Definition
VoP (Verification of Payee) checks the consistency between the name entered by the sender of a transfer and the actual holder of the destination IBAN account.
The payer receives an answer before confirming: match, close match (with a suggestion) or no match. It is the flagship APP-fraud measure of the Instant Payments Regulation: since 9 October 2025, every euro-area PSP must offer VoP free of charge on all SCT and SCT Inst transfers.
How it works
The payer keeps the final decision: a "no match" does not prevent sending, but shifts liability onto them if they proceed.
The three answers
- Match: the name and the holder correspond (fuzzy matching tolerant of accents, first-name/surname order and abbreviations) — green display.
- Close match: close but not identical ("Jean Dupont" vs "Jean-Pierre Dupont") — the PSP suggests the correct name.
- No match: no correspondence — a red alert, explicit confirmation required. Covers the bulk of APP fraud based on IBAN spoofing.
Regulatory framework
The IPR (EU 2024/886) makes VoP mandatory for all PSPs offering SCT or SCT Inst in the euro area, free of charge, on both single and batch transfers, for business and individuals — by 9 October 2025 (euro area) and 9 July 2027 (non-euro). The EPC has published the scheme rulebook (API, a response in < 5 seconds, ISO 20022 acmt.024/acmt.025 format), and EBA Clearing operates the EBA SVP routing infrastructure.
Technical architecture
Routing goes through EBA SVP (centralised, neutral), private networks (SurePay, iPiD, Sentenial) or, marginally, bilaterally. On the PSP side, the challenges are keeping a holder database up to date, implementing robust multilingual fuzzy matching, responding in under 5 seconds, and handling batch VoP (salaries, benefits) without saturation.
The link with APP fraud
APP fraud (the fake adviser, the fake bank details, the fake CEO) is exploding (+50%/year in the EU, several billion euros in losses). VoP counters it directly: fake bank details do not match the claimed identity → no match → alert. In the UK, Confirmation of Payee (the equivalent, in place since March 2020) has reduced APP fraud notably (for example −31% reported by Lloyds), albeit with a partial shift towards cards and international transfers.
What VoP does not cover
- Not "willing" APP fraud: if the payer confirms a no match while under coercion, there is no protection.
- Not transfers outside the SEPA zone: the scheme stops at SEPA.
- Not card payments: a different world (3DS2 / SCA).
- Not commercial legitimacy: it verifies identity, not the quality of the service.
What VoP is not
- Not a central database: there is no European DB, but a routing network with a lookup at the payee's PSP.
- Not a guarantee: the payee's PSP remains responsible for the quality of the registered name (KYC).
- Not automatic blocking: the payer stays in control, simply informed.
- Not a merchant service: it is inter-PSP, not Pay by Bank.
Within the PSD2 / PSR ecosystem
VoP is one of the anti-fraud pillars of the PSR/PSD3, alongside fraud-data sharing between PSPs, the broadening of liability for APP fraud, and a VoP API reusable by other services (Open Finance, credit beneficiary verification).
Real-world examples
- Fraud avoided: a fake "tax authority" email with a fraudulent IBAN; the payer enters "Trésor Public" → no match → stop.
- Salary batch: a file of 500 transfers returns 12 "no matches", corrected before execution.
- SurePay: the long-standing leader in the Netherlands since 2017, exported to BE, UK and DE.
- iPiD: a pan-European challenger, partner of EBA Clearing.
- UK Confirmation of Payee: an inspiring model, in place since 2020, extended to hundreds of PSPs.
- France: all the major PSPs (BNP, SG, CA, La Banque Postale, Qonto, Revolut FR, Bridge) rolled it out at the end of 2025.
- UX: the challenge is not to degrade the instant experience; a simple green/orange/red icon check is becoming the norm.
- FIDA link: in time, VoP could be enriched with data shared via FIDA to better qualify payees.