Authorised Push Payment (APP) fraud and misdirected payments are now crucial issues for both regulators and financial institutions throughout Europe. In response to a potential increase in fraudulent or incorrect transactions, the European Payments Council (EPC) has stipulated that banks and PSPs operating in the Eurozone must implement VOP services. In many cases, full deployment must be completed by early October. With such a tight deadline, these organisations have to balance a fast implementation with maintaining service continuity and security. They need to get VOP right the first time to avoid inconvenience to customers, and at the same time, keep a lid on implementation costs. That’s a tall order for any organisation, especially if there is little in-house experience with the relevant technologies, or they are processing thousands of transactions every day.
Deployment of VOP is unavoidable, and it has its own set of challenges. As a registered VOP vendor for the EPC, and with 30 years of experience in this field, XBP Europe understands the complexities involved. In this blog we share our experience, outline the top challenges, and show you how to navigate them effectively.
The challenges
Legacy systems are still around
Over the last decade or so, European financial institutions (FIs) have upgraded their IT infrastructure to comply with open banking legislation. They’ve had to embrace innovations like microservices and open APIs, but some developments are still a work in progress. To this day, important aspects of a bank’s day to day operations can still run on legacy infrastructure that’s not designed to support real-time account verification. To ensure any new VOP technology can talk to their incumbent systems, FIs need to find a flexible, cloud-based solution with secure APIs that can integrate with a legacy setup. This will help to provide seamless connectivity and peace of mind technical success and compliance.
Not all vendors have the right VOP experience
As Europe is such a diverse place, legislation on direct payments has grown up differently across the region. The level of experience with VOP varies. In the UK, Pay.UK legislation has traditionally required strong authentication and identity verification. This was achieved with Confirmation of Payee (CoP) services – the UK’s version VOP. In Europe, VOP is a different story as it spans multiple countries with differing account structures, IBAN formats, and compliance regulations. To ensure timely compliance, it’s crucial to work with a global vendor with a track record of putting these systems in place. XBP Europe has worked at the forefront of these implementations, and has decades of experience in this area.
Incorrect name matches add friction and risk
FIs must comply with VOP legislation on time, but without disrupting the customer experience. It’s tricky to achieve that. For example, business accounts or joint accounts can have multiple names associated with them. Traditional VOP checks may struggle to verify such accounts, leading to situations where incorrect name matches either increase the risk of fraud, or hold up transactions needlessly. A seamless, real-time verification process should run in the background during transactions. To achieve this, FIs should seek a VOP solution that has AI powered name matching technology, and is backed up by years of ongoing development. Any solution should incorporate machine-based learning, so its name matching capabilities continuously improve. Putting these things in place will deliver a more future-proofed VOP solution.
Costs and scalability are a concern
Costs and scalability issues are another issue – especially for organisations handling millions of transactions daily. They must quickly decide whether to bring this project in-house or outsource it. Often, there’s a large opportunity cost to a direct in-house implementation. It means high infrastructure costs, long lead times, and additional staff training. Once complete, there are ongoing operational costs, such as maintenance, upgrades, and compliance audits. It generally makes more sense to select a managed VOP solution with a scalable, pay-as-you-grow pricing model. This reduces capital expenditure while ensuring compliance and security updates. It also allows an FI to tap into capabilities like intelligent caching, real-time decisioning, and load-balancing techniques.
Other regulations can’t be forgotten
While striving to achieve compliance with VOP, FIs must also consider the impact on other legal requirements. VOP requires real-time account name checks, which may affect their standing with regard to GDPR, PSD2, and Open Banking security mandates. Mishandling personal data could lead to legal penalties and reputational damage. The chosen VOP solution should account for these factors by including end-to-end encryption, tokenisation, and secure APIs. This will ensure customer data is processed securely and meets global compliance standards.
Third parties have an impact on success
Even where all elements align for a successful VOP implementation, third parties can still impact on the end result. Not all banks and payment service providers (PSPs) participate in VOP schemes. If the payee uses a bank that does not support VOP, the verification process cannot be completed. Financial institutions should therefore work with providers that offer alternative verification methods, or integrate with multiple payment schemes. Additionally, VOP solutions rely on external data sources, frameworks, and third-party verification services. Any downtime or API failures in these services can disrupt VOP functionality. FIs should partner with providers that offer redundant data sources and failover mechanisms to ensure reliability.
It’s an ongoing process
Over time, cybercriminals will adopt new tactics like synthetic identity fraud, or manipulating account details to bypass VOP checks. In that context, the key is to look to the future, and find solutions with AI-driven fraud detection systems that analyse transactional behaviors and flag suspicious activity, beyond name verification. Continuous development and ongoing improvement also matter in a VOP solution, to ensure it can go the distance. Legislation and cybersecurity requirements are always changing, but with good planning and the right support, FIs can find a long-term solution that can evolve with their changing needs.
Take the next step
At XBP Europe, we provide a fully compliant, API-driven Verification of Payee (VOP) solution that integrates seamlessly with legacy and modern banking infrastructure. It also ensures compliance with Pay.UK, PSD2, and GDPR regulations, and reduces fraud through AI-driven identity verification. Want to get VOP right the first time? Book a free consultation today.