Account Holder Verification
Introduction
The Account Holder Verification (AHV) endpoint allows for the verification of an account holder's identity — either the payer or the payee — before initiating a payment.
This helps reduce fraud and prevents payments from being misdirected, ensuring that funds are either sent to the correct recipient or debited from the correct payer account before processing.
AHV supports two verification types depending on the payment method:
- Confirmation of Payee (CoP): used for GBP payments via Faster Payments — to verify the payee, ensuring money is sent to the correct recipient.
- Verification of Payee (VoP): used for EUR payments via SEPA
- for SEPA Credit Transfer (SCT) to verify the payee,
- for SEPA Direct Debit (SDD) to verify the payer,
ensuring that funds are either sent to or collected from the correct account.
How it works
When an AHV request is submitted, the provided details are validated with the payment scheme and return a verification result via the Webhook service, via the AccountHolderVerification event type. The result will indicate whether the provided details generate a Match, a Close Match, No Match, or anError.
Each request is acknowledged with a unique ID, and the verification result can also be retrieved by polling the GET endpoint with the provided GUID.
The response also includes a reason code that provides further details on the verification result.
Request Rules
When making a request, the following rules apply:
- Either
individualNameorcompanyNamemust be provided — not both. - Either
bban(for CoP) oriban(for VoP) must be provided — not both.
Reason Codes
The reason codes in the response payload provide additional context on the verification result, indicating the level of match or any issues identified during the verification process.
| Reason Code | Code Description | Detailed Description | Account Name Passed Back |
|---|---|---|---|
| ANNM | Account Name does Not Match | The CoP Responder has performed the matching and confirms it is not a match | No |
| MBAM | There may be a match on the Account Name | The CoP Responder has performed the matching and it is a close match | Yes |
| BANM | Business account, name matches | The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name matches | No |
| PANM | Personal account, name matches | The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name matches | No |
| BAMM | Business account, name may be a match | The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name is a close match | Yes |
| PAMM | Personal account, name may be a match | The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name is a close match | Yes |
| AC01 | Incorrect Account Number | Account does not exist in the CoP Responder's books | No |
| IVCR | Invalid Customer Reference | The CoP Responder was unable to locate the customer account based on the secondary reference data contained within the SecondaryIdentification field | No |
| ACNS | Account type Not Supported for CoP | Account not supported for CoP by the CoP Responder | No |
| OPTO | Opted out of CoP Scheme | Payee has been opted out of the CoP service by the CoP Responder | No |
| CASS | Account has been switched | The Payee's account has been switched using the Current Account Switch Service (CASS) | No |
| SCNS | Sort code not supported at endpoint | The CoP Responder has incorrectly received a CoP request for a sort code that does not belong to them | No |
| Error | 400 Bad request | Request has malformed, missing or non-compliant JSON body or URL parameters | No |
| Error | 401 Unauthorised | Authorization header missing or invalid token | No |
| Error | 403 Forbidden | Token has incorrect scope, or a security policy was violated, used when a CoP Requester tries to access a resource that it does not have permission to access. | No |
| Error | 404 Not Found | CoP API is not supported by the Payee ASPSP | No |
| Error | 405 Method not allowed | The CoP Requester tried to access the resource with a method that is not supported | No |
| Error | 406 Not acceptable | The request contained an accept header that requested a content-type other than application/JSON and a character set other than UTF-8 | No |
| Error | 429 Too Many Requests | The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation | No |
| Error | 500 Internal server error | Something went wrong on the API gateway or micro-service | No |
| Error | 503 Service Unavailable | The CoP Responder’s service is down for maintenance. The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation | No |
Updated 4 days ago