As Verification of Payee deadlines approach, hesitation could generate serious risk

As we covered in a recent article, Banks should act now to cut risk and enhance their payment services, as payments go instant, the EU commission has set out an ambitious timetable to introduce Verification of Payee (VoP) as a regulatory requirement across the Single European Payments Area (SEPA). The plan is for VoP to be fully mandated by July 2027 for SEPA Credit Transfers by Non-Euro Area banks, and for all credit transfers in the EU by Q4 2027.

Action needed soon

However, banks are supposed to have a functioning VoP solution to connect to the EPC’s Directory Service (EDS) by June 2025. The EDS acts as a reference to confirm payee data across the continent and will effectively underpin VoP services throughout Europe. Banks are also supposed to test their VoP solution this summer so that these systems are operational by October 2025. In October itself, VoP services are to be ready by the fifth of the month, with all banks to be capable of sending SEPA instant payments by the ninth of October.

VoP has been introduced as a means of reducing misdirected payments and cutting fraud threats associated with instant payments. Where it is already in operation – in markets such as the UK and the Netherlands – it has proven strikingly effective, reducing all-cause fraud by 81% and misdirected payments by 67% in the Netherlands, for instance. VoP enables the verification of all parties to a transaction within five seconds, something that’s essential to the efficient functioning and security of instant payments – not to mention public trust in the system.

Despite VoP’s proven effectiveness, some banks seem to be considering opt-outs, as some of their corporate clients may choose not to request the service. In what follows, we explain why this is happening and why it might not be the best choice for most banks or their clients.

Uncertainty leads to hesitation

"banks considering an opt-out from VoP should be aware that liability for fraud in SEPA payments will shift to them."

Some banks expressing reluctance to comply with VoP mandates are citing current national laws (for instance, in Norway) which prohibit VoP-type services on the basis of data privacy, while others are said to be wary of the perceived expense of working with a Routing and Verification Mechanism provider, or RVM.

RVMs help banks to reduce complexity and risk by managing verification requests and responses between banks, supporting adherence to the Instant Payment Regulation, maintaining API interfaces and matching payee and payer names in-transaction. In short, RVMs help banks manage many of the challenges associated with VoP – including connecting with the EDS service offered by the EPC.

Banks considering an opt-out from VoP should be aware that liability for fraud in SEPA payments will shift to them. The huge increases in fraud related to instant payments seen in the US, India and other markets in recent years should give these banks cause to reflect on their choices. This is especially the case for those banks offering instant payments to corporate clients, a market that’s around three to four times larger than consumer payments and therefore carries the risk of higher losses if fraud remains undetected in the absence of a functioning VoP service. 

Some corporates may believe they are saving time by not prioritizing VoP-enabled payments. For example, higher-risk merchants who process batch file payments might worry that implementing VoP could interfere with their payment processing. However, this overlooks the fact that VoP occurs before a payment is sent and does not inherently delay batch file transactions. Additionally, other security measures—such as escalated authentication and AML controls—will still apply to these payments regardless of VoP. When VoP is successfully applied by the bank or payment provider, it can actually reduce the need for additional security checks, streamlining the process. In short, the assumption that VoP adds unnecessary delays or costs for corporates is mistaken.

In our next article, we’ll look at what banks and their clients are saying about VoP services – and how these concerns should be responsibly addressed through dialog and the selection of a knowledgeable, experienced partner for VoP integration and testing.

Tietoevry Banking is registered as a provider of RVM services for VoP solutions with the EPC. Through a partnership with Movitz Payments, Tietoevry Banking manages confirmation of identity for both payers and payees on banks’ behalf – adding an extra layer of security for both banks and their customers. As part of our RVM service, we manage requests and responses across transactions, plus advanced file handling capabilities that help banks manage the diverse requirements of corporate and individual customers.