VOP Process Flow
VOP Process Flow
Section titled “VOP Process Flow”This page provides visual representations of the Verification of Payee (VOP) process flow based on the EPC VOP scheme specifications, including request/response sequences and scheme participant interactions.
Complete VOP Request/Response Process Flow
Section titled “Complete VOP Request/Response Process Flow”sequenceDiagram
participant Payer as Payer (PSU)
participant RPSP as Requesting PSP
participant RVM as RVM (Optional)
participant EDS as EDS
participant VPSP as Responding PSP
participant Payee as Payee Account
Note over Payer,Payee: SEPA Credit Transfer Initiation Context
Payer->>RPSP: Initiates SCT/SCT Inst with:<br/>• Payee name<br/>• IBAN<br/>• Optional: LEI/BIC/ID
rect rgb(240, 245, 255)
Note over RPSP,EDS: EDS Directory Service Lookup
alt Direct PSP Connection
RPSP->>EDS: Query Responding PSP details<br/>API endpoint + certificates
EDS-->>RPSP: Return PSP connection info
else Via RVM
RPSP->>RVM: Forward VOP request
RVM->>EDS: Query Responding PSP details
EDS-->>RVM: Return PSP connection info
end
end
rect rgb(245, 240, 255)
Note over RPSP,VPSP: VOP API Request Processing (HTTPS/TLS)
alt Direct Connection
RPSP->>VPSP: POST /vop/verify<br/>Content: JSON ISO 20022 elements<br/>Headers: X-Request-ID, Content-Type
else Via RVM
RVM->>VPSP: POST /vop/verify<br/>Content: JSON ISO 20022 elements
end
activate VPSP
VPSP->>VPSP: 1. Validate request format
VPSP->>VPSP: 2. Authenticate client certificate
VPSP->>VPSP: 3. Validate IBAN format
VPSP->>VPSP: 4. Check account existence
alt Name-based Verification
VPSP->>VPSP: Perform name matching:<br/>• Exact match<br/>• Fuzzy matching<br/>• Phonetic matching<br/>• Token analysis
else BIC-based Verification
VPSP->>VPSP: Match BIC against<br/>account holder BIC
else LEI-based Verification
VPSP->>VPSP: Match LEI against<br/>account holder LEI
else ID-based Verification
VPSP->>VPSP: Match ID (VAT, etc.) against<br/>account holder identification
end
VPSP->>VPSP: Generate match result:<br/>• MTCH (Match)<br/>• NMTC (No Match)<br/>• CMTC (Close Match)<br/>• NOAP (Not Applicable)
alt Direct Connection
VPSP-->>RPSP: VOP Response<br/>Status: 200 OK<br/>Body: partyNameMatch MTCH
else Via RVM
VPSP-->>RVM: VOP Response
RVM-->>RPSP: Forward VOP Response
end
deactivate VPSP
end
rect rgb(255, 245, 240)
Note over RPSP,Payer: Response Processing & User Notification
alt MTCH - Exact Match
RPSP->>Payer: ✅ Payee verified<br/>Payment can proceed
else CMTC - Close Match
RPSP->>Payer: ⚠️ Close match found<br/>Matched name: actual name<br/>Confirm to proceed?
else NMTC - No Match
RPSP->>Payer: ❌ Payee verification failed<br/>Check payee details
else NOAP - Not Applicable
RPSP->>Payer: ℹ️ Verification not available<br/>for this account
else Error Response
RPSP->>Payer: ⚠️ Technical error<br/>Try again later
end
end
Note over Payer,Payee: Payment Processing Continues Based on VOP Result
VOP Scheme Roles and Interactions
Section titled “VOP Scheme Roles and Interactions”graph TB
subgraph "Payment Service Users PSUs"
Payer[Payer<br/>Payment Initiator]
Payee[Payee<br/>Account Holder]
end
subgraph "Payment Service Providers PSPs"
RPSP[Requesting PSP<br/>Payers Bank]
VPSP[Responding PSP<br/>Payees Bank]
end
subgraph "Optional Intermediaries"
RVM[RVM<br/>Routing & Verification<br/>Mechanism]
end
subgraph "EPC Scheme Infrastructure"
EDS[EDS<br/>European Directory Service<br/>PSP Registry & Routing]
SR[VOP Scheme Rulebook<br/>Rules & Standards]
EPC[EPC<br/>Scheme Management<br/>Governance & Oversight]
end
subgraph "Technical Infrastructure"
API[VOP API<br/>HTTPS/TLS<br/>ISO 20022 JSON]
PKI[PKI Infrastructure<br/>Client Certificates<br/>Mutual TLS]
end
%% User interactions
Payer -->|1. Initiates SCT/SCT Inst<br/>with payee details| RPSP
Payee -->|Account relationship| VPSP
%% PSP interactions
RPSP -->|2. VOP Request<br/>direct or via RVM| VPSP
RPSP -.->|Alternative: Via RVM| RVM
RVM -.->|Forward request| VPSP
%% Directory service
RPSP -->|Query PSP details| EDS
RVM -->|Query PSP details| EDS
VPSP -->|Registered| EDS
%% Scheme compliance
RPSP -->|Adheres to| SR
VPSP -->|Adheres to| SR
RVM -.->|Adheres to| SR
%% Technical layer
RPSP -->|Uses| API
VPSP -->|Implements| API
RVM -.->|Uses| API
API -->|Secured by| PKI
%% Governance
EPC -->|Manages| SR
EPC -->|Oversees| EDS
EPC -->|Governs| API
%% Response flow
VPSP -->|3. VOP Response<br/>MTCH/NMTC/CMTC/NOAP| RPSP
RVM -.->|Forward response| RPSP
RPSP -->|4. Verification result<br/>& payment decision| Payer
classDef psu fill:#e8f4fd,color:#1f2937,stroke:#3b82f6,stroke-width:2px
classDef psp fill:#0066cc,color:white,stroke:#004499,stroke-width:2px
classDef infrastructure fill:#003366,color:white,stroke:#001a33,stroke-width:2px
classDef optional fill:#f3f4f6,color:#374151,stroke:#6b7280,stroke-width:1px,stroke-dasharray: 5 5
classDef technical fill:#065f46,color:white,stroke:#047857,stroke-width:2px
class Payer,Payee psu
class RPSP,VPSP psp
class EDS,SR,EPC infrastructure
class RVM optional
class API,PKI technical
EPC VOP Process Flow Description
Section titled “EPC VOP Process Flow Description”1. SEPA Payment Initiation Context
Section titled “1. SEPA Payment Initiation Context”- Payer (PSU) initiates a SEPA Credit Transfer (SCT) or SEPA Instant Credit Transfer (SCT Inst)
- Provides payee details: name, IBAN, and optionally LEI, BIC, or identification code
- Requesting PSP receives payment instruction and determines VOP verification is required
- Compliance with EU Instant Payments Regulation (IPR) requirements
2. EDS Directory Service Lookup
Section titled “2. EDS Directory Service Lookup”- Requesting PSP or RVM queries the European Directory Service (EDS)
- EDS returns Responding PSP’s API endpoint and certificate information
- Enables secure peer-to-peer communication between PSPs
- Supports both direct PSP connections and RVM-mediated routing
3. VOP API Request Processing
Section titled “3. VOP API Request Processing”- HTTPS/TLS connection established using mutual certificate authentication
- POST request to
/vop/verify
endpoint with ISO 20022 JSON elements - Request validation: format, authentication, IBAN syntax
- Account verification: existence check against IBAN
- Matching algorithms applied based on verification type:
- Name-based: Exact, fuzzy, phonetic, and token-based matching
- BIC-based: Business Identifier Code verification
- LEI-based: Legal Entity Identifier verification
- ID-based: VAT number, social security, or other identification codes
4. Match Result Generation
Section titled “4. Match Result Generation”- MTCH (Match): Exact match found, payment can proceed
- CMTC (Close Match): Similar match found, includes actual name for confirmation
- NMTC (No Match): No matching data found
- NOAP (Not Applicable): Verification not possible for this account type
- Processing time tracking and audit logging for compliance
5. Response Processing & User Notification
Section titled “5. Response Processing & User Notification”- Requesting PSP processes VOP response and notifies payer
- User decision based on match result (proceed, confirm, or abort payment)
- Payment processing continues based on VOP outcome and user choice
- Compliance reporting for regulatory requirements
EPC VOP Scheme Participants and Roles
Section titled “EPC VOP Scheme Participants and Roles”Payment Service Users (PSUs)
Section titled “Payment Service Users (PSUs)”- Payer: Initiates SEPA payments and receives VOP verification results
- Payee: Account holder whose details are being verified
Payment Service Providers (PSPs)
Section titled “Payment Service Providers (PSPs)”- Requesting PSP: Payer’s bank that sends VOP requests
- Responding PSP: Payee’s bank that processes verification requests
- Mandatory EDS registration and scheme compliance
Optional Intermediaries
Section titled “Optional Intermediaries”- RVM (Routing and/or Verification Mechanisms):
- Optional service providers that facilitate VOP requests
- Can aggregate multiple PSP connections
- Must comply with scheme rules and technical standards
EPC Scheme Infrastructure
Section titled “EPC Scheme Infrastructure”- EDS (European Directory Service):
- Central registry of participating PSPs
- Provides routing information and certificates
- Managed by EPC with operational oversight
- VOP Scheme Rulebook:
- Defines rules, practices, and standards
- Technical specifications and compliance requirements
- Regular updates and governance procedures
- EPC Governance:
- Scheme management and oversight
- Rule development and enforcement
- Participant onboarding and certification
Technical Infrastructure Requirements
Section titled “Technical Infrastructure Requirements”- VOP API: RESTful HTTPS endpoints using ISO 20022 JSON elements
- PKI Infrastructure: X.509 certificates for mutual TLS authentication
- Security Standards: EPC164-22 compliant cipher suites and protocols
- Monitoring & Reporting: Transaction logging and regulatory reporting
- SLA Requirements: Response time limits and availability standards
Operational & Compliance Requirements
Section titled “Operational & Compliance Requirements”- EU IPR Compliance: Mandatory for instant payments from October 2025
- Data Protection: GDPR compliance for personal data processing
- Security Standards: Regular security assessments and incident reporting
- Testing & Certification: EPC139-25 test case compliance
- Business Continuity: Disaster recovery and operational resilience