The real-world impact of Verification of Payee

From 9 October, PSPs in the eurozone will be mandated to implement Verification of Payee (VOP) for all Single Euro Payments Area (SEPA) Credit Transfers and Instant Payments. While this represents a potentially significant leap in combating authorised push payment (APP) fraud, PSPs also face considerable pressure to meet a long list of obligations. Indeed, several unresolved challenges persist that could impact both consumers and corporates – with legitimate payments that would have sailed through just weeks earlier being met with new (and potentially unnecessary) friction.

With the deadline rapidly approaching, the implementation of VOP without nuance risks generating more confusion than clarity – and end users could be bombarded with multiple false alarms. Bulk payment processes, such as corporate payroll, might grind to a halt over minor errors, as many of the highly automated systems and processes that businesses use to handle bulk payments efficiently and cost-effectively are not ready to deal with VOP responses – and neither are individual consumers.

As PSPs race to be compliant ahead of the deadline, how can these real-world impacts be anticipated and navigated effectively? EBA CLEARING’s Fraud Pattern and Anomaly Detection (FPAD) offers a way forward. By combining VOP with additional FPAD indicators and owned data, PSPs can reduce unnecessary friction from false positives, as well as extend protection beyond APP fraud.

Avoid alert fatigue with smarter friction

“Do you accept these cookies?”

This is a question we are all faced with daily – and one that few internet users either understand or truly engage with. When a pop-up stands between us and the content we want to access, we often opt for the path of least resistance and simply click ‘accept’.

There’s a real risk that VOP, a vital defence against fraud, could suffer a similar fate: becoming so commonplace – with alerts triggered for every other credit transfer or instant payment – that it risks desensitising users to messages that should be acted upon. The key difference between accepting cookies and VOP messages, however, is that, instead of only giving away behavioural data used for tracking and targeting, consumers could be handing over their cash to fraudsters.

This is borne out in the data. At least 10% of valid transactions, where we see no fraud today, would not return a name match in October – and that’s before we even consider the grey area of ‘close matches’. This creates a bad kind of friction; or interruptions that confuse and frustrate the user, without improving security. In this kind of environment, users could simply ignore VOP alerts entirely, and, just like that, a layer of protection becomes background noise.

The smarter alternative is to focus on good friction; or intervention where it really matters. Rather than relying on name matches alone, PSPs could layer multiple risk indicators. For instance, they might also ask: Is the beneficiary account new? Has it been associated with recent fraud recalls? Does the transaction follow an unusual pattern?

This is where solutions like FPAD come in. They give PSPs the tools to tailor risk assessment: increase friction where it is really needed and reduce friction where network indicators provide more comfort. Such tailored friction will ask for more attention from the payer when the risk increases. For example, if there’s no name match but the account has a solid transaction history and the transaction shows a similar pattern, it could be flagged as low risk – and there would be no need to disrupt the payment. On the other hand, if there’s a no match and the account is new and linked to early fraud warnings, that’s when PSPs can prompt the user with a clear, deliberate alert.

Batch payments meet VOP: An upcoming compliance challenge?

Under the Instant Payments Regulation (IPR), PSPs are required to perform VOP on every credit transfer – including bulk payments, such as salary disbursements. While PSPs will need to shoulder this requirement by the 9 October deadline, the broader ecosystem – particularly corporates – may not yet be equipped to handle the implications.

Picture the scene: a new employee joins a company on 1 October 2025. Upon joining, the employee’s name and International Bank Account Number (IBAN) are entered into the payroll system, and, at the end of the month, the payroll file is compiled and submitted to the bank for processing.

Under the new rules, the bank must perform a mandatory VOP; checking that all names and IBANs in the batch file match. If the name entered into the payroll system differs even slightly from the name on file with the employee’s bank – for instance, if the employee uses their middle name or an abbreviation of their first name – the transaction may be flagged as a partial or non-match. As it is part of a batch file, the entire payroll would have to be paused until the issue is resolved.

Unfortunately, resolving such an issue is far from straightforward. Most corporate payroll and Enterprise Resource Planning (ERP) systems are not yet equipped to receive or process structured VOP feedback from banks. As a result, banks will have to return the information via a separate – and as yet undefined – channel. The corporate’s finance team would then need to extract the information; manually investigate the issue; contact the employee; confirm the correct details; and reprocess the payment. All the while, no one on the payroll will have been paid.

While work is underway to address these concerns, answering the technical challenge in the short term is unlikely. One approach could be for corporates to opt out of the VOP, but this might imply that they become liable for fraud losses.

Those entities that do opt out may wish to leverage EBA CLEARING’s FPAD solution. With FPAD, banks can help corporates verify the name of the payee when onboarding a new creditor ahead of performing a payment run. And, to avoid bad friction, the beneficiary name can also be validated against previously accepted names. The bank could make opting out an attractive alternative to a VOP-only check by offering broader risk insights on the beneficiary account as part of the verification process.

In the same payroll scenario outlined earlier, rather than waiting for the first batch of payments to run through the VOP check, the bank could verify the employee’s name and IBAN as soon as they are entered into the system; thereby giving the PSP and corporate customer the opportunity to fix any potential issues in advance.

Beyond the near-term challenges

The benefits of solutions like FPAD extend beyond meeting the near-term challenges of VOP. They place into the hands of institutions the power of pattern and anomaly detection, as underpinned by 22 billion transactions processed annually by EBA CLEARING’s retail payment systems across SEPA. Early adopters already report a 35% reduction in fraud rates – and expect this number to exceed 60% with the use of additional indicators.

By wielding FPAD in advance of the October 2025 deadline, our user community is given time to fine-tune its services and seamlessly integrate them into the payment solutions they offer to their customers. So as the finishing line approaches, make sure you are embracing good friction over bad – and avoiding potential disruption further down the road.

To learn more about EBA CLEARING’s FPAD system, click here.

Let’s discuss at EBAday 2025:

Joint EBA and EBA CLEARING lunch session “The practical benefits of fraud-fighting collaboration”

Learn more about FPAD, VOP and the practical benefits of fraud-fighting collaboration in a joint EBA and EBA CLEARING lunch session on Tuesday, 27 May 2025, 12:30 to 13:10 CET. The session takes place in room 2 and features a panel of RT1 and STEP2 users who will share their first experience with FPAD VOP.