Beyond Rumours: Solving GDPR Challenges in IBAN Name Verification

The EU regulation on Instant Payments is bound to have a huge impact on all Payment Service Providers (PSPs) and Payment Service Users (PSUs). 


Whilst the final text for the EU Regulation on Instant Payments is available, rumours are spreading about the implications of the text and the effect it will have in practice on providing a name suggestion when the Name supplied by the Payer almost matches the name registered at the Payee PSP. On the one hand we hear concerns around privacy because data is shared with the Payer and on the other hand the, what we see as controversial, practice of providing the full name in case of a name suggestion.

In this article we explore why, in our view, providing full names in instances of a ‘close match’ falls short of GDPR standards and how privacy can be guaranteed in combination with providing a name suggestion in case of a close match,  by presenting the better alternative for European PSPs aiming to both comply with the upcoming regulation while at the same time protecting their customers’ privacy.

Building trust is key

Results of name matching are crucial for ensuring a seamless payment experience. Users desire a smooth payment flow without disruptions in the payment process. 

To maximise the benefits of the IBAN-Name Check and establish trust with payers, it is important that they have confidence in the messages they receive. If there is any doubt, payers may ignore messages, making them potential victims of fraud and introducing additional friction into the payment process. 

Providing a name suggestion is essential to assist PSUs in determining whether they should continue with the payment in case the provided Name and IBAN almost match, see the example below. 

Close Match Jermy Smith

In the final text indicating the name of the Payee associated with the IBAN is in scope where the result of the verification is that they almost match.

“…a situation where the name of  the payee and the payment account identifier supplied by the payer do not match exactly  but almost match. In such cases, to avoid undue friction in the processing of instant credit  transfers in euro and facilitate the payer’s decision on whether to proceed with the intended  transaction, the PSP should indicate to the payer the name of the payee associated with  the payment account identifier provided by the payer in a manner which ensures  compliance with Regulation (EU) 2016/679.”

While it is explicitly stated that providing the name should ensure compliance with the GDPR, rumor has it that the full name should be provided. The following cases show the differences between the rumors in the market and how SurePay currently handles  name suggestions: 

SurePay approach

UK Close match john smit
Close Match--49

‘Disclosing full-details’ approach

UK Close match john smit full details
Close Match--50

In our view these last cases will not comply with the GDPR and risks  sharing data that was not previously known to the Payer, making it a possible data (lookup) service instead of a verification service. 

The best of both worlds

As pioneers in the IBAN-Name Check verification domain, we have been refining and enhancing our matching process since 2016, and our commitment to improvement persists to this day. Our guiding principle has consistently been privacy by design, guaranteeing that no data is disclosed to payers unless it was previously known to them.

Close Match--51
Close Match Jermy Smith
Close Match--52
UK Close match british airways

The examples we’ve compiled from real cases demonstrate the feasibility of safeguarding customer privacy while offering Payment Service Users (PSUs) a reliable payment service. This builds trust in the payment journey and instils confidence for PSUs when making payments.

What makes a good matching algorithm

About SurePay

SurePay is thé pioneer in the field of IBAN-Name Check verification and it has been our core business since 2016. With over 100 PSPs already trusting our solution on a daily basis and performed over 7 billion checks since, we are confident we have a solution that suits your needs. Curious how we can help you achieve GDPR compliance, prevent yourself from being held liable for errors in matching and ensure a great customer journey? Please reach out to us.

Want to know more?

Visit our Developer Portal
Schedule a meeting

The latest developments