This article is written by Trustpair

The CoP was launched in 2020 to lower payment fraud and errors in the UK. Today, 90% of faster payment methods are managed by the CoP. The EU will introduce similar Eurozone regulations, such as the Validation of Payee (VoP). This will develop further, so keep reading to learn what you need to know about the Confirmation of Payee regulation. Trustpair is an anti-fraud software that goes beyond the CoP. Our solution protects your company from third-party fraud, even with international suppliers, thanks to automated account validation.

What is confirmation of payee?

Confirmation of Payee (CoP) is a verification system that checks if the name on the bank account matches the name of the intended recipient. CoP is used in the UK for digital payments for both personal and business accounts. To ensure the information is correct, users have to go through it when they:

• Send a transfer to a new payee.
• Establish a new standing order or direct debit.
• Update the payee sort code account number to other credentials.

The goal of the confirmation of payee regulation? To lower transfers sent to the wrong account, either through:

1. Typing mistakes when entering the bank account details (sort code, bank account numbers, and name).
2. Scams luring victims into sending money, like with Authorized Push Payment (APP) fraud.
   

WEBINAR ALERT: Fighting Fraud in 2025: Are You Ready for the Next Generation of Threats?

Over 70% of businesses have experienced fraud attempts, and the financial impact continues to rise. As fraud tactics become more sophisticated, relying on outdated prevention strategies simply isn’t enough.

Join Tom A. (Senior Fraud Consultant UK at Trustpair) and our very own Royston Da Costa (Assistant Treasurer at Ferguson PLC) on February 20, 2025, at 11:00 AM for an essential webinar that will equip you with the latest insights and strategies to protect your organization from evolving AI-driven fraud threats. Moderated by Patrick Kunz, FRM QT

What you’ll learn:

• How cyber fraud is evolving with real-world AI-driven scams
• Why confidence gaps in fraud detection are widening and what it means for finance leaders
• How to leverage technology for real-time fraud detection
• Why breaking down organizational silos is crucial for effective fraud prevention

This session is tailored for finance professionals, treasury leaders, and risk managers who want to stay ahead of fraud risks.

How does CoP work?

The Confirmation of Payee regulation is quite straightforward. When entering a new recipient’s bank details, the payor must indicate the recipient’s name. The CoP services then check account details to ensure the name matches the bank’s records.

The system will carry out this verification automatically (and instantaneously) and will come back to the sender with a response.

There are four main possible answers:

1. YES: all details match (sort code, account number, name).
2. NO, BUT CLOSE: the name indicated is a close match (e.g., John Smith instead of John Smithh), which is likely due to a typo.
3. NO: The account name doesn’t match account records.
4. DATA UNAVAILABLE: There was a system error, or the account isn’t valid.

If the entered information doesn’t match the account, the payment initiator is then asked if they want to proceed with their transfer. This additional step creates another layer of protection against mistakes and fraud.

While the payment sender always has the final say, the confirmation of the payee puts the onus onto the payer to double-check payment details. They need to pause and ask themselves if they really trust the recipient in case of inconsistency (answers 2, 3, and 4) and assume responsibility for their decision.

To be effective, confirmation payee CoP must happen before the payment is initiated and processed by the banking establishment. It’s a peer-to-peer service with no centralized infrastructure, which works through an API.

What is the CoP calendar?

The Confirmation of Payee regulation was introduced in the UK in 2020. Originally, the CoP only applied to mobile and online payments. Its scope has broadened with the years, demonstrating the intention of making more payment methods secure.

The confirmation payee first became mandatory for the six largest banks in the country in June 2020, as specified by the Payment Systems Regulator (PSR). A few waves of integrating more banking establishments into the CoP followed throughout the years.

More than 400 payment service providers (PSPs) have now adopted the CoP. All PSPs handling faster payments and CHAPS (Clearing House Automated Payment System) are due to abide by the CoP standards by October 2024.

Every day, about 2 million checks are completed on the CoP in the UK. Over 90% of faster payments (instant payment methods up to 24 hours) are managed through the system. It is now widely recognized as an anti-fraud tool and is due to be adopted in the EU through the Validation of Payee (VoP) regulation.

Which banks are part of the confirmation of payee regulation?

The Confirmation of Payee regulation was set up by the Payment Systems Regulator PSR in the UK. Its goal: reduce fraud misdirected payments in the country.

This interbank system is managed by Pay.UK and works directly and indirectly with customers and payment service providers. While many big banks (such as Barclays, Halifax, HSBC, and Nationwide) were mandated to join in 2020, many have followed since.

The PSR regularly produces new directives calling for more banking establishments to implement CoP regulations. Payment service providers can also choose to join the regulation of their own accord by working with aggregators such as SurePay, Bottomline, and Banfico.

Those systems connect third-party banking establishments, customers, and businesses to the Pay UK CoP system. It allows smaller actors to benefit from the CoP’s added safety without having to wait. In the EU, the arrival of PSD3 will change the regulatory landscapes, no doubt including the VoP for all SEPA payments.

Why is the confirmation of payee regulation not enough to stop fraud?

An incomplete protection

While the Confirmation of Payee regulation was much needed to prevent push payment APP fraud, it isn’t enough to protect businesses against fraud. CoP only checks if the name on a recipient’s account matches with the intended beneficiary. That’s not nearly enough protection against common types of B2B payment fraud, where scammers come up with elaborate payment schemes.

For example, in vendor fraud, criminals can create a fake company and ask you to pay for invoices for services or goods never delivered. The CoP would come back clear because the information matches, but it doesn’t help to check if the transaction is legal or legitimate.

Moreover, the CoP regulation only covers transfers sent to the UK. For companies with international suppliers, this creates a massive security gap. Scammers often have bank accounts located abroad, meaning the CoP doesn’t actually protect you against cybercriminal activity. Lastly, CoP still requires manual validation of payments—a task that’s both inefficient and error-prone.

Using Trustpair for 100% fraud protection

Fortunately, there is a solution that covers all the failings of the CoP and provides complete protection: Trustpair. Trustpair is an anti-fraud software that secures your payment chain from end to end.

Our solution automatically checks your suppliers’ bank account information to ensure your recipients are who they say they are.

Our software uses three-way matching to establish:

• The bank account exists and is valid.
• The name is correct.
• Both sets of information match.

Where CoP only does a name match, we go in-depth to ensure the validity and legitimacy of the bank account you’re about to send funds to. We go further than CoP as we check account credentials against international databases—making working with vendors abroad 100% safe.

The automated account validation is done in real-time, in the background, so you always know who you’re paying. We use AI to identify suspicious activity and stop any fraudulent-looking transfer from being sent. Using Trustpair is safer and quicker than using manual validation methods such as the CoP validation. 

Key Takeaways:

• The CoP is a UK-based regulation that prevents push payment fraud and payment misdirections.
• It’s enforced by PSR and managed by PayUK.
• Most PSPs in the country use CoP nowadays.
• While useful, this regulation isn’t enough to efficiently protect your business against third-party fraud.
• Use Trustpair to ensure you send money to the right recipients, not criminals.

Read More from Trustpair

• Account takeover protection strategies for your business
• Bank statement fraud: how to avoid it?
• Fraud detection models and machine learning: All you need to know
• What is enterprise risk management (ERM)?
• Instant Payment fraud: Head of Antifraud at UniCredit gives best practices
• AI for Fraud Detection: The Complete Guide
• BEC: A Cybersecurity Challenge for Businesses
• PSD3: The main changes to come for your business
• CEO fraud: How to Protect your Organization from Fraudsters?
• What are the benefits of digital transformation?
• The 7 ways to recognize phishing and avoid it
• How to improve payment security for treasury & finance teams
• How API and ERP Integrations Are Transforming Corporate Treasury

Join our Treasury Community

Treasury Masterminds is a community of professionals working in treasury management or those interested in learning more about various topics related to treasury management, including cash management, foreign exchange management, and payments. To register and connect with Treasury professionals, click [HERE] or fill out the form below.