Verification of Payee (VoP)

Overview

Verification of Payee (VoP) is a real-time verification service that confirms whether a provided name or company identifier matches the actual bank account holder of a given IBAN. By validating beneficiary identity before payment execution, VoP helps prevent fraud, reduce payment errors, and build trust in financial transactions.

Key Benefits

• Prevent fraud and misdirected payments before they occur
• Reduce operational costs by eliminating manual document collection and verification
• Increase trust and transparency in financial transactions
• Automate IBAN verification within your existing workflows
• Improve payment success rates and reduce exception handling
• Ensure regulatory compliance with the EU Instant Payments Regulation (when applicable)

Regulatory Context

As of October 9, 2025, VoP verification becomes mandatory for regulated entities (banks and payment institutions) under the EU Instant Payment Regulation. However, VoP's value extends beyond compliance—it's a powerful risk mitigation and automation tool for any organization handling payments, onboarding processes, or sensitive financial flows.

How It Works

Verification Process

1. Request: Your system calls the Digiteal VoP REST API with:

   • Payee's name OR an identifier (e.g., VAT number)
   • IBAN to verify

2. Routing: Digiteal routes the request to the relevant financial institution via the Routing & Verification Mechanism (RVM)

3. Verification: The IBAN-issuing financial institution performs the verification

4. Response: You receive one of four possible results:

   • MATCH - Perfect match found
   • CLOSE_MATCH - Near match found (minor differences)
   • NO_MATCH - No match found
   • NO_AP - Verification not applicable/available

Each response includes:

• Timestamp for audit trails
• Unique identifier for tracking
• Bank name and BIC of the verifying institution

Integration Points

VoP can be integrated at various stages of your payment lifecycle:

1. During Onboarding or Data Capture

Validate account ownership immediately when customers, suppliers, or beneficiaries provide their IBAN. This prevents incorrect or fraudulent data from entering your systems.

2. Before Payment Initiation

Execute a final verification before releasing funds, especially critical for:

• High-value payments
• Bulk payment runs
• Updates to existing beneficiary details

3. As a Regulatory Control Layer

• Regulated entities: Automatic execution before instant payments
• Non-regulated entities: Voluntary adoption of bank-grade verification standards

4. Within Automated Decision Flows

Build intelligent workflows based on VoP responses:

• MATCH → Proceed automatically
• CLOSE_MATCH → Request confirmation or apply internal rules
• NO_MATCH → Block payment or trigger manual review

Use Cases

SEPA Direct Debit Mandate Verification

Verify in real-time that the provided IBAN belongs to the customer creating a SEPA mandate. The verification runs silently in the background without disrupting the user experience.

Customer and Supplier Onboarding

Confirm IBAN ownership during onboarding or when payment details are updated. This reduces fraud risk and avoids costly corrections later.

Beneficiary Verification for Payouts

Ensure IBANs belong to intended beneficiaries before executing:

• Refunds
• Payroll
• Insurance claims
• Loan disbursements
• Compensation payments
• Other allocations

Technical integration

Getting Started

• Base URL: https://app.digiteal.eu/api/v1
• Sandbox: Test environment available for integration testing
• Full Documentation: API Reference

Authentication

The Digiteal VoP API uses HTTP Basic Authentication. You'll receive API credentials (username and password) when you sign up for the service.

How Basic Auth Works

1. Combine credentials: Join your username and password with a colon: username:password
2. Base64 encode: Convert the combined string to Base64
3. Add to header: Include the encoded string in the Authorization header with the Basic prefix

Authentication Examples

Using curl with credentials

# Direct credential usage (curl handles the encoding)
curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --user 'your-username:your-password' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "iban": "BE03130000000184",
       "name": "Digiteal SA"
     }'

Using pre-encoded Authorization header

# Manual header construction
# Example: username="testuser", password="testpass123"
# Base64("testuser:testpass123") = "dGVzdHVzZXI6dGVzdHBhc3MxMjM="

curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --header 'Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3MxMjM=' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "iban": "BE03130000000184",
       "name": "Digiteal SA"
     }'

Programming language examples

Python

import requests
import base64

username = "your-username"
password = "your-password"

# Option 1: Let requests handle it
response = requests.post(
    "https://app.digiteal.eu/api/v1/ibanAccountHolderVerification",
    auth=(username, password),
    json={
        "iban": "BE03130000000184",
        "name": "Digiteal SA"
    }
)

# Option 2: Manual header construction
credentials = f"{username}:{password}"
encoded_credentials = base64.b64encode(credentials.encode()).decode()
headers = {
    "Authorization": f"Basic {encoded_credentials}",
    "Content-Type": "application/json"
}

JavaScript (Node.js)

// Option 1: Using axios with auth parameter
const axios = require('axios');

const response = await axios.post(
  'https://app.digiteal.eu/api/v1/ibanAccountHolderVerification',
  {
    iban: 'BE03130000000184',
    name: 'Digiteal SA'
  },
  {
    auth: {
      username: 'your-username',
      password: 'your-password'
    }
  }
);

// Option 2: Manual header construction
const credentials = Buffer.from('your-username:your-password').toString('base64');
const headers = {
  'Authorization': `Basic ${credentials}`,
  'Content-Type': 'application/json'
};

Verification Methods

1. Name-Based Verification (Recommended)

Verify account ownership using the account holder's name.

Match Example

# Request
curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --header 'Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3MxMjM=' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "iban": "BE03130000000184",
       "name": "Digiteal SA"
     }'

# Response
{
   "bank": {
      "bic": "DIGEBEB2",
      "name": "DIGITEAL SA"
   },
   "bankAccountHolder": {
      "name": "Digiteal SA"
   },
   "vopMatchResult": {
      "result": "MATCH"
   }
}

Close Match Example

# Request (missing "SA" suffix)
curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --header 'Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3MxMjM=' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "iban": "BE03130000000184",
       "name": "Digiteal"
     }'

# Response
{
   "bank": {
      "bic": "DIGEBEB2",
      "name": "DIGITEAL SA"
   },
   "bankAccountHolder": {
      "name": "Digiteal SA"
   },
   "vopMatchResult": {
      "result": "CLOSE_MATCH"
   }
}

No Match Example

# Request
curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --header 'Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3MxMjM=' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "iban": "BE03130000000184",
       "name": "John Doe"
     }'

# Response
{
   "bank": {
      "bic": "DIGEBEB2",
      "name": "DIGITEAL SA"
   },
   "vopMatchResult": {
      "result": "NO_MATCH"
   }
}

2. Identifier-Based Verification

⚠️

Note: Identifier-based verification shows varying results and consistency across different banks. We recommend using name-based verification when possible.

Verify account ownership using standardized identifiers.

Supported Identifier Types

View all supported identifier types →

VAT Verification Example

# Request
curl --request POST \
     --url https://app.digiteal.eu/api/v1/ibanAccountHolderVerification \
     --header 'Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3MxMjM=' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "identifier": {
         "type": "TXID",
         "value": "BE0630675588"
       },
       "iban": "BE03130000000184"
     }'

# Response
{
  "vopMatchResult": {
    "result": "MATCH"
  },
  "bankAccountHolder": {
    "identifier": {
      "type": "TXID",
      "value": "BE0630675588"
    }
  },
  "bank": {
    "bic": "DIGEBEB2",
    "name": "DIGITEAL SA"
  }
}

Response Codes

Error Handling

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": "Unauthorized",
  "message": "Invalid credentials"
}

Common authentication issues:

• Incorrect username or password
• Missing Authorization header
• Incorrectly formatted Authorization header
• Expired or revoked credentials

Next Steps

1. Request API Access: Contact our sales team to get your API credentials
2. Review API Documentation: Explore the full API reference
3. Test in Sandbox: Use our test environment to simulate various scenarios
4. Integrate: Add VoP to your payment flows
5. Monitor: Track verification results and optimize your workflows

Support

• Technical Documentation: doc.digiteal.eu
• Support Email: [email protected]
• Sales Inquiries: [email protected]