Some think they can delay introducing Verification of Payee – here are the risks …

The first article in this series As Verification of Payee deadlines approach, hesitation could generate serious risk explained the European Payments Council (EPC)’s plans for the introduction of Verification of Payee (VoP) to secure instant payments. Magnus Hedenberg, CEO and Founder of Movitz Payments, outlines some bank and client concerns about VoP, and explains why delays to VoP’s introduction create significant risk.

Over the next five years, the shift to instant account-to-account payments will be the biggest single change in payments, just as significant as the broad economic digitalization since 2010. Small businesses will see dramatic improvements in cash flow as money moves between accounts within hours, rather than days, while consumers will enjoy far more choice in how they pay bills and manage their finances, no longer dependent on transactions that take days to settle. 

"new fraud attack vectors linked to instant payments are costing the industry billions in losses."

However, these new technologies are not without risk, as Tietoevry Banking has covered in the article Banks should act now to cut risk and enhance their payment services, as payments go instant. Fraudsters have developed new attack vectors such as Authorized Push Payment (APP) fraud that are costing industry billions. In response, the EU commission has mandated VoP to confirm the identities of payers and payees. Banks across Europe have access to the support of Routing and Verification Mechanism (RVM) providers to support them in the introduction and management of these complex VoP processes. At Movitz Payments, we’ve partnered with Tietoevry Banking to provide end-to-end RVM support for the verification of payers and payees.

Some banks still hesitating…

Despite in-market proof from the Netherlands, UK and elsewhere that VoP reduces all-cause fraud by 81% and misdirected payments by 67%, some banks are still reluctant to introduce this form of verification. There’s concern that VoP might breach national data privacy laws (in Norway, for instance), while others are concerned about the cost of working with an RVM provider.

However, banks should balance these concerns against the fact that liability for fraud losses in SEPA payments will shift to banks not using VoP. Given the huge increases in APP fraud linked to poor verification techniques during instant payments in the US and India – where APP fraud is set to hit more than $5 billion by the end of this year – banks should think carefully before taking this step, especially when it comes to the huge sums involved in B2B payments.

If banks believe that the manual resolution of exceptions identified by AML and other mandated regulatory routines is cheaper than introducing VoP, this is not correct. VoP represents an added layer of protection that’s built to function within the strict parameters (<5 seconds) of instant payments, and when working with the support of an RVM, is both a cost-effective and low-risk implementation.

Why some corporate clients are concerned…

Corporate clients – especially in higher-risk categories – are concerned about the delay in processing larger files of batch payments in the event that a single mis-match is discovered during the VoP routine.

As CEO and Founder of Movitz Payments, I speak with corporate clients frequently. During one recent conversation, a “C” suite corporate executive told me that, “We won't have time to introduce something automated or connected, we would like to use a manual service. Today that's offered by a service provider in the UK, we would like it to work the same but offered by a bank."

Here, the client is concerned both about the time and cost of introducing VoP as an automated process – and about its reliability. 

Another client “C” suite executive recently told me that, "we have a manual process for when setting up a new supplier or changing details via our Operations team. We would of course want this to be digitalized but we're afraid of the operational work from VoP if we can't validate our master data upfront."

These views – that manual processes will be sufficient, and that VoP takes significant time and expense to introduce – are open to challenge. That’s especially the case if one compares the costs of VoP introduction against the huge increase in fraud risk we’ve covered above – not to mention the fact that any exceptions discovered by manual or other automated processes will still have to be dealt with in any case. Far better to have an exception or possible fraud identified in near-real time, than to discover fraud after the fact or via a time-consuming, labour-intensive manual process. 

Finally, it’s worth making the point that clients – both retail and corporate – expect a smooth, secure and rapid experience from modern payments. Over the next five years, the widespread proliferation of instant payments will raise the bar on these expectations: in this context, the decision to rely on either manual processes or semi-automated exception management software for name matching and routing might best be described as questionable.

Magnus Hedenberg is Founder and CEO of Movitz Payments, a company that ha partnered with Tietoevry Banking to offer end-to-end RVM services to banks looking to introduce VoP ahead of the EPC deadlines later this year.