For payment services providers operating SEPA Instant Payments in non-Euro countries, Verification of Payee (VoP) phase two is both a regulatory deadline and a strategic inflection point. Phase two is not just about compliance, but about how trust, fraud prevention, and user confidence are being designed for improved payments outcomes.
During a recent webinar moderated by Bottomline’s Zhenya Winter, she framed phase two as a moment of choice. Payment Service Providers (PSPs) can treat VoP as a narrowly scoped regulatory project, she said, or they can use it to modernise their payments infrastructure and strengthen how trust is built into every transaction.
Phase one proved VoP can be delivered at scale. Phase two is about delivering it seamlessly, using it intelligently, and applying it across payments by July 9, 2027.
The advantage for phase two PSPs is simple enough: they’re not going first. The market has already solved many of the hardest structural problems. The opportunity now is to move faster, reduce risk, and turn regulatory investment into competitive capability.
Audience Poll 1
What VoP Phase One Proved
Panelist Frans van Beers of the Dutch Payments Association, and Chair of the European Payments Council’s VoP Rulebook Working Group, reminded the audience how ambitious phase one truly was. The EPC had to create a pan-European framework from scratch, align thousands of PSPs and vendors, and deliver a workable solution against a fixed deadline.
“When you consider the scale and the complexity,” he said, “the fact that this went live and worked as it did is a real achievement for the industry.”
That success was driven by pragmatic design choices. Existing domestic name-checking schemes in markets such as the Netherlands and the U.K. provided proven foundations. Regional VoP providers acted as concentration points, reducing the number of direct integrations each PSP needed.
The EPC directory service simplified routing without disrupting the payment path, enabling scalability without creating an operational bottleneck.
Van Beers described the directory as being “like the Yellow Pages. It tells you where to go, but it doesn’t control how you get there.” That architectural decision reduces complexity and helps the ecosystem scale more quickly.
There were early challenges. Some specifications lacked clarity; tooling arrived later than was ideal; interpretations varied across user communities. But the retrospective showed broad satisfaction. “Overall, the feedback was that people were content with the outcome, and there were no major structural issues,” as van Beers put it.
Customer acceptance became one of the strongest validation points. Concerns that VoP would introduce friction or confusion did not materialise where PSPs invested in clear communications so that most transactions returned clean matches. As van Beers said, “If you put a proper information program in front of it, customers understand very well what is happening and why it helps them.”
Bottomline’s Erez Nounou put the speed of delivery into sharp perspective by comparing VoP with the U.K.’s Confirmation of Payee (CoP) program. CoP took almost four years to reach roughly 400 PSPs, while VoP phase one reached more than seven times that scale in under a year. He called this “a staggering achievement,” adding, “It shows what is possible when the program is open, transparent, and collaborative from the start.”
For phase two PSPs, these details matter. VoP is no longer experimental; it’s fully operational. The benchmark is no longer whether it can be effectively delivered, but how efficiently and how strategically it is delivered.
Audience Poll 2
Why Phase Two Is More Than a Technical Project
VoP phase two covers non-euro SEPA countries, but not all of them start from the same legal position. EU countries operating non-euro currencies are generally on track for the July 2027 obligation. For non-EU markets such as the U.K. and Switzerland, VoP intersects more directly with privacy law and banking secrecy.
Progress is being made, but the frameworks are still evolving. For PSPs that are clearly in scope, adherence can begin now. Nounou is explicit on this point: “Phase two PSPs can and should start now. There is no advantage in waiting.”
He described VoP onboarding as two parallel tracks. Technical integration can largely be delegated to a VoP or routing and verification provider (RVM). Legal adherence, however, always remains the responsibility of the PSP. “You can outsource parts of the implementation,” he said, “but you cannot outsource accountability.”
Winter challenged the assumption that VoP is simply an IT project when it is, in fact, reshaping the payment journey. VoP introduces new on-screen messages, new customer decisions, and new operational workflows. It affects contact centres, dispute handling, and fraud operations. VoP also exposes weaknesses in account data. It introduces new security requirements around certificates and mutual TLS (mTLS). It touches both front-office and back-office systems and demands extensive end-to-end testing. Testing is one of the key areas that is always underestimated, and PSPs do this at their peril.
Nounou was clear on the organisational implications: “If VoP sits only in technology, you are already in trouble. This is a cross-functional program, whether you like it or not.”
Data Stratagems
Data quality quickly emerged as the single biggest risk multiplier. Language issues around diacritics, joint accounts, double-barreled names, and the difference between trading names and legal entity names directly affect match accuracy. VoP does not create these problems; it exposes them.
“VoP shines a very bright light on your data. If your data is messy, VoP will show you up very quickly,” Nounou said.
PSPs that invest early in cleaning and standardising account data achieve higher match rates, smoother customer journeys, and lower operational costs. Those that do not invest will face higher false mismatches and rising friction.
Matching logic is also a strategic decision. Unlike some domestic schemes, the VoP rulebook doesn’t prescribe a single algorithm. The PSP decides what constitutes a match, a close match, or a no match. Van Beers stressed this point: “The algorithm is the responsibility of the PSP. The scheme does not define it for you.”
That flexibility creates room for differentiation, but it also introduces risk. Too strict an approach increases friction. Too loose and fraud exposure increases. Nounou urged PSPs to make these decisions at a senior level: “You need to educate your stakeholders on what fuzzy matching really means, and what risks you are accepting.”
Security is another hidden critical path. Certificate generation and mTLS configuration consistently take longer than teams expect. Nounou noted that “getting certificates ready early can save you weeks later on,” especially as deadlines approach.
PSPs must also decide how account data will be conveyed to VoP providers, whether through APIs, bulk files, or hybrid models. Each choice carries implications for security, latency, operational control, and resilience.
Turning VoP into a Fraud and Trust Advantage
Winter was explicit that VOP should never be treated as a ‘tick the box’ exercise. It’s part of a wider shift toward pre-verification, where customers and regulators expect checks on the payee as standard for higher-risk and higher-value payments.
Van Beers described two layers of value. At the scheme level, VoP must remain efficient and interoperable. On top of that sits a commercial layer where PSPs and vendors can build additional services, provided privacy and legal limits are respected.
He cautioned that “VoP cannot become a hidden data-enrichment service.”
Looking ahead, he suggested that regulation may eventually require more structured use of commercial names for business accounts. If that happens, VoP could become an even more central part of how business identity is verified in payments.
Nounou described how PSP demand is already shifting. Conversations are moving beyond basic matching toward bulk processing for corporate payments, browser-based operational tools, interoperability with other schemes such as Confirmation of Payee and Bank Account Verification, deeper analytics, and fraud controls that treat VoP as one signal among many.
The Economics of Prevention
As mandatory reimbursement models expand, fraud losses increasingly sit with PSPs rather than users. That changes the economics of fraud prevention. VoP becomes valuable not as a standalone control, but as part of a wider decision framework that includes behavioural analytics, transaction monitoring, and customer risk profiling.
“VoP is a trust signal,” Nounou said. “Its real value comes from how you combine it with everything else you know about the transaction and the customer.”
International PSPs face an added challenge in managing multiple verification schemes, each with different rules and expectations. Nounou argued that working with specialist providers across schemes can reduce complexity, support consistent customer experience, and future-proof architecture. “Otherwise,” he said, “you end up rebuilding the same thing multiple times in slightly different ways.”
The executive memo goes like this: Phase one proved VoP can be delivered at pace. Phase two PSPs still have time, but delay is the biggest risk. Start adherence and internal planning now. Use phase one lessons to shorten delivery timelines. Treat VoP as a strategic fraud and trust capability, not merely a regulatory obligation.
“Pre-verification is the future,” Winter said. “If we are going to invest, we should make sure we get the maximum value from it.” VoP now has a rulebook. It’s then about defining how trust is built into payments for the next decade.