IBAN-Name Check: A Strategic Defence Against Rising Payment Fraud

The rapid evolution of Europe’s payments infrastructure from batch-based systems to real-time, always-on platforms has introduced not only convenience and efficiency but also a new generation of risks. Among them, fraud related to account misdirection and social engineering has become particularly concerning. As regulators and banks race to secure SEPA Instant Credit Transfer (SCT Inst) ecosystems, a key measure is being introduced: the IBAN-Name Check, also known as Confirmation of Payee (CoP).

Mandated for rollout by October 2025 in SEPA countries, the IBAN-Name Check requires payment service providers to verify that the account name entered by a payer matches the IBAN associated with the recipient account before executing a payment. While apparently a minor technical step, its implications for fraud mitigation, consumer trust, and the integrity of Europe’s payments system are profound.

The urgency is underscored by one key fact: fraud rates on SCT Inst transactions are significantly higher than on traditional SCT payments. Industry data shows that SCT Inst transactions are up to ten times more likely to be targeted by fraud than regular SCT. The very qualities that make instant payments attractive: speed, finality, and 24/7 availability, also make them ideal tools for fraudsters. As many fraud analysts put it:

Instant payments are instant for everyone - including criminals.

As SCT Inst volumes rise across the EU, this heightened exposure poses systemic risks, not just to individual users, but to institutional trust in the payment’s ecosystem. The IBAN-Name Check directly addresses this vulnerability, providing a vital verification step before funds are released. By disrupting fraudulent transactions at the point of initiation, it offers an effective defence against the new generation of digital payment fraud.

The Growing Threat of Payment Fraud in the Real-Time Era

In traditional SEPA transfers, payments are executed based solely on the recipient’s IBAN. The beneficiary’s name, though included in the payment message, is not verified. This design, inherited from earlier clearing frameworks, assumed a level of trust and control that no longer exists in a digitized, open financial environment. The result has been a surge in fraud particularly in the context of instant payments.

Authorised Push Payment (APP) fraud is now one of the most common and damaging forms of financial crime across the European payments landscape. In APP fraud, the payer is deceived via phishing, social engineering, business email compromise, or fake invoices into initiating a legitimate payment to a fraudulent destination. Because the user authorises the payment, and instant payment systems settle irrevocably in real time, these transactions are often irreversible. Banks are left with limited recourse, and victims are frequently unable to recover their funds.

APP fraud includes far more than just impersonation of banks or service providers. Scams such as invoice fraud, fake job offers, romance and investment schemes, and other impersonation tactics all exploit the absence of recipient verification deceiving users into authorising payments to malicious IBANs under the false impression that they belong to trusted parties. The IBAN-Name Check is particularly effective at interrupting these types of fraud, where a mismatch between the name and the destination account can shatter the illusion of legitimacy.

IBAN-Name Check is well positioned to disrupt:

• Email phishing and impersonation schemes that involve an apparently trusted contact providing altered payment instructions.
• Fake invoice fraud in corporate settings, where a supplier’s payment details are subtly replaced.
• Advance fee and overpayment scams, where the victim is tricked into sending funds as part of a fraudulent transaction.
• Romance, investment, and emergency scams, where emotional manipulation pressures the victim to send money urgently.

While IBAN-Name Check is highly effective in these contexts, it is not a comprehensive solution. Certain fraud types including account takeover attacks such as via cyberattacks may not be stopped by a name-IBAN mismatch check alone. These cases require complementary controls such as device fingerprinting, behavioural analytics, and merchant verification. Even so, IBAN-Name Check addresses the largest and fastest-growing category of payment fraud: social engineering and misdirection at the point of payment.

By introducing a simple verification step before funds are irrevocably moved, CoP introduces a moment of reflection, disrupting the psychological momentum that fraudsters try to create. As fraud specialists often say:

Fraud thrives on urgency - CoP forces a pause.

How IBAN-Name Check Interrupts the Fraud Chain

By validating the match between the recipient’s name and IBAN prior to executing the payment, the IBAN-Name Check inserts a critical decision point into the transaction journey. It alerts the payer when the name and IBAN don’t align, giving them a chance to stop and reconsider.

For example, in a business email compromise scenario where an employee is tricked into paying a supplier to a new (fraudulent) IBAN, a CoP mismatch would alert the payer that the account doesn’t belong to the named supplier. In invoice fraud, where a criminal changes payment instructions in a legitimate invoice, CoP serves as a safeguard before funds are sent. In retail scams, CoP adds friction where there previously was none, disrupting the immediacy that fraudsters rely on to pressure victims into transferring money.

CoP is also effective against first-party fraud and mule account networks. Fraudsters opening accounts under false or synthetic names can be flagged when the IBAN-Name Check fails. Over time, banks can use recurring mismatch patterns to identify and isolate suspicious accounts, improving fraud intelligence and internal controls.

Quantified Results: The UK as a Benchmark

The effectiveness of IBAN-Name Check is not speculative. In the UK, the Confirmation of Payee (CoP) system has been live since 2020 under PAY.UK and offers compelling, data-backed evidence of its value.

According to UK Finance, the first year of CoP implementation led to a 15–20% reduction in Authorised Push Payment (APP) fraud across participating banks, with total fraud-related savings exceeding £100 million between 2021 and 2022. Individual institutions, such as Lloyds Banking Group, have reported that CoP prevents fraud in one in three high-risk transactions flagged by the system.

Crucially, this decline in fraud occurred even as the volume of instant payments in the UK continued to rise. Fraud did not scale with usage, a divergence largely attributed to CoP.

CoP didn’t just reduce fraud - it broke the correlation between speed and vulnerability.

According to behavioural data shared by service providers in the UK, when a name‑and‑IBAN match is returned, the vast majority of users proceed well over 90%. Conversely, a ‘no match’ result prompts most users to stop the transaction.

Even partial matches often lead users to pause, re-check the details, or contact the recipient directly disrupting the immediacy that fraudsters typically rely on to pressure victims into action. This behavioural checkpoint is often the decisive factor that prevents a successful scam.

The effectiveness of CoP is particularly pronounced against impersonation scams where a fraudster pretends to be a bank, government authority, or trusted service provider and invoice redirection fraud, where payment instructions are subtly altered. These fraud types rely on the assumption that users will trust the name provided. CoP breaks that illusion the moment a mismatch is detected. It forces the user to face a concrete inconsistency and provides a rational reason to stop. In social engineering scenarios, where psychological manipulation drives urgency, even a small pause can be enough to prevent loss.

Perhaps most significantly, fraud analysis shows that the majority of confirmed fraud cases concentrate within the “no match” category, validating CoP’s accuracy in flagging truly suspicious activity. This precision ensures that banks avoid overwhelming users with false positives while still intercepting high-risk transactions. The result is a system that not only reduces fraud, but also reinforces user trust, protects operational integrity, and limits financial exposure from post-fraud reimbursements.

A Structural Change in Risk Management and Trust

The broader impact of IBAN-Name Check goes beyond individual transactions. It represents a structural shift in how risk is distributed and mitigated in the payment’s ecosystem.

Traditionally, fraud prevention has been a back-end function: monitoring transactions after execution, attempting to recover funds, and analysing anomalies. CoP moves part of that function upstream empowering users to make informed choices and giving banks an early signal before money changes hands.

This upstream shift has significant downstream benefits. IBAN‑Name Check is expected to significantly reduce false beneficiary disputes across SEPA Instant by improving accuracy of payee validation. That reduction translates directly into fewer customer support calls, fewer investigation workflows, and lower internal operating costs. It also improves SLA performance and frees fraud and operations teams to focus on higher-value tasks.

From a financial standpoint, one of the most important effects of reduced fraud is the significant decrease in reimbursement obligations for banks. In markets such as the UK, where regulators are increasingly mandating reimbursement for APP fraud victims, CoP provides a critical cost control mechanism. As CoP gains traction, banks can expect not only fewer fraud incidents but fewer compensation claims, fewer legal disputes, and fewer reputational risks from cases that go public.

Preventing fraud is cheaper than correcting it - and infinitely better for trust.

The introduction of CoP also encourages better data quality. Banks must ensure that their internal customer records are clean, consistent, and matchable, driving improvements in KYC, customer onboarding, and CRM systems. These upgrades have benefits well beyond CoP, including enhanced credit scoring, AML compliance, and Open Banking integration.

Moreover, as Open Banking evolves and third-party providers (TPPs) initiate more payments on behalf of users, IBAN-Name Check becomes a key trust layer. It allows users to verify that the TPP is initiating a payment to the correct party, reinforcing confidence in embedded finance and API-based services.

A Competitive Advantage for Proactive Institutions

With the recent October 2025 deadline, the imperative to implement IBAN-Name Check is clear. But for forward-looking institutions, this is also a chance to gain competitive advantage.

Banks that adopt early can market CoP as a differentiator, offering customers greater security and peace of mind, especially for large-value or unfamiliar payments. This is particularly relevant for corporate clients managing high volumes of supplier transactions, where even one redirected payment can cause serious financial and reputational damage.

In addition, banks that invest now in intelligent CoP systems, those that incorporate flexible name-matching capabilities, account aliases, and graded alerting will be better positioned to scale the service across retail, corporate, and API-based channels. They will also be more resilient as regulatory scope expands to cover cross-border flows or digital identity integrations.

As trust becomes the currency of digital finance, IBAN-Name Check is not just a regulatory checkbox. It is a mechanism for reinforcing the bank’s role as a secure, reliable intermediary. It demonstrates to clients both individual and institutional that their provider takes proactive steps to protect their funds, not just after fraud occurs, but before it happens.

Conclusion: Securing Instant Payments at the Source

In the fast-moving world of SEPA Instant payments, where speed is critical and reversibility is limited, the best way to stop fraud is to prevent it at the point of initiation. IBAN-Name Check does exactly that. It introduces a pause for verification, a warning light for anomalies, and a protective layer for payers now they are most vulnerable.

Its impact is measurable. Its benefits are multi-dimensional. And its adoption is inevitable.

For banks and PSPs, the question is no longer whether to implement IBAN-Name Check, it is how quickly and strategically they can do so. Those that act early will not only reduce losses and regulatory exposure but also build deeper trust with clients in an increasingly hostile fraud environment. They will also avoid the rising financial and reputational burden of post-fraud reimbursements.

In a financial world defined by immediacy, trust must be engineered into every transaction. IBAN-Name Check is one of the most effective, targeted, and proven tools available to do just that.

Over Projective Group  

Projective Group is opgericht in 2006 en is een toonaangevende change specialist voor de financiële dienstverlening. 

We worden binnen de sector erkend als leverancier van complete oplossingen en werken samen met klanten in de financiële dienstverlening om oplossingen te bieden die zowel holistisch als pragmatisch zijn.  We hebben ons ontwikkeld tot een betrouwbare partner voor bedrijven die willen gedijen en bloeien in een steeds veranderend landschap van financiële dienstverlening.