PSPs retain discretion over certain implementation details.
Scalability and performance: VoP queries must complete within the response time required for real-time payment processing, which for SEPA Instant Credit Transfers is ten seconds end to end. PSPs must ensure their VoP infrastructure can handle peak transaction volumes, maintain 24/7 availability, and meet the latency requirements defined in the EPC scheme rules. Performance failures that delay the VoP response can degrade the user experience and, in some cases, cause payment processing failures.
Fallback and exception handling: Not all accounts or PSPs will support VoP, particularly during the transition period before mandatory compliance deadlines. Where a VoP query returns an “unable to verify” response, the requesting PSP must have a defined fallback policy. This may involve allowing the payment to proceed with a warning displayed to the payer, imposing additional manual verification requirements, or blocking the payment depending on the transaction risk profile and the PSP’s internal risk appetite.
Data privacy and minimal data exposure: VoP is designed to return a match result rather than exposing the account holder’s full name or personal data to the requesting PSP. This approach limits the personal data transmitted during the check to what is necessary for the verification purpose, in line with GDPR data minimisation principles. PSPs must ensure that their VoP implementation, including the logging and retention of query results, complies with their GDPR obligations.
Liability and risk allocation: A robust VoP implementation affects the allocation of liability in the event of a misdirected payment or APP fraud incident. Where a PSP has implemented VoP in accordance with scheme rules and the payer has been presented with a mismatch warning but chose to proceed, liability may shift towards the payer. Conversely, where a PSP has not implemented VoP or has implemented it incorrectly, it may bear greater liability for losses arising from misdirected payments or fraud. The specific liability framework is defined by the applicable scheme rules and, in the EU, by the provisions of the Instant Payments Regulation.
Limitations and Common Risks #
Name matching ambiguity: Overly strict matching logic may generate false negatives, rejecting legitimate payments where the payee name is formatted differently from the account record. Overly tolerant logic may allow fraudulent transactions to pass through undetected. Calibrating the matching threshold is an ongoing operational challenge that requires monitoring of mismatch rates and regular review of matching rules.
Partial scheme coverage: During the transition to mandatory VoP, not all PSPs within the SEPA zone will have implemented the service. This partial coverage limits the overall protection VoP can offer, as queries to non-participating PSPs will return “unable to verify” responses rather than confirmed matches or mismatches.
User override risk: Where payers are permitted to proceed with a payment despite a mismatch warning, the protective value of VoP is reduced. PSPs should implement clear, unambiguous messaging that explains the implications of a mismatch and requires the payer to take a deliberate action to override the warning, rather than allowing passive dismissal.
Cross-border and non-SEPA payments: VoP as defined by the EPC scheme applies to SEPA credit transfers within the EU. For payments outside the SEPA zone, equivalent name verification mechanisms may not be available, or may operate under different technical standards and matching conventions. PSPs processing non-SEPA cross-border payments should assess what alternative controls are available for those payment flows.
EU Regulatory Context and Compliance Timelines #
The EU Instant Payments Regulation (IPR), which entered into force in April 2024, makes VoP a mandatory requirement for all PSPs offering SEPA credit transfers. The EPC VoP scheme, published alongside the IPR, defines the technical and operational standards PSPs must meet. Key compliance milestones are as follows: Eurozone PSPs must implement VoP by 9 October 2025, and non-Eurozone EU PSPs must comply by 9 July 2027. PSPs that fail to implement VoP by the applicable deadline are subject to enforcement action by their national competent authority.
FAQ: #
Does VoP apply to SEPA Direct Debit transactions?
- The EPC VoP scheme and the Instant Payments Regulation mandate VoP for SEPA credit transfers, including both standard SEPA Credit Transfer (SCT) and SEPA Instant Credit Transfer (SCT Inst). SEPA Direct Debit transactions are not within the current scope of the VoP mandate, as the payment initiation dynamic is different: in a direct debit, the collecting party initiates the transaction rather than the payer. PSPs should monitor EPC and regulatory developments for any future extension of VoP requirements to direct debit or other payment types.
What is the difference between Verification of Payee and Confirmation of Payee?
- Confirmation of Payee (CoP) is the UK-specific implementation of a payee name verification service, introduced by Pay.UK and the Payment Systems Regulator. It operates on the same conceptual basis as VoP, checking the payee name against the account record before a payment is submitted, but is governed by UK-specific rules and operates within the UK Faster Payments and CHAPS infrastructure. VoP is the EU equivalent, governed by the EPC VoP scheme and the Instant Payments Regulation. The two schemes are separate but functionally similar, and both are regulatory requirements in their respective jurisdictions.
