Confirmation of Payee (CoP) regulation: all you need to know

confirmation of payee regulation
IN THIS ARTICLE
Table of Contents
Like it? Share it

The CoP was launched in 2020 to lower payment fraud and errors in the UK. Today, 90% of faster payment methods are managed by the CoP. The EU will introduce similar Eurozone regulations, such as the Validation of Payee (VoP). This will develop further, so keep reading to learn what you need to know about the Confirmation of Payee regulation. Trustpair is an anti-fraud software that goes beyond the CoP. Our solution protects your company from third-party fraud, even with international suppliers, thanks to automated account validation.

 

New call-to-action

What is confirmation of payee?

Confirmation of Payee (CoP) is a verification system that checks if the name on the bank account matches the name of the intended recipient. CoP is used in the UK for digital payments for both personal and business accounts. To ensure the information is correct, users have to go through it when they:

  • Send a transfer to a new payee,
  • Establish a new standing order or direct debit,
  • Update payee sort code account number to other credentials.

The goal of the confirmation of payee regulation? To lower transfers sent to the wrong account, either through:

  1. Typing mistakes when entering the bank account details (sort code, bank account numbers, and name).
  2. Scams luring victims into sending money, like with Authorized Push Payment (APP) fraud.

How does CoP work?

The Confirmation of Payee regulation is quite straightforward. When entering a new recipient’s bank details, the payor must indicate the recipient’s name. The CoP services then check account details to ensure the name matches the bank’s records.

The system will carry out this verification automatically (and instantaneously) and will come back to the sender with a response.

There are four main possible answers:

  1. YES: all details match (sort code account number name).
  2. NO, BUT CLOSE: the name indicated is a close match (eg. : John Smith instead of John Smithh) which is likely due to a typo.
  3. NO: the account name doesn’t match account records.
  4. DATA UNAVAILABLE: there was a system error, or the account isn’t valid.

If the entered information doesn’t match the account, the payment initiator is then asked if they want to proceed with their transfer. This additional step creates another layer of protection against mistakes and fraud.

While the payment sender always has the final say, the confirmation of the payee puts the onus onto the payer to double-check payment details. They need to pause and ask themselves if they really trust the recipient in case of inconsistency (answers 2, 3, and 4) and assume responsibility for their decision.

To be effective, confirmation payee CoP must happen before the payment is initiated and processed by the banking establishment. It’s a peer-to-peer service with no centralized infrastructure, which works through an API.

What is the CoP calendar?

The Confirmation of Payee regulation was introduced in the UK in 2020. Originally, the CoP only applied to mobile and online payments. Its scope has broadened with the years, demonstrating the intention of making more payment methods secure.

The confirmation payee first became mandatory for the six largest banks in the country in June 2020, as specified by the Payment Systems Regulator (PSR). A few waves integrating more banking establishments into the CoP followed throughout the years.

More than 400 payment service providers (PSPs) have now adopted the CoP. All PSPs handling faster payments and CHAPS (Clearing House Automated Payment System) are due to abide by the CoP standards by October 2024.

Every day, about 2 million checks are completed on the CoP in the UK. Over 90% of faster payments (instant payment methods up to 24H) are managed through the system. It is now widely recognized as an anti-fraud tool and is due to be adopted in the EU through the Validation of Payee (VoP) regulation.

Learn more about instant payments in our latest white paper!

New call-to-action

Which banks are part of the confirmation of payee regulation?

The Confirmation of Payee regulation was set up by the Payment Systems Regulator PSR in the UK. Its goal: reduce fraud misdirected payments in the country.

This interbank system is managed by Pay.UK and works directly and indirectly with customers and payment service providers. While many big banks (such as Barclays, Halifax, HSBC, and Nationwide) were mandated to join in 2020, many have followed since.

The PSR regularly produces new directives calling for more banking establishments to implement CoP regulations. Payment service providers can also choose to join the regulation of their own accord by working with aggregators such as SurePay, Bottomline, and Banfico.

Those systems connect third-party banking establishments, customers, and businesses to the Pay UK CoP system. It allows smaller actors to benefit from the CoP’s added safety without having to wait. In the EU, the arrival of PSD3 will change the regulatory landscapes, no doubt including the VoP for all SEPA payments.

Why is the confirmation of payee regulation not enough to stop fraud?

An incomplete protection

While the Confirmation of Payee regulation was much needed to prevent push payment APP fraud, it isn’t enough to protect businesses against fraud. CoP only checks if the name on a recipient’s account matches with the intended beneficiary. That’s not nearly enough protection against common types of B2B payment fraud, where scammers come up with elaborate payment schemes.

For example in vendor fraud, criminals can create a fake company and ask you to pay for invoices for services or goods never delivered. The CoP would come back clear because the information matches, but it doesn’t help to check if the transaction is legal or legitimate.

Moreover, the CoP regulation only covers transfers sent to the UK. For companies with international suppliers, this creates a massive security gap. Scammers often have bank accounts located abroad, meaning the CoP doesn’t actually protect you against cybercriminal activity. Lastly, CoP still requires manual validation of payments — a task that’s both inefficient and error-prone.

Using Trustpair for 100% fraud protection

Fortunately, there is a solution that covers all the failings of the CoP and provides complete protection: Trustpair. Trustpair is an anti-fraud software that secures your payment chain from end to end.

Our solution automatically checks your suppliers’ bank account information to ensure your recipients are who they say they are.

Our software uses three-way matching to establish:

  • The bank account exists and is valid,
  • The name is correct,
  • Both sets of information match.

Where CoP only does a name match, we go in-depth to ensure the validity and legitimacy of the bank account you’re about to send funds to. We go further than CoP as we check account credentials against international databases — making working with vendors abroad 100% safe.

The automated account validation is done in real-time, in the background, so you always know who you’re paying. We use AI to identify suspicious activity and stop any fraudulent-looking transfer from being sent. Using Trustpair is safer and quicker than using manual validation method such as the CoP validation. 

Key Takeaways:

  • The CoP is a UK-based regulation that prevents push payment fraud and payment misdirections.
  • It’s enforced by PSR and managed by PayUK.
  • Most PSPs in the country use CoP nowadays.
  • While useful, this regulation isn’t enough to efficiently protect your business against third-party fraud.
  • Use Trustpair to ensure you send money to the right recipients, not criminals.

You’d like these articles

FAQ
Frequently asked questions
Browse through our different sections and find the answer to your question.

In theory, confirmation of payee CoP is only mandatory for certain banking establishments in the UK. In practice, most payment service providers nowadays use it for both person business bank accounts. More than 450 establishments have adopted it to fight APP fraud and lower transfer mistakes.

At first, only the six biggest banking groups used CoP: Barclays, HSBC, Lloyds, Nationwide, RBS and Santander. More than 450 banks building societies are now following the CoP regulation, with more planned to join. To know if your bank uses CoP, it’s easier to check their website or contact them directly.