Confirmation Of Payee (CoP)

Overview

Confirmation of Payee (CoP) gives you greater assurance that you are sending payments to the intended beneficiary. It not only helps in preventing accidental, misdirected payments but also reduces the risk associated with Authorised Push Payment (APP) fraud. CoP is a scheme agnostic, peer-to-peer messaging service between accredited participants and sits completely outside of the payment journey. A CoP check can be made prior to setting up a payee or making a payment.

ClearBank is a CoP participant and will provide this account name checking service to those customers who use ClearBank sort codes linked to our bank code.

Confirmation of Payee as a Service

Confirmation of Payee as a Service (CoPaaS) is an extension of the technical capability of ClearBank’s own participation in Confirmation of Payee (CoP), whereby clients must become direct participants with Pay.UK to use CoP and then integrate with ClearBank’s technical service to have access to CoP request and/or CoP response functionality. For this service, ClearBank will solely be the Technical Service Provider (TSP) and this service is only available to clients operating under their own bank code.

If you are using CoPaaS, you will need to use the CoPaaS onboarding endpoints to complete your onboarding. You can then use the CoP respond and request endpoints in the usual way.

CoP respond (inbound)

Responding to a CoP request from an external participant requires us to complete a fuzzy matching check on the account in question. To do so successfully, we need the following account information:

• The name of the legal owner of the account
• Nature of funds held in the account: Personal or Business
• Operating nature of the account: Single or Joint

For your real and virtual accounts to be CoP-ready, you will need to use the following PATCH endpoints to update your accounts:

• PATCH /v1/Accounts/{accountId}
• PATCH /v1/Accounts/{accountId}/Virtual/{virtualAccountId}

If you have chosen to use the ClearBank CoP service, all your real and virtual accounts will be opted in by default, at the time of account creation.

For a real or virtual account to be opted out from using this service, you can use the following PUT endpoints:

• PUT/ v1/Cop/opt/accounts/{accountId}
• PUT/ v1/Cop/opt/accounts/{accountId}/virtual/{VirtualAccountId}

Further information about opting out from using our CoP service along with your responsibilities can be found in our Confirmation of Payee (CoP) Operating Guide. This document can be found in the Reference Documents section in the Knowledge Centre.

{
  "optOut": true,
  "optOutReason": "string"
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

{
  "optOut": true,
  "optOutReason": "string"
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

CoP request (outbound)

Sending a CoP request to an external participant requires us to pass the request to the participant so that they can complete a fuzzy matching check on the account in question. To be able to send a CoP request (outbound) to an external participant, you will need to use the following POST endpoint so that the exact name registered with the payee’s account can be confirmed:

• POST /open-banking/outbound/v1/name-verification

Once confirmed, we pass the result of the matching check back to you which you can then expose to your customer. Pay.UK have provided a messaging standard for you to follow. Further information about the messaging standard along with your responsibilities can be found in our Confirmation of Payee (CoP) Operating Guide. This document can be found in the Reference Documents section in the Knowledge Centre.

CoP requests that require secondary reference data (SRD)

CoP checks are typically carried out on accounts that are addressable by sort code and account number, but can also be done for accounts that are addressable through secondary reference data (SRD). SRD-level checks are performed against the underlying account that is identified by the SRD rather than the name held against the sort code and account number. If an account requires SRD and it is not provided, the CoP check cannot be carried out.

To check whether SRD will be required, use:

• POST /open-banking/outbound/v1/srd/validate

If the CoP Check requires SRD, then it must be entered in the SecondaryIdentification field in the CoP request to enable the CoP responder to identify the account.

Supporting SRD-validated CoP checks is mandatory, however the integration that is required to support the SRD Validate endpoint, which is called ahead of the CoP check being sent is optional. Although not mandatory, this will inform your customers as to whether they need the secondary data ahead of sending the CoP check, making for a more streamlined and informed journey.

Owner name formatting requirements

The OwnerName field is used to identify the owner of the account. The name must be provided in a structured or unstructured comma-delimited format. Both formats consist of three parts separated by commas. For simplicity, we recommend using the unstructured format for all CoP name verification requests.

• The unstructured format is valid for personal, business, and joint accounts. The full owner name string is populated in the third part.
• The structured format is only valid for personal accounts. The salutation, forename(s), and surname are separated by commas.

For reference, the following table gives examples of how the owner name should be formatted for different types of accounts:

{
  "SchemeName": "string",
  "LegalOwnerType": "string",
  "Identification": "string",
  "OwnerName": "string",
  "SecondaryIdentification": "string",
  "EndToEndIdentification": "string"
}

{
  "Data": {
    "VerificationReport": {
      "Matched": true,
      "Name": "string",
      "ReasonCode": "string",
      "ReasonCodeDescription": "string",
      "MatchedBank": "string",
      "ResponseWithinSla": true,
      "LegalOwnerType": "string",
      "ResponderRegistrationId": "string"
    }
  }
}

{
  "Error": {
    "Reason": "string",
    "ParticipantName": "string"
  }
}

{
  "SchemeName": "string",
  "Identification": "string"
}

{
  "Data": {
    "Required": true,
    "BankName": "string",
    "Identification": "string"
  }
}

{
  "Error": {
    "Reason": "string",
    "ParticipantName": "string"
  }
}

CoPaaS onboarding

As part of your onboarding journey for CoPaaS, you will need to:

• Use the Get CSR file endpoint to get the Certificate Signing Request (CSR) .csr file. The softwareStatementID and certificateType inputs are required. The {softwareStatementId} URL parameter is the unique ID of a CoP software statement on your Open Banking Directory entry.
• Use the Create a new certificate endpoint to upload an X.509 certificate in a PEM .pem format. This is the signed PEM you can download from the Open Banking Directory after uploading the certificate signing request returned from the Get CSR file endpoint. Line breaks must be removed from the PEM before submission to ClearBank.

Once you have completed the onboarding set up, you can use the CoP respond and CoP request endpoints in the usual way.

{
  "pem": "string",
  "kid": "string",
  "certificateType": "string"
}