Understanding confirmation of Payee: The route to enhanced security in payment services

by Rohan Chakraborty, Senior Associate Payment Services, Thistle Initatives

Share this post

In the first half of 2023, UK Finance reported authorised push payment (APP) fraud losses amounting to £293.3 million, with the total number of APP cases increasing by 22%. The nature of authorised push payment (APP) fraud was harrowing – victims were willingly initiating and authorising payments into controlled accounts, often driven by criminal manipulation or misinformation.

The malicious presence of APP fraud is accompanied by a more innocent, but nevertheless threatening, issue of accidental payments – for example, by those making payments not taking steps to ensure that they have correctly spelt the name of the payee in relation to the account they are paying into. With growing awareness of these two pressing issues that are challenging secure financial transactions, this is where Confirmation of Payee comes in.

What is Confirmation of Payee?

Introduced by Pay.UK in 2020, Confirmation of Payee (CoP) is an account name verification service, effectively validating account names before payment initiation. It has led to enhanced confidence in UK domestic payments by ensuring funds are directed to the intended account holder. The service’s utility is also proven for customers making payments to unfamiliar accounts, reinforcing the overall reliability of financial transactions and reducing the risk of errors.

In the Payment System Regulator’s Specific Direction 2017 (PSR SD17), the PSR established that Confirmation of Payee is now a requirement for directed payment service providers (PSPs). Currently, the service is principally utilised in push payment transactions (e.g. Faster Payments, CHAPS), and in some instances is used by customers with BACS Direct Credit payments. In Spring 2024, Pay.UK is making available its Aggregator model (an alternative to its current direct Confirmation of Payee model), helping widen the scope of organisations that can successfully participate in setting up Confirmation of Payee. 

How does Confirmation of Payee work?

When initiating a new payment, payment service providers (PSPs) using CoP are able to verify essential details such as the name, sort code, account number and further reference data (e.g. building society roll number, account type). They cross-reference information with payee account records and outcomes fall into four possible categories:

  1. A positive confirmation for correct account names,
  2. A “Close Match” for similar names that require additional verification or clarification,
  3. A negative response for mismatches prompting customers to check payee details,
  4. An “Unavailable” outcome due to factors like timeout, customer opt-out, or non-existent accounts.

Ultimately, the establishment of Confirmation of Payee offers a crucial solution for UK banks, building societies and other PSPs to significantly lower the risk of certain types of fraud and misdirected payments. This is especially true for APP fraud, giving PSPs a framework through which they can effectively notify payers concerning the potential harm of paying into an account when the account name does not align with the payer’s provided details. 

How will it be implemented in the UK payments industry?

As discussed previously, with a key priority being adoption of CoP across the UK payments industry, the PSR is mandating over 400 PSPs to have developed a suitable system for sending and responding to CoP requests in compliance with CoP rules. Specifically, a compliant system will send CoP requests any time the directed PSP’s customer adds a new payee or updates unique identifiers for an existing payee.

Directed PSPs will be categorised into either one of two groups – the first, Group 1, is comprised of PSPs listed on the Schedule, and that had the earlier deadline of 31 October 2023 to have set up and begun using the system to send and respond to CoP requests. They were prioritised by the PSR based on complexity and size, alongside the projected impact of their use of CoP on APP fraud prevention.

The rest of the directed PSPs are described as Group 2 PSPs and will be subject to a later deadline of 31 October 2024. As defined in SD17, this is any other PSP lacking a CoP system in regular operation (as of the date of direction), and that is a participant in Faster Payments/CHAPS, conducts relevant business, possesses a unique sort code listed on the Extended Industry Sort Code Database (EISCD), and/or is a building society. 

Ahead of October 2024: Actions For Directed PSPs To Take

  • Consider whether the direct model offered by Pay.UK is suitable for your business, or contact Pay.UK about more information on the progress of its alternative Aggregator model.
  • Once their CoP system is established, PSPs must notify the Payment Systems Regulator (PSR) within 28 days.
  • If unable to meet its obligations in time for the deadline of 31 October 2024, the PSP must inform the PSR of the reasons and steps taken within 28 days.
  • It is also key to highlight that arrangements with third parties do not exempt PSPs from the compliance duties associated with CoP systems.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?