Financial scams like Authorised Push Payment (APP) fraud cost Europeans billions and became a growing threat to individuals and corporations alike. We'll explore the EU's push for mandatory Verification of Payee (VoP) solutions to safeguard against fraud. The challenges of cross-border implementation, scheme participation, and customer experience are explored, alongside with innovative solutions. With new regulations fast approaching in 2025, how can banks not only comply but also innovate to enhance customer trust and security
A Costly Mistake: The Rising Threat of Financial Scams
When Maria sent the 5.000 Euros to her sister’s new bank account, she made sure that everything was correct: the amount, her sister’s new IBAN, the name. She took it right from the message her sister had sent her earlier that day. A week later she found out that while the name was her sister’s, the bank account behind the IBAN was not, and the money was taken by a scammer. What happened to Maria happens to countless people every month in private and corporate context, where the damage of “CEO fraud” sometimes runs into the millions.
Authorised Push Payment (APP) fraud has become a significant issue across Europe.
One way to fight this cyber-crime is IBAN/name checking, a mechanism that ensures that the account identifier and the account owner of the payment beneficiary match. Also known as Verification of Payee (VoP). As instant payment becomes the standard, this issue grows even more critical because the timeframe to stop a fraudulent transaction shrink from hours to mere seconds.
Fast-Tracked Mandate: Urgent Deadlines for Cross-Border Payment Verification
The example above highlights why the EU has chosen to enforce the use of SEPA SCT Inst on payment institutions but also to make IBAN/name checking mandatory. The regulation is progressing rapidly, with a challenging timeline: Eurozone Payment Service Providers (PSPs) must implement these changes by October 2025, Non-Eurozone PSPs have until July 2027.
Several challenges must be tackled at the bank level, as well as at both national and international levels. It is crucial that both SEPA payments and Verification of Payee (VoP) work instantly, even for cross-border transactions. This is particularly important for payment institutions in smaller countries.
Routing and Connection
To perform real-time VoP checks, PSPs should be able to connect with all the other PSPs in the EU market. Although some PSPs can be reached through existing schemes (e.g., SEPAmail), most cannot. Additionally, many countries lack schemes or directories that enable them to quickly connect the sending institution with the receiving institution to check and verify payment details. Unlike in the UK, the EU mainland has only just begun to establish central directories, most notably the European Payment Council (EPC).
Scheme Participation and API Standards
When it comes to cross-border payments, it is often necessary to be part of a scheme to address a PSP that is member of that respective scheme. However, not every PSP will be able to join every other scheme. And sometimes, direct membership is simply not possible. In these cases, indirect memberships or a sponsored membership through a scheme member may be a solution.
Sending VoP requests between different schemes will involve scheme fees that need to be paid by the requesting PSP. We see different commercial models in the market, where the sponsored PSP or aggregator PSP charges a portion of scheme membership and transaction fees to PSPs from other schemes.
To make matters worse, each scheme may have its own API standards, which further complicates access. Commercial providers like adorsys partner Banfico are stepping in to fill the gaps, acting as Routing and Verification Mechanism (RVM) with unified connections to schemes and scheme sponsors.
Matching Algorithms and End User Experience
Customer-focused banks are likely aware that IBAN/name checking is not a black-and-white decision. The user experience largely depends on how mismatches are handled and communicated to the user. A simple match/no-match algorithm would not be effective, as small typos or a missing apostrophe could result in denials and frustration. A smart, learning algorithm considers multiple name fields and data interpretation to accommodate small deviations or regional peculiarities. In these cases, the sending user is interactively informed and guided, while unmistakable warnings are issued if real fraudulent activity is detected. Designing and building a user experience like this requires experience and reference data from as many connected markets as possible.
Compliance, International Connectivity and Customer Satisfaction as a Service
To provide a one-stop full-service solution to European banks, Banfico and adorsys decided to partner. Banfico, a UK-based Banking as a Service provider with over 50 customers, supplies the platform. While, adorsys, a Germany-based IT-solution provider with more than 18 years of experience, rapidly integrates the solution with the PSPs core systems.
Banfico’s Account Verification Service (AVS) reduces fraud and misdirected payments, resulting in significant savings on liability costs and administrative overhead – and, most importantly, increased customer satisfaction. In addition, AVS offers connectivity to European and Global schemes, effectively reducing cross-border payment complexity and addressing all the challenges in a highly flexible manner.
Banfico AVS provides access to a growing number of payment schemes and associated services like VoP.
adorsys has helped dozens of banks in Europe build, integrate, secure, and operate new businesses processes. They are the leading provider of open-source frameworks for open banking and identity management (e.g., Keycloak), used by hundreds of financial institutions worldwide. Experienced consultants, IT-architects and developers sourced from their own global delivery centers in Germany, Romania and Cameroon provide guidance and service with highest quality standards at competitive rates. This makes adorsys a trusted and reliable partner for any integration project, including operational support for building for long-term relationships.
Business Opportunities Beyond Regulatory Requirements
Given the rapid pace of development, there remains ample room for innovation, creativity, and business opportunities. Many regions are in the process of defining and building schemes or joining existing ones. Central banks and competent authorities are considering the establishment of central financial hubs, and PSPs may become scheme sponsors. In the light of this, and with new waves of regulation for Open Finance (e.g. FIDA) and Digital Identities (EU DI), there are numerous opportunities for both incumbent players and start-ups to provide value-added services to national and international customers.
Author: Stefan Weiss, Director Banking & Open Finance at adorsys
