A closer look at the payee confirmation

Before entering the discussion, Mavadiya conducted an anonymous poll asking who in the audience could honestly say they know what a payee confirmation is. 31% answered “no”. Commenting on the results, she asked Kudlacik to start the session with an explanation of the history and current status of COP.

Kudlacik explained that in the Nordic countries, payee confirmation is already solved in isolated parts of the payment infrastructure. Examples of this include legacy services such as account inquiry in Sweden and Norway, operated by the local clearinghouses, which are file-based, batch-based and far from real-time, as well as peer-to-peer payments such as Swish, Vipps and MobilePay. What is missing, however, are regular payments from account to account.

“For account-to-account payments that we make to regular bank account numbers, we don’t rely on this type of validation and it can feel like sending money into a black hole,” Kudlacik explained. “We thought P27 would be the provider of a new payment infrastructure, they also had account security on offer. And this is where the Nordic Payments Council comes into play. We should be, and we are still the neutral organization that only has the documentation rules and standards. And even though we know at the moment that P27 will not provide the technical layer, our plan is still valid and will simply be delivered by someone else.”

Mavadiya then explained to the panel what this means in light of the European Commission’s recent mandate for immediate payments. Ross responded: “We’re seeing in a number of jurisdictions that there’s organizational adoption because of payee verification requirements, organically driven by the need to mandate that.” From a consumer perspective, that’s not a nice-to-have. have”. This has now been set as the benchmark for jurisdictions around the world to provide customers with a higher level of security than before.”

At this point, Kuclacik jumped in and explained that when discussing COP as a functionality, terms such as “payee confirmation,” “payee verification,” and “account verification” are used interchangeably. However, in this context, Payee Confirmation and Payee Verification (VOP) should be considered as two separate systems. Fransson agreed, adding that this means for banks in the Nordic countries that they have to comply with both systems – COP in domestic markets and VOP for euro payments outside their domestic market.

Mavadiya addressed the global perspective on COP and then asked the panel to share success stories of where Payee Verification (be it under this or another name) has been successfully implemented.

Ross started by talking about Britain. “The UK is a prime example of this. Since its launch in 2020, approximately 100 organizations have signed up for the service. They have now recently reached a milestone in COP calls reaching 2 billion total, and are averaging approximately 1.9 million COP calls per day. Now a new PSR regime is about to be introduced that will change the dynamics and is expected to increase the number of organizations subscribing to the service.”

Huguet cited the Netherlands as another example. “It’s been around for quite some time and the benefits to the community are huge in terms of preventing fraud but also building consumer trust in local payment channels and that’s pretty critical.” To give you some numbers, from the Netherlands: Implementing the solution there resulted in an 81% reduction in fraud cases and a 67% decrease in misdirected payments. And there are a number of jurisdictions that have adopted similar payee confirmation systems: Australia, India, Pakistan, China, Vietnam and Brazil. So they exist and they have proven their value to the ecosystem and to the domestic rails.”

However, the crux of these COP systems is that we move from a domestic perspective to a cross-border perspective. Ross rightly pointed out the need to think about how scalable domestic solutions are and how domestic infrastructure can be translated into a global context that allows for different jurisdictional rules and requirements. Interoperability must be a core design principle and not an afterthought.

On how to achieve this, Fransson said: “For this to work, it is important that we all work together – both globally and within regions. It is important to also have standardized APIs and standardized name checks.”

Fransson further described that there are two aspects that are holding banks back. The first is legacy solutions. If a bank has an outdated system that does not support APIs, any form of COP would fail as the checks would have to be performed manually. Second, outdated file-based systems present another problem, which leads to another point: Should all payments be instant? Or is faster enough? Bulk payments are not compatible with COP, so COP is actually a system designed for instant payments.

Finally, Fransson emphasized the need for algorithms that take close matches into account. Both too many false negatives and false positives can spell disaster for a financial institution and put the entire system at risk. If a COP scheme is to work, the finesse necessary to develop a solid name matching algorithm is required.

The conversation then shifted to fraud and the role of police officers in preventing fraud. Kudlacik emphasized that while COP and similar systems are useful in cases where fraudsters impersonate legitimate people, social engineering fraud makes it difficult for COP to prevent fraud. Huguet agreed that COP is not a panacea, but a crucial line of defense. Once an instant payment system is in place, it must be followed by a COP system that enables liability protection for financial institutions.

At the end of the conversation, Mavadiya asked the panel how far we are from interoperability for COP. Kudlacik noted that systems must exist first to connect the dots and ensure interoperability between systems. Ross compared the COP interoperability process to the current process of ISO 20022 migrations and explained that we need to harmonize communications to ensure we are using the same information.

Fransson pointed out the need for collaboration. There will be no one-size-fits-all solution across the globe, so standardized APIs and name checks are critical. Huguet agreed with standardization and mentioned that one of the biggest remaining obstacles is to resolve the issue of liability, as it is difficult to harmonize between jurisdictions.