Verification of Payee (VoP): is it enough to fight fraud?

The Verification of Payee is a major part of the PSD3 (Payment Service Directive 3), specifically of the Instant Payment Regulation. Its goal: fight fraud in the EU by checking the bank account number matches the recipient’s account’s name. While it is a first step towards reducing fraud, it isn’t enough to fully protect your business. More details – and insights on how to go beyond VoP – in this article. 

Verification of Payee: Key Takeaways

• VoP goes live on 9 October 2025 across the EU, requiring banks to check that the account name matches the account number before executing payments.
• The goal is to reduce payment fraud and errors, especially in instant and cross-border SEPA transfers, by alerting companies when details don’t match.
• Limitations remain: VoP only applies within the SEPA zone and does not stop fraudsters using identity theft or compromised accounts. It also adds steps and frictions for the treasury team during the P2P. 
• Companies need to prepare by updating P2P processes, training finance teams, and ensuring ERP/TMS systems are compatible with VoP checks.
• VoP is a first step, not a full solution: firms should complement it with continuous account validation tools to prevent sophisticated fraud schemes at scale.

What is Verification of Payee?

Verification of Payee (or VoP) is a European scheme to protect payment system users against fraud. It is part of the Instant Payment Regulation (IPR), released in parallel to the new PSD3.

The European Union’s goals are clear: to reduce fraud while developing new payment methods and open banking throughout the SEPA zone. It is a similar measure to the UK’s Confirmation of Payee (CoP).

While private pre-validation services (like SWIFT) already exist within Europe, this measure will make it general and mandatory for financial establishments.

Specifically, the VoP scheme is here to protect users against Authorized Push Payment Fraud (also called APP fraud).

In this scheme, a criminal impersonates someone the victim-to-be trusts (a bank clerk, a mobile phone company employee, etc.) and asks them to accept a push notification under a false motive. By doing so, the victim sends funds without realizing that the recipient isn’t who they said they were.

Instant payment systems and (most) wire transfers are instantaneous and irreversible so by the time the victim recognizes the fraud, it is usually too late.

With the rise of instant payment — and instant payment fraud — VoP has become a necessary protection against APP.

With VOP, service users will now be asked to provide the name of their recipient when sending a transaction. Their Payment Service Provider (bank or financial institution) will check this name to see if it matches the records of the receiving banking establishment.

This ensures the identity of the account holder is clear, reducing the risk of impersonation.

How does verification of payee work?

The Verification Payee process is here to confirm the identity of the transfer’s recipient — the payee. Just like the Confirmation Payee regulation already implemented in the UK, VoP takes place before the money is sent.

The VoP involves several parties:

• Payer,
• Payer’s Payment Service Provider (PSP),
• Payee’s PSP, Payee.

Here is the VoP step-by-step process:

1. The payer enters the payee’s account details (sort code and IBAN) and name.
2. The payer’s PSP sends a request to the payee’s PSP to check the information matches.
3. The Payee’s PSP checks their record.
4. The payer’s PSP receives a response they communicate to their payer.
5. The payer decides to proceed, correct, or cancel the transaction.

The whole process is quasi-instantaneous, taking between 1 and 3 seconds (the mandatory response time dictated by the VoP scheme). Because of this, VoP doesn’t go against instant payment methods.

There are 4 answers possible from the payee’s PSP to the payee:

1. Match: the name given by the payer matches the payee’s.
2. Close Match: the payee’s name is close to the one given (there is likely a typo in the name entered).
3. No Match: the name given doesn’t match the one on record.
4. Verification is impossible: checks haven’t been made.

This process applies to the name of the payment counterparty (the payee), and takes place for businesses and natural persons.

Get all the details in our latest Fraud Flash video!

What is the VoP calendar?

Payment service providers have to offer VoP to all their customers by October 9th 2025.

The European Union voted the IPR in March 2024, giving financial institutions some time to develop and implement their VoP system.

Here’s the VOP scheme evolution calendar:

• March 2024: the EU accepted VoP.
• February 2024: three-month consultation on a draft VOP scheme rulebook.
• Mid-October 2024: publication of the first VOP rulebook.
• October 9th, 2025: VoP enters into force.

Payment Services Providers must offer VoP on all channels on which their customers can initiate payments: online and mobile banking, but also over the phone or in person.

The Instant Payments Regulation text published in the Official Journal of the EU states that VoP service is to be offered to PSP users at no additional charge.

VoP addresses both:

• SEPA instant and non-instant credit transfers.
• Individuals and businesses.

For businesses however, VoP isn’t nearly enough to protect themselves against financial fraud.

What are the limitations of VoP? 

VoP is a solid first step in securing transactions and shows that Europe is taking fraud risks seriously. However, the framework has several important limitations:

• Limited security scope: VoP only checks whether the beneficiary name matches the account holder’s name. Today, most fraudsters rely on identity theft, something VoP cannot detect. For instance, a bank may confirm that the account name matches, without realizing the account itself has been compromised by criminals. It’s also worth noting that banks are under no obligation to guarantee accuracy: they only need to return one of the four predefined statuses. 
• Restricted coverage: VoP applies only to transactions within the SEPA zone. For international payments outside SEPA, companies receive no additional protection, leaving them exposed to fraud originating in less regulated jurisdictions.
• Process inefficiency and delays: Because VoP happens at the very end of the payment chain, any “close match,” “no match,” or “not possible” result disrupts the payment. This can delay supplier payments, damage commercial relationships, and add friction to the entire payment process. Moreover, vague statuses like “close match” or “not possible” create confusion and slow down operations even further.

Companies should invest in fraud prevention solutions like Trustpair that cover the entire P2P (procure-to-pay) process and offer several control methodologies, securing processes from sophisticated schemes like vendor fraud or cyber fraud. Our solution instantly checks vendor bank account details thanks to access to international banking data sources. 

How should treasurers adapt to VoP?

To prepare for the rollout of VoP on 9 October 2025, companies should take several practical steps:

• Understand the scope: VoP checks whether the beneficiary’s name matches the bank account, but it does not eliminate all fraud risks, identity theft and more sophisticated scams remain undetected.
• Update P2P processes: Integrate VoP checks at the end of your payment cycle and put procedures in place for handling “close match” or “no match” results.
• Train teams: Educate Finance, Treasury, and Accounting departments on how VoP works, and highlight its limitations (e.g., fraud through identity theft).
• Adapt systems: Ensure your bank, TMS, or ERP systems are VoP-ready, and plan for any required technical integrations.
• Deploy complementary solutions: Implement continuous account verification tools (like Trustpair) to cover international payments and detect advanced fraud schemes.

VoP should be seen as a first line of defense, not a silver bullet. Businesses will need to embed it into a broader fraud prevention strategy to achieve full protection. Trustpair fills in the security gaps in your payment chain through automated account validation. With fraud schemes becoming more and more elaborate, using anti-fraud software is the only serious protection against fraud. 

Key Takeaways:

VoP is a European scheme that checks funds transfers go to their intended recipients. PSPs check the name given by the payee matches the one on the account. While this reduces APP fraud, it isn’t enough to protect businesses. Using Trustpair protects your company more thoroughly and against all types of third-party fraud.