Verification of Payee – a field report

The perspective of private customers as payers

For private customers – or, in legal terms, consumers – verification of payee is simple and straightforward in practice.

Most bank customers are likely to be familiar with the function from online banking or the banking app on their mobile phones. There, VoP is seamlessly implemented in the payment process.

Either after entering the IBAN and the recipient’s name, or at the latest before final approval, the payer is briefly paused and informed of the result of the name check.

The Instant Payment Regulation was developed primarily with consumer protection in mind and with a focus on private customers. Accordingly, it allows less leeway in this area than in other cases, which will be considered later on.

Single payments generally predominate when using internet applications or app banking. Furthermore, there is no provision for opting out.

The perspective of private customers as payment recipients

On the recipient side, implementation is also largely uniform for private customers. If the first and last names match in the correct or reversed order, this is usually considered a ‘match’. The use of initials or only the last name results in at least a ‘close match’.

It becomes more complex for merchants and tradespeople whose account is formally in the name of the owner. For example, ‘Müller Tyre Service’ may be prominently displayed on an invoice, but the payer will only receive a VoP match if they transfer the money to the owner, ‘Michael Müller’. If they transfer to ‘Müller Tyre Service’, the payer will receive a ‘no match’ by default.

However, I would like to point out the possibility of an ‘alias’ here. In this case, the recipient bank additionally stores an obvious alternative name. This allows ‘Reifenservice Müller’ to return a match as the recipient name.

The perspective of corporate customers as payers

The situation is quite different for corporate customers. They regularly create files containing multiple payments. They do not usually use internet banking or mobile phone apps, but rather specialised programmes that use EBICS for bank communication. EBICS, however, does not allow for genuine dialogue because the connection is immediately disconnected once the customer has transferred the file.

Against this background, the EU has provided for an exception: non-consumers may waive the verification of payee if they submit multiple payment orders in a bundle. This so-called opt-out process corresponds to the normal payment process as it was customary before 5 October 2025: transmission of the payment to the bank and subsequent immediate execution. This exception is mentioned in Article 5C (6) of the IP Regulation and is also restricted:

(6) Payment service providers shall allow payment service users who are not consumers to waive the verification of the payee when they submit multiple payment orders as a bundle.

The opt-out therefore applies exclusively to payment files with at least two transactions.

Analyses show that between 30 and 50 per cent of all file submissions to German banks contain only a single transaction. These cases would therefore fall under the VoP obligation.

This meant that a very sharp sword of Damocles hung over corporate customers and banks, as many bank communication system houses and thus corporate customers would not have been able to complete the changeover in time.

It was not until August 2025 that BaFin finally relented and granted a waiver: banks that continue to allow their corporate customers to submit individual payments without a VoP check will not be sanctioned for the time being, even though this strictly speaking violates the wording of the IPR. This means that German banks can continue to offer their corporate customers the previous processes without mandatory VoP checks.²

Technically, a viable solution had to be found, especially for EBICS customers – i.e. the majority of German corporate customers. This was found in the ‘distributed electronic signature (VEU)’ standard. The file containing the transfer orders is sent separately from the electronic signature(s). This enables the following process:

1. Sending the payment file with a special EBICS order type (CTV for SEPA payments, CIV for real-time payments).
2. The file can be submitted without a signature. If it is signed nonetheless, the bank initially ignores this.
3. The bank ‘parks’ the file and carries out the VoP enquiries with the recipient banks for all transactions contained therein.
4. The aggregated VoP responses – based on the replies from the respective recipient banks – are provided in a pain.002 file.
5. The client can retrieve and analyse this file using the VPZ order type.

The corporate customer must then decide whether to approve the entire payment file or not. Approval is given by means of a subsequent electronic signature (order type HVE or HVS).

It is important to note that approval can only be given for the entire file. Partial approval – for example, only for ‘match’ and ‘close match’, but not for ‘no match’ – is not currently planned. After each analysis of the pain.002 file, the client is therefore faced with a binary decision: full approval or full rejection. Approval is technically possible even if all transactions show a ‘no match’. I have already described this process in detail here.

For corporate customers, voluntary use of VoP means significant adjustments to processes and software. Many corporate customers have therefore not yet implemented the VoP concept.

Added to this is the lack of clarity in the distinction between consumers and non-consumers: what is relevant here is the account holder and not the person who initiates a payment.

A particularly relevant example is property managers. They often also manage the accounts of homeowners’ associations, and these WEG accounts are classified as consumer accounts. This means that there is no opt-out option for them.

Although the property manager itself is a corporate customer, for example as a limited company, it makes payments via accounts that are defined as private accounts. This means that the obligation to verify the payee applies with all its consequences: conversion or setup of the software and VEU approvals.

The perspective of corporate customers as payment recipients

In particular, the notes in the event of a ‘no match’ can cause uncertainty among less experienced payers. Out of concern for a misdirected transfer, the payment will not be released in case of doubt. This has immediate consequences for corporate customers: missing incoming payments, additional reconciliation work and unnecessary commitment of internal resources due to queries.

Companies should therefore urgently check whether their invoices show the exact recipient name that is stored at their bank. Alternatively, it may be useful to agree on alias names with the bank. However, not all institutions offer this service, which is sometimes subject to a fee.

Customer-oriented banks go one step further and carry out alias analyses. They evaluate which recipient names payers actually use and make this information available to their corporate customers. An analysis of your own account turnover data (e.g. from camt.053 files) can also provide valuable information.

How is a close match defined?

I have already referred above to the lack of a precise definition of a ‘close match’. Some banks use the so-called Levenshtein distance, in which every letter deviation is counted. While some banks allow a maximum of two deviations, others allow three. Still others use alternative methods, including AI models.

There are also differences in the treatment of company names: some banks require the exact word order as entered in the commercial register. Others consider the order irrelevant and apply the Levenshtein distance to each individual word.

Implementation of VoP in Austria

A look at Austria reveals a slightly different picture. Some banks only offer Verification of Payee (and also Instant Payments) in EBICS version 3.0. EBICS 2.5 does not offer VoP, but customers can use this to circumvent the VoP requirement for a transaction. Of course, the BaFin tolerance does not apply to Austria.

Conclusion

msg for banking has already implemented the VoP process for several customers. These are primarily corporations with a large proportion of changing or new payees. However, the majority of our customers have so far refrained from implementing it. In view of the unclear duration of BaFin’s tolerance, we are not currently undertaking any further implementations.

For customers who are required to use Verification of Payee or who choose to do so voluntarily, the process is relatively complex, especially in conjunction with the Distributed Electronic Signature (VEU) in the EBICS environment. The previous clarity of the payment process is diminishing. Approval officers must take action again at a later point in time to grant final approval after evaluating the VoP feedback.

In addition, there is currently no automated evaluation and processing of close match feedback. A systematic process for updating creditor or debtor master data – which could significantly improve data quality in the medium to long term – is often not yet established.

VoP is therefore not only a regulatory issue, but also a catalyst for process quality and master data governance. Those who make strategic use of its introduction can achieve sustainable added value beyond mere compliance.