Account Holder Verification
This page documents version 2 of the endpoint. Refer to Account Holder Verification (v1) for version 1, including a guide to migrate to version 2.
The Account Holder Verification (AHV) endpoint allows you to verify an account holder's identity before initiating a payment.
This helps reduce fraud and prevents payments from being misdirected, ensuring that payments are sent to the correct recipient or debited from the correct payer account before processing.
The AHV supports two verification types depending on the payment method:
- Confirmation of Payee (CoP): used for GBP payments via Faster Payments
- Verification of Payee (VoP): used for EUR payments via SEPA
How it works
After you submit an AHV request, we verify the provided details through either the VoP scheme or CoP service. You can receive the verification result via the Webhook service using the AccountHolderVerification event type, or by calling the AHV GET endpoint. The result will indicate whether the provided details generate a Match, Close Match, No Match, or Error.
See the request example and response example for implementation details.
The response also includes a reason code that provides further details on the verification result.
Request Rules
When making a request, the following rules apply:
- verificationName must be provided
- verificationType must be either Personal or Business
- verificationAccount must be provided and must include:
- account: IBAN (for VoP) or UK account number (for CoP)
- financialInstitution: optional BIC (for VoP) or Sort Code (for CoP)
- country: country code of the account
Routing rules:
- If you provide Account Number + Sort Code (GB), the request is processed as CoP
- If you provide an IBAN (including GB-IBANs), the request is processed as VoP
Invalid or mixed combinations (e.g. IBAN + Sort Code) will result in a validation error.
Verification results
When the result of the VoP or CoP is available (status is succeeded or failed), the result object will be populated in the AHV GET endpoint and in the webhook payload.
Details of each property in the result object
result object| Property | Population Logic & Format / Possible Values |
|---|---|
created | Always populated. Format: YYYY-MM-DDTHH:mm:ssZ |
matchLevel | Always populated. Possible values: Match, Close match, No match, or Error |
reasonCode | Only populated for VoP if matchLevel = Error |
description | Only populated for VoP if matchLevel = Error |
detailedDescription | Only populated for VoP if matchLevel = Error |
accountHolder | Only populated if matchLevel = Close match |
Reason Codes (CoP Only)
The following reason codes apply only to Confirmation of Payee (CoP) requests. They are defined by the UK CoP scheme and provide additional context on the verification result, indicating the level of match or any issues identified during the verification process.
Note: VoP (Verification of Payee for SEPA) does not provide the same set of granular reason codes as CoP.
| Reason Code | Code Description | Detailed Description | Account Name Passed Back |
|---|---|---|---|
| ANNM | Account Name does Not Match | The CoP Responder has performed the matching and confirms it is not a match | No |
| MBAM | There may be a match on the Account Name | The CoP Responder has performed the matching and it is a close match | Yes |
| BANM | Business account, name matches | The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name matches | No |
| PANM | Personal account, name matches | The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name matches | No |
| BAMM | Business account, name may be a match | The CoP Requester indicated that the Payer intends to pay a personal account, but the actual account is a business account and the name is a close match | Yes |
| PAMM | Personal account, name may be a match | The CoP Requester indicated that the Payer intends to pay a business account, but the actual account is a personal account and the name is a close match | Yes |
| AC01 | Incorrect Account Number | Account does not exist in the CoP Responder's books | No |
| IVCR | Invalid Customer Reference | The CoP Responder was unable to locate the customer account based on the secondary reference data contained within the SecondaryIdentification field | No |
| ACNS | Account type Not Supported for CoP | Account not supported for CoP by the CoP Responder | No |
| OPTO | Opted out of CoP Scheme | Payee has been opted out of the CoP service by the CoP Responder | No |
| CASS | Account has been switched | The Payee's account has been switched using the Current Account Switch Service (CASS) | No |
| SCNS | Sort code not supported at endpoint | The CoP Responder has incorrectly received a CoP request for a sort code that does not belong to them | No |
| Error | 400 Bad request | Request has malformed, missing or non-compliant JSON body or URL parameters | No |
| Error | 401 Unauthorised | Authorization header missing or invalid token | No |
| Error | 403 Forbidden | Token has incorrect scope, or a security policy was violated, used when a CoP Requester tries to access a resource that it does not have permission to access. | No |
| Error | 404 Not Found | CoP API is not supported by the Payee ASPSP | No |
| Error | 405 Method not allowed | The CoP Requester tried to access the resource with a method that is not supported | No |
| Error | 406 Not acceptable | The request contained an accept header that requested a content-type other than application/JSON and a character set other than UTF-8 | No |
| Error | 429 Too Many Requests | The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation | No |
| Error | 500 Internal server error | Something went wrong on the API gateway or micro-service | No |
| Error | 503 Service Unavailable | The CoP Responder’s service is down for maintenance. The CoP Responder should include a Retry-After header in the response indicating how long the CoP Requester must wait before retrying the operation | No |
Updated 6 days ago