Confirmation of Payee

Strengthening consumer trust in digital payments

Authors:

Dipankar Dey , Chief of Products, RS Software

Soumi Ray , Business Analyst, RS Software

Introduction

With time, as technology evolves, so does the type of fraud. Financial frauds, nowadays, are increasingly sophisticated. Fraudsters are leveraging the advancement in digital communications and data processing to dupe individuals and organizations. This has necessitated the implementation of various innovative and ever-evolving fraud and risk management techniques to help mitigate the risks associated with financial fraud. Moreover, as payment settlement became faster due to real-time payment adoption, the time for Financial Institutions to manage risk also has reduced from hours to seconds.

One of the rising fraud types specifically in parlance with real-time payment is Authorised Push Payment (APP). According to industry reports, APP fraud has become rampant and is nearly 50% of the total fraud. Some other types of fraud include Invoice and impersonation-related scams. As per an article published by the Payments Association, APP-related frauds increased by 22% in the beginning of 2023 which resulted in a loss of ￡ 293.3 million.

For any Financial Institution, the cost involved in addressing any financial fraud is not limited to only the fraud amount but also includes the damage caused to the brand image of the Financial Institution.

This is where the Confirmation of Payee (CoP) solution comes in as a first step towards mitigating fraud. It not only addresses fraud but also helps reduce misdirected payments caused by the entry of incorrect details of Payee name.

Confirmation / Verification of Payee

Confirmation of Payee serves the purpose of safeguarding financial transactions. It aims to reduce fraud and errors by ensuring that the payment details mentioned by the Payer match the intended Payee details. Designed to reduce risks associated with fraudulent transactions, APP frauds, and misdirected payments, CoP was introduced as a peer-to-peer service powered by APIs within the ISO 20022 framework.

Confirmation of Payee (CoP) and Verification of Payee (VoP) are often used interchangeably. While both aim to address fraud and errors, they have subtle differences depending on the implementation in different jurisdictions:

CoP is more frequently used for obtaining the name of the payee that maps to the account details where payment would be made., whereas VoP is used to verify the existence of a payee account

CoP is a term widely used in the UK and Nordics while the European Payment Council mostly uses VoP

While some parts of the world have already implemented confirmation of payee in some form other parts of the world are now gearing up for implementing the same. Some of the existing solutions are as below:

UK has Confirmation of Payee that was introduced by Pay.UK in 2020

India has Confirmation of Payee service for UPI instant payments

France has implemented SEPAmail’s IBAN-Namecheck verification solution named DIAMOND

Netherlands has SurePay

Italy has a solution by CBI Globe

CoP / VoP as Mandates

Till now, implementation of CoP / VoP across different jurisdictions was not under a regulatory mandate. However recently as per the EU Instant Payments Regulation (Regulation 2024/886), it has now been mandated to implement the Verification of Payee (VoP) service by payment service providers (PSP) for Euro-based credit transfers by October 2025. Under this rule, the Payer should be informed about the correctness of the payee’s account number and account name. Failing to do this, for any unintended payment, the loss must be borne by the Payer and Payer banks.

European Banking Association (EBA), as per EPC rulebook guidelines, has set up a centralized VoP solution.

Following the EU mandate, many other jurisdictions/countries are now seriously considering implementing CoP / VoP as a mandate.

Australia is set to introduce a nationwide CoP solution system by 2025

Canada is planning to implement a CoP along with RTR Launch

Different Nordic Countries are on the verge of implementing CoP

In the US, a standardized CoP service does not exist currently. Various Banks/ FIs and PSPs offer their own solutions for account verification. For example, Zelle, operated by Early Warning Services, has introduced certain measures to fight fraud, including reimbursements for certain imposter-based scams. Having a standardized approach toward CoP solutions may help address fraud to a significant extent thereby reducing financial loss.

While some countries like Singapore, Japan, Hongkong, and New Zealand do not have any established standardized solution for confirmation of payee yet, they are considering developing such solutions and are promoting digital payment-related security initiatives. Some are providing their own name-check-based solutions to their customers.

How does CoP work?

The CoP or VoP can be done at the time of the addition of a beneficiary or before a credit transfer request is initiated.

The solution can be implemented by a centralized solution or by a federated solution.

Centralized Solution: A solution where all account details are allowed to be stored in a central database. An account verification can be done at the central database. Typically, the central solution will publish APIs for PSPs or Payers to consume and get the account validated or obtain account details with the right permission. This model works well when AISP, Banks, and Financial Institutions are ready to share account holder information with the central database.

Federated Solution: Typically, applicable in situations where AISP, Banks, and Financial Institutions are not comfortable sharing account information. In this scenario, a central switch is required, which can route the request to the respective bank or consortium database for validation; the service is exposed to PSPs or Payers via APIs. In this case, the account data remains with the bank owning the customer relationship, but the central solution orchestrates the request through a central switch.??

Challenges in implementing CoP

In response to the rising APP fraud across the globe, several countries are considering the implementation of CoP. In some countries implementing CoP has now become a regulatory need forcing Banks/FI/PSPs to design solutions for the same. The actual implementation however presents several challenges for FIs/Banks/PSPs. Some of them are highlighted below:

Tight timeline for implementation of CoP in countries where it has been mandated.

The effectiveness of CoP for cross-border transactions is uncertain given the varying regulatory standards and technological capabilities across different countries.

For businesses that still submit payment instructions to Payers in files, managing the responses for CoP against each of the payment instructions is challenging.

For the European market, since multiple jurisdictions are involved, harmonizing VoP/CoP solutions across jurisdictions will be difficult.

A seamless solution for cross-border payment CoP is yet to be conceptualized considering message payment infrastructure differentials. While Swift's pre-payment validator could be handy, Swift does not handle money movement. So, integrating Swift pre-payment validator along with a border payment solution will not be a seamless experience.

?

CoP from RS Software

RS Software has designed and built UPI for instant payments in India, which has a built-in CoP Solution. This solution has effectively been in use for 8+ years and is a future-ready solution built leveraging composable component architecture that can be seamlessly integrated with any payment engine using its APIs without impacting the payment processing lifecycle, thereby accelerating the implementation of CoP.

Below is a representation of a typical process flow for RS VoP/CoP Solution before payment initiation:

Steps 1 – 8 (VoP/CoP workflow): It involves sending of acmt.023 message from the Payer PSP/FI to the Payee PSP/FI and receiving acmt.024 message as a response from the Payee PSP/FI to the Payer PSP/FI.

Steps 9-17 (Credit Transfer workflow): Post VoP/CoP positive response received, Payer can initiate a credit transfer using Pacs.008 through Payer bank/PSP to Payee bank/PSP and receive a pacs.002 as a response from the Payee bank/PSP.

The VoP/CoP solution from RS Software considers a federated architecture for implementing a Directory of directories with ways to reduce friction in the payment flow. It not only ensures data privacy of sensitive information like payee account details but also that the ownership of the data lies with the respective Bank/PSP. The solution is capable of de-duplication of duplicate Payee names from multiple directories. It is also capable of masking and unmasking Payee information as per requirement.

Key components of RS CoP solution

Orchestrator Manages the data flow among various modules dynamically.

Rule Engine Helps parse the proxy/alias/smart address, which the system supports, to take the next decisions.

Directory Service The directory service offers to resolve the necessary Payee details by itself, i.e., centrally, or with its federated architecture facilitates resolution based on directories held by banks and financial institutions, or third parties.

Mapper Mapper is the database that stores all types of mappings – like mapping between the alias and actual account information, mapping between mobile number and proxy, etc.

Tokenizer Tokenizes sensitive information, like PII, phone number, etc., and maintains it in a token vault for safe access.

Conclusion

CoP is gradually set to become an integral part of payment systems across the globe. Implementing CoP solutions will be crucial for FIs/PSPs to ensure safer digital transactions and protect their customers from fraud and misdirected payments by providing them the required security and reliability. This will not only help in reducing APP fraud but will also increase and strengthen consumer trust in the evolving digital economy. Each central infrastructure and PSP/FI need to get their act together before APP-type fraud impacts their brands.