Clock ticking on confirmation of Payee rollout in the UK and EU

by Kevin Flood, director, FIS payments ecosystem strategy, corporate and international banking, FIS Global

Share this post

CoP / VoP

Tick tock, tick tock, rather than being Tick Tock, the croc coming for Captain Hook is the sound of the impending timeline closing in for the implementation of Confirmation of Payee (CoP). The timeline for tranche two of the institutions mandated by the PSR to join the CoP service in the UK is imminent (SD 17 requires that named organisations have implemented solutions by 31st October 2024), with the EU releasing their draft Verification of Payee (VoP) rule book for consultation (which closes 19th May 2024), and is expected to enter publication in September 2024 to take effect by September 2025…

One of the measures that will be used to prevent fraudulent (such as Authorised Push Payment scams / APP) or incorrect payments being made to the wrong account or that of a fraudulent actor. CoP/VoP is a mechanism in the first and last name of an individual or the registered business name (in the case of A2B/B2B) associated to that account along with an account number and sort code (IBAN outside of the UK) is used as a check to make sure the payment is being sent to the correct payee. This works by way of a look-up; once a new payment is initiated, the Payment Service Provider (PSP) that is leveraging CoP / VoP verifies these details against the payee account record and returns an outcome back to the payment initiator.

Four outcomes are expected following the implementation of CoP / VoP (this is true for both the UK and the EU versions of the solution)

Match

  • On using the correct name for the account, positive confirmation is provided that all of the details match as expected, and the payment initiator continues

Close match

  • If the details are similar to those on the account (think, for example, the different ways to spell Aaron), the initiator will be given the details from the account to allow a manual “four eyes” check, either rekeying the details or able to contact the account holder to discuss

No match

  • If the details entered do not match those held on file, the initiator is advised this is the case, and they should contact the individual or organisation for clarity

Unavailable

  • For a varying number of reasons, an initiator may receive this: the service has timed out, the account does not exist, or potentially the FI holding this account has not yet enabled the CoP / VoP service/functionality on their side

The key outcomes for an initiator to heed are those for a No Match or Unavailable response, where additional investigation on their part will be required. The aim is that this layer of “double-check” will help to reduce the impact of certain frauds, misdirected payments, or miss-keyed payments. This is timely given the mandate from the PSR for APP fraud reimbursement, which comes into force on 7th October 2024 in the UK and outlines repayment against this type of fraud.

In the UK, there are two methods for an institution to leverage CoP / VoP, either as a direct participant or via an aggregator. To be a direct participant as an institution requires that, at a minimum, the PSP be FCA or NCA regulated & authorised to perform payment service activities, to have customers (either individuals or business(es) that are reachable by sort code and accounts number(s), be part of the named set of organisations that are referenced in the PSR’s SD17 and offer accounts addressable by Secondary Reference Data “SRD” (i.e. not the account number and sort code only) and possesses a unique sort code listed on the Extended Industry Sort Code Database (EISCD). Upon meeting the criteria, an institution can either engage with a third party to leverage their CoP / VoP modules, capability & functionality or develop an in-house solution. The alternate method via an aggregator simplifies the process somewhat by allowing a third party to join and use their certificates to identify with other institutions, streamlining the connection process, the aggregator model will not be made ready until Spring 2024.

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?