1. Verification Of Payee scheme

API Specifications

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 25/08/2025

In the response payload, we have the field type that should have an URI reference [RFC3986] that identifies the problem type. Will the EPC provide the URI references to be used in each problem?

Alternatively, could the URIs from the Mozilla Developer Network (MDN) be used?

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 17/07/2025

In case of problem with the format of the X-Request-Timestamp attribute, should the RVM send a FORMAT_ERROR or a TIMESTAMP_INVALID code?

Our recommendation is to use TIMESTAMP_INVALID.

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 17/07/2025

Could you please share additional information regarding the ‘Business Identification Code’ (+++AnyBIC mentioned in 4.2.1 of API Specifications doc.) referred as an alternative identifier to perform VOP validation? Which type of identifier and/or standard (if any) should be considered for this field?

This attribute can be used when the party (subject of the verification) has a BIC code that can be used to identify it, and such BIC is sent in the VOP request by the requesting PSP.  The BIC used

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 17/07/2025

Which reason code should be used in the Response if the account is closed (NMTC or NOAP)?

Our recommendation is to use the code “NOAP”.

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 28/08/2025

VerificationOfPayeeError, the yaml defines two fields as mandatory: code and type. Specifically, code (MessageCode) should be equal to one of the following ISO codes: [FORMAT_ERROR, CLIENT_INVALID, CLIENT_INCONSISTENT, TIMESTAMP_INVALID] but the examples listed in the API specifications leave that field blank in the following cases: ‘Certificate Items’ and ‘Internal Server Error’. Please could you advise which value might be used in that case?

In these cases, the response code is sufficient and self-explanatory, there is no need for a detailed error code.  

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 17/07/2025

For organisation identification (section 4.2), for organisationId/others/identification, is Max256Text length necessary, have specific use-cases been identified where this length is needed rather than Max140Text used for name, are there any discussions to shorten this length requirement?

We followed the definition described in ISO20022, the “identification” has the Datatype “Max256Text”

i.e. source ISO20022_MDRPart2_PaymentsInitiation_2023_2024_v1 (page 341)

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 28/08/2025

In the event of a ‘NO ANSWER’, should we use the NOAP code or the RVNA code (received Verification Completed Not Applicable)?However, we have not yet identified the correct specification for ‘No Answer’. Could you please send us the correct specification? Also, in the specification, it is mentioned that an error code must be communicated. Could you tell me where I can find a list of these codes?

  • VOP Response will include NOAP code in case of Matching not possible for the responding application for any reason, with HTTP code 200.
  • In case of technical problems, the Responding PSP wil
EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 17/07/2025

What are the rules for using a VAT code as a counterparty identifier in a VOP Request ?

Following the specifications described in the “Verification Of Payee API Specifications” document, the VAT number value must be inserted in the “identification” attribute, and it is mandatory that the value “TXID” be used as the

EPC FAQ:  —  Verification Of Payee scheme  —  Last updated: 18/08/2025

Should we buy two, separated QWAC certificates (one for test, one for prod environments) if we are planing to use QWAC certificate only for VOP service?

From the EPC point of view, you only need one certificate, which is for production. However, when it comes to testing VOP, there are different scenarios depending on your choice to work with an RVM or not.