Stop APP fraud with Verification of Payee
Authorised push payment fraud works because the payer is tricked into sending money to the wrong account. A name-vs-IBAN check before the payment exposes the mismatch — and stops the scam.
When the payer is the one who's fooled
Authorised push payment (APP) fraud is where a victim is manipulated into authorising a transfer to an account controlled by a fraudster — a fake invoice, a spoofed supplier, a "safe account" phone call. Because the payer approves it, traditional fraud controls rarely fire.
Misdirected payments are the same risk by accident: a single mistyped IBAN sends money to a stranger. In both cases the IBAN looks valid, so the payment goes through.
Verification of Payee attacks the common weakness: the name. By confirming that the payee name actually belongs to the IBAN before the transfer is authorised, VoP turns an invisible mistake into a visible warning.
Breaking the fraud at the last safe moment
VoP inserts a name check exactly where APP fraud succeeds — just before authorisation.
The lure arrives
A fake invoice or spoofed message gives the victim a fraudster's IBAN under a trusted name.
The name is checked
Before the payer confirms, VoP asks the payee's bank whether that name matches that account.
The mismatch surfaces
A 'no match' or 'close match' tells the payer the account does not belong to who they think.
The payer stops
With a clear warning at the point of payment, the victim pauses, verifies, and the scam fails.
Each outcome is a fraud signal
The same four VoP outcomes double as a fraud-risk indicator.
Match
Name and account agree — the expected, low-risk result.
Close match
Slightly off — could be a legitimate name variation, or an early sign something is wrong. Confirm before paying.
No match
The classic APP-fraud red flag: the account does not belong to the named payee. Stop.
Not available
No verification this time — treat an unverifiable new payee with extra caution.
An APP scam, with and without VoP
The same fraudulent invoice, played out two ways.
| At the moment of payment | Without VoP | With VoP |
|---|---|---|
| Fraudster's IBAN looks valid | Yes — payment proceeds | Yes — but the name is also checked |
| Name doesn't match account | Never noticed | Flagged before authorisation |
| Invoice-redirection fraud | Succeeds | Exposed by a name mismatch |
| Money recovery | Rare once sent | Avoided — the payment is stopped |
| Payer awareness | None | A clear warning at the right moment |
Protection for every payer
From a single transfer to a million-euro payment run.
Consumers
A clear warning before sending money to a new payee stops 'safe account' and purchase scams.
Businesses
Catch invoice-redirection and CEO-fraud before a supplier or payroll payment leaves the building.
Banks & PSPs
Reduce APP-fraud losses and reimbursement exposure while meeting the Instant Payments Regulation.
VoP and fraud, answered
How the check changes the fraud equation.
Authorised push payment fraud is when a victim is tricked into authorising a transfer to a fraudster — for example via a fake invoice or a 'safe account' call. Because the payer approves the payment, it bypasses most traditional fraud checks.
VoP gives the payer the missing piece of information — whether the name matches the account — at the exact moment they decide. A mismatch warning is often enough to break the spell of a scam.
Yes. A mistyped IBAN that happens to be valid would still send money to the wrong person. VoP catches that 'no match' before the transfer is authorised.
No. VoP is informative — it warns, but the payer decides. This keeps legitimate payments flowing while exposing the fraudulent ones.
No — it complements them. VoP closes the specific gap that APP fraud exploits (the unverified name) and works alongside sanctions screening, 3-D Secure and transaction monitoring.
The most common business APP scam is an invoice IBAN swap — a fraudster changes the bank details on a legitimate invoice. Verifying the supplier name against the IBAN before releasing the payment (per invoice or across a whole payment run) exposes the swap, so finance teams stop the fraud before the transfer leaves.
Instant transfers are irrevocable in seconds, so the safest control is to check the payee before sending. Verification of Payee confirms the name matches the IBAN in real time at the moment of payment — the single most effective way to avoid fraud and misdirected money on instant credit transfers.
Cut APP fraud with Verification of Payee
Talk to us about adding a payee name check before every euro transfer.