This API based service is for requesting PSPs in the Worldline VoP Hub ecosystem and EPC scheme. It allows to process the verification of a payee identity via a single request to the Worldline VoP Hub, based on identification data and account data entered bv the Requester (Payer) in any payment channel of the PSP.

Features

The service will route the request to the corresponding responding bank using its dedicated directory service, obtain or compute a matching result (depending on the source of account holder information data or direct match result), and return it to the requesting PSP under 3 seconds (or timeout).

The API supports name + IBAN matching (returning a corrected name in case of a close match) as well as additional identifiers when supported by the responding bank.

Process

1. The Requesting bank gathers information from the Requester (payer) about the subject of the VoP (Payee), before initiating a payment from any Sepa Credit Transfer channel.
2. The API client authenticates towards VoP Hub and sends a request containing the gathered identification data and account reference.
3. The VoP Hub routes the request to the corresponding responding bank, part of its reachable VoP interfaces.
4. The VoP Hub receives the match result or necessary account holder information from the responding PSP.
5. The API client receives the resulting API response, which may include the corrected name according to the responding bank, in case of close matches. 
6. The Requester is informed of the matching result, applies potential corrections and proceeds with payment initiation.

API Security

• Authentication: The Worldline VoP Hub uses an authentication service that adheres to the OIDC standard protocol. 
  For enhanced security, the client must present an (qualified) SSL certificate to authenticate.

• Secure Communication: All communications utilize MTLS with TLS 1.2 or higher, ensuring that data in transit is secure.

   

  To learn more about how security at the transport layer is implemented through encryption, token management, and digital signatures to protect communication and authentication processes, please visit our Security pages.

   

In the EPC VoP scheme

According to the EPC Document 218-23, "Verification Of Payee Scheme Rulebook" first version for public consultation :

The Responding PSP is the Participant that receives the VOP Request from the Requesting PSP and Instantly processes that VOP Request. 
The Responding PSP is also obliged to Instantly send a VOP Response containing a matching result about the received details of the Payment Counterparty or another reason, back to the Requesting PSP.
The Responding PSP may also be the Payment Counterparty.

Worldline provides API and file exchange based services for scheme participants who need to fulfil this role and intend to comply with all its rules.

The following simplified diagram represents how the Worldline VoP services operate on behalf of Responding PSPs in the EPC scheme :

Services

To produce match results on behalf of the Responding PSP, Worldline needs access to account related information of the subject of the Verification of Payee.

Two services are available for that purpose, and are detailed at the following locations in this developer portal :

• Responding PSP API : a real time API definition to expose account holder data to the Worldline VoP Services.
• Account Data Management : an API or file exchange based service for responding PSPs to delegate the storage of account holder data to the Worldline VoP services, then used to produce match results when answering VoP requests.

To learn more about how security at the transport layer is implemented through encryption, token management, and digital signatures to protect communication and authentication processes, please visit our Security pages.

An update of the interface specifications will be published in December to align with the EPC VoP Official field definitions coming from ISO 20022.

This API based service is provided to responding PSPs participating in the Worldline VoP Hub ecosystem. It allows responding PSPs to manage account holder identification data via the Worldline VoP Hub. It allows the Hub to use this locally stored data to provide answers to requesting PSPs, verifying the identity of payee for their payer user (Requester).

The data of the responding PSP is maintained and secured by Worldline on a mutualized infrastructure in the public cloud. Logical segregation and at rest data encryption is in place.

Features

The service, offers a CRUD real time interface to manage account holder identification data for the responding PSP.

The API supports storing multiple names, as well as additional identifiers when supported by the responding bank.

File based account data management

For clients wanting to avoid API integration, Worldline can put in place file based daily upload and updates of account holder identification data via CSV or JSON formats (see API format for bulk creation), transferred via dedicated SFTP channels, and via manual upload in our Backoffice in the future.  

API Security

• Authentication: The Worldline VoP Hub uses an authentication service that adheres to the OIDC standard protocol. 
  For enhanced security, the client must present a (qualified) SSL certificate to authenticate.
• Secure Communication: All communications utilize MTLS with TLS 1.2 or higher, ensuring that data in transit is secure.

This API definition is provided for responding PSPs participating in the Worldline VoP Hub ecosystem and EPC scheme. It allows the Hub to dynamically retrieve account holder identification data to provide answers to requesting PSPs, verifying the identity of payee for their payer user (Requester).

The data of the responding PSP can remain under its control and in the desired infrastructure.

Features

The service, exposed by the responding PSP, will receive an account identifier and information about the requesting PSP performing the VoP request, and return account holder identification data to the Worldline VoP Hub, which will in turn compute a matching result to answer the VoP request.

The API supports returning multiple names, as well as additional identifiers when supported by the responding bank.

API Security

• Authentication: The Worldline VoP Hub uses an authentication service that adheres to the OIDC standard protocol. 
  For enhanced security, the client must present an (qualified) SSL certificate to authenticate.
• Secure Communication: All communications utilize MTLS with TLS 1.2 or higher, ensuring that data in transit is secure.

To learn more about how security at the transport layer is implemented through encryption, token management, and digital signatures to protect communication and authentication processes, please visit our Security pages.

In the EPC VoP scheme

According to the EPC Document 218-23, "Verification Of Payee Scheme Rulebook" first version for public consultation :

The Requesting PSP is the Participant with whom or through whom the Requester intends to make its Account-based Payment. The Requesting PSP receives a Payment Account Number, a Name of the Payment Counterparty and potentially in addition an unambiguous identification code about a Payment Counterparty from the Requester.
The Requesting PSP may also be the Requester.
Upon explicit request by the Requester or due to the laws applicable to the Requesting PSP, this Participant must initiate the request to verify these details about the Payment Counterparty as provided by the Requester.
The Requesting PSP Instantly sends a VOP Request to the PSP managing the Payment Account of the indicated Payment Counterparty.

Worldline provides API based services for scheme participants who need to fulfil this role and intend to comply with all the scheme rules. 

The following processing diagram represents the interactions of the Requesting PSP with the Requester and the WL VoP Services :

Services

To let Requesting PSPs send requests to other EPC scheme participants, the Worldline VoP solution offers API and file based services, which are detailed at the following location in the developer portal :

• Requesting PSP API
• Requesting PSP API - Bulk payments (Coming soon)

Overview

The newly introduced Instant Payment regulation mandates that Account Servicing PSPs need to perform a Verification of the Payee for any credit transfer initiated by their payment service users. The EPC has edited a rulebook to organize a scheme called VoP, to standardize the needed interactions between the participants.

The diagram below shows a generic VoP processing flow and the different involved actors, as the rulebook defines it. 
A glossary defining the scheme specific terms used below can be found at the bottom of this page.

Instant Payment Regulation & VoP compliance timeline

A final publication of the Worldline VoP APIs will be made available after the publication of the EPC rulebook first definitive version, in October 2024. 

Verification of Payee by Worldline

Discover Verification of Payee by Worldline on our website ! 

The Worldline Verification of Payee services allow banks to comply with the new Instant Payment regulation and its Verification of Payee requirement, as requesting and responding PSP, and compliant participant of the EPC VoP scheme.

In this documentation you will find detailed information and draft specifications on how Worldline facilitates VoP processing in this context, letting PSPs fulfill both scheme roles, with the products highlighted in the diagram below :

• Requesting PSP
• Responding PSP

Glossary

• EPC : European Payments Council
• VoP : Verification Of Payee, process of verifying the identity of a payer prior to a payment initiation via SEPA Credit Transfer, as mandated by the Instant Payment Regulation.
• IPR : Instant Payment Regulation
• RVM : Routing and verification mechanism. In the EPC VoP rulebook defined actors, an intermediate service provider for the requesting or responding PSP, acting on behalf of the PSP in the scheme.
• PSP : Payment Service Provider. In this context, an Account Servicing PSP (Bank).
• Requesting PSP : In the VoP ecosystem, the party (bank) performing a verification of Payee, for the Payer.
• Responding PSP : In the VoP ecosystem, the party (bank) responding to a request of verification of Payee.
• Requester : Payer / Payment Service User (PSU)
• Worldline VoP Hub : The SaaS offering of Worldline that will route VoP requests between the necessary systems and provide matching results in accordance with the EPC scheme rules.
• OIDC : OpenId Connect standard, based on Oauth2, used by the WL VoP Hub authentication service. See here and API specifications for more details.

• CRUD : Create, Read, Update, and Delete operations.