📘
This page documents version 2 of the endpoint. Refer to Account Holder Verification (v1) for version 1, including a guide to migrate to version 2.

The Account Holder Verification (AHV) endpoint allows you to verify an account holder's identity before initiating a payment.

This helps reduce fraud and prevents payments from being misdirected, ensuring that payments are sent to the correct recipient or debited from the correct payer account before processing.

Supported verification services

AHV supports the following verification services depending on the payment method / scheme:

Confirmation of Payee (CoP - UK): used for GBP payments via Faster Payments
Verification of Payee (VoP - EU): used for EUR payments via SEPA (SCT / SCT Inst / SDD)
Confirmation of Payee (CoP - AU): used for AUD payments via the Australian scheme (BSB + Account Number)

How it works

After you submit an AHV request, we automatically route the request to the correct scheme (VoP or CoP) based on the verificationAccount details.

You can receive the verification result via:

the Webhook service (event type: AccountHolderVerification ), or
by calling the AHV GET endpoint.

The result will indicate whether the provided details return Match, Close match, No match, or Error. See the request example and response example for implementation details. The response may also include a reasonCode and descriptions (depending on scheme and outcome).

Request Rules

When making a request, the following rules apply:

verificationName must be provided
verificationAccount must be provided and must include:
- account: IBAN (for VoP) or local account number (for CoP UK/AU)
- financialInstitution:
  - optional BIC (for VoP) or
  - Sort Code (for CoP UK) or
  - **BSB (for CoP AU)
- country: country code of the account (recommended; required where it cannot be derived)
verificationType
- Required for CoP requests: must be "Personal" or "Business"
- Not required for VoP requests

How the verification type is determined from the payload

There is no explicit field in the request to select CoP UK, VoP EU or CoP AU. Instead, the verification type is automatically inferred from the contents of the request:

Verification service applied	Country Code	`account` Format	`financialInstitution` Format	Notes
CoP (UK)	`GB`	GB Account Number	Sort Code	For GBP payments via Faster Payments
VoP (EU)	SEPA country codes (e.g. `DE`, `PT`, `NL`) / optional	IBAN	Optional BIC / empty	For EUR payments via SEPA Credit Transfer, SEPA Instant, SEPA Direct Debit. Note: A GB-IBAN is also always treated as VoP (not CoP).
CoP (AU)	`AU`	AU Account Number	BSB	For AUD via Australian scheme. Simulator uses BSB + accountNumber.

Verification service applied

Country Code

account Format

financialInstitution Format

Notes

CoP (UK)

GB

GB Account Number

Sort Code

For GBP payments via Faster Payments

VoP (EU)

SEPA country codes (e.g. DE, PT, NL) / optional

IBAN

Optional BIC / empty

For EUR payments via SEPA Credit Transfer, SEPA Instant, SEPA Direct Debit.

Note: A GB-IBAN is also always treated as VoP (not CoP).

CoP (AU)

AU

AU Account Number

BSB

For AUD via Australian scheme. Simulator uses BSB + accountNumber.

Important notes:

IBANs will always be checked using the VoP service, even if they are GB IBANs
To trigger a request via CoP UK, you must specify both an account number and sort code
Invalid or mixed combinations will result in a validation error

Reason Codes (CoP Only)

The following reason codes apply only to Confirmation of Payee (CoP) requests. They are defined by the UK CoP scheme and provide additional context on the verification result, indicating the level of match or any issues identified during the verification process.

Note: VoP (Verification of Payee for SEPA) does not provide the same set of granular reason codes as CoP.

Reason Code	Code Description	Detailed Description	Account Name Passed Back
ANNM	Account Name does Not Match	The CoP Responder has performed the matching and confirms it is not a match	No
MBAM	There may be a match on the Account Name	The CoP Responder has performed the matching and it is a close match	Yes
BANM	Business account, name matches	The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name matches	No
PANM	Personal account, name matches	The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name matches	No
BAMM	Business account, name may be a match	The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name is a close match	Yes
PAMM	Personal account, name may be a match	The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name is a close match	Yes
AC01	Incorrect Account Number	Account does not exist in the CoP Responder's books	No
IVCR	Invalid Customer Reference	The CoP Responder was unable to locate the customer account based on the secondary reference data contained within the SecondaryIdentification field	No
ACNS	Account type Not Supported for CoP	Account not supported for CoP by the CoP Responder	No
OPTO	Opted out of CoP Scheme	Payee has been opted out of the CoP service by the CoP Responder	No
CASS	Account has been switched	The Payee's account has been switched using the Current Account Switch Service (CASS)	No
SCNS	Sort code not supported at endpoint	The CoP Responder has incorrectly received a CoP request for a sort code that does not belong to them	No
Error	400 Bad request	Request has malformed, missing or non-compliant JSON body or URL parameters	No
Error	401 Unauthorised	Authorization header missing or invalid token	No
Error	403 Forbidden	Token has incorrect scope, or a security policy was violated, used when a CoP Requester tries to access a resource that it does not have permission to access.	No
Error	404 Not Found	CoP API is not supported by the Payee ASPSP	No
Error	405 Method not allowed	The CoP Requester tried to access the resource with a method that is not supported	No
Error	406 Not acceptable	The request contained an accept header that requested a content-type other than application/JSON and a character set other than UTF-8	No
Error	429 Too Many Requests	The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation	No
Error	500 Internal server error	Something went wrong on the API gateway or micro-service	No
Error	503 Service Unavailable	The CoP Responder’s service is down for maintenance. The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation	No