Navigating the new Verification of Payee Rulebook

Major Changes and Their Impact

The Verification of Payee (VoP) is one of the most challenging requirements within the Instant Payment Regulation, defining the mandatory obligation for all payer banks to check the beneficiary's name before executing a payment. This can only be achieved by consulting the beneficiary’s bank, which creates a strong need for standardization and interoperability among European banks. To support this interoperability, the EPC has defined an appropriate VoP Scheme.

In February 2024, the EPC launched a public consultation on the initial draft version of the Rulebook for the Verification of Payee (VoP) Scheme. With the deadline in May, the EPC received more than 400 comments and questions from almost 50 contributors. After four months of work, they have now published the first released version of the Verification of Payee (VoP) Scheme Rulebook.

This blog outlines the major changes introduced in this new version.

VoP request processing

• The Requester and the requesting PSP can agree that name verification may be fully replaced with an unambiguous additional Identification Code matching (such as a fiscal or VAT number). Consequently, the name of the payee is optional for legal persons (but still mandatory for natural persons), and the supported VoP request types, matching result scenarios (source: new EPC rulebook), and affected attributes and data elements have been adjusted accordingly.

• An updated flow diagram (source: new EPC rulebook) now includes Routing and Verification Mechanisms (RVMs) and the new EPC Directory Service. This includes the step for the requesting PSP to check the access to the responding PSP using a local copy of the EDS, and for the responding PSP to check the requesting PSP. Furthermore, it is explicitly mentioned that all messages must be processed and sent immediately.

• An updated overview of the actors in the VoP model (source: new EPC rulebook). The figure shows both the relationships between the PSPs and the RVMs, as well as the interaction between both and the Directory Service (EDS).

• The maximum request execution time has been extended from 3 to 5 seconds (preferably 1 second or less).
• In the case of multiple account holders, at least the first name and last name of one of the account holders should be provided by the Requester. If the verification results in a CLOSE-MATCH, the responding PSP will only provide the exact name mentioned in the request (this is also related to GDPR).
• The role of Intermediary PSPs has been removed.

EPC Directory Service (EDS)

• The EDS stores all required operational data for reaching participating PSPs, such as identification, URLs, and endpoints. All participants must store their data in the directory
• The directory will be used by requesting PSPs to obtain the necessary routing information for the responding PSP and verify its participation in the scheme. Responding PSPs must also declare in the EDS their support for additional Identification Codes, allowing requesting PSPs to determine whether it is useful to include them in the request. The directory will be used by responding PSPs to check whether the requesting PSP is a participant in the scheme.
• As part of the Routing and Verification Mechanism (RVM), providers need to regularly access the EDS to import updated data into their local directories, which will be used for request routing

Security Standards and API Specification

• The VoP Scheme Inter-PSP API Specifications set out the rules for implementing the Verification of Payee request and the Verification of Payee response.
• The publication of the API specification is still scheduled for October 2024.
• The API Security Framework constitutes binding supplements to the rulebook.

Recommendations for the Name Matching

• Support for Commercial Names in addition to the legal name for the responding PSP. It is up to the responding PSP to collect reliable information and use it in the verification process.
• The extension of the MATCH scenario for legal persons: A MATCH will also be accepted if the commercial name is provided and entirely correct.
• Responding PSPs are strongly recommended to advise payees to communicate their exact and complete official names to payers in order to reduce unnecessary NO-MATCH responses and friction during payment initiation.
• The scenarios for CLOSE-MATCH have been separated for natural and legal persons, and some patterns have been added.
• For Identification Codes, CLOSE-MATCH is not possible, only MATCH or NO-MATCH.
• The recommended data clean-up for Identification Codes has been removed.

This new version of the VoP Rulebook introduces important details that help advance the deployment of the new European service in line with the established timeline. But two key milestones remain: the publication of the detailed API specifications and later, details for the EPC Directory Service (including API, data, and processes).

If you have further questions, please contact us. We can assist you with our knowledge as well as with our Worldline Verification of Payee product.