Beyond Rumours: Solving GDPR Challenges in IBAN Name Verification
- Bridget Meijer & Eelco Rietveld
- Leestijd: 3 minuten
The EU regulation on Instant Payments is bound to have a huge impact on all Payment Service Providers (PSPs) and Payment Service Users (PSUs).
Whilst the final text for the EU Regulation on Instant Payments is available, rumours are spreading about the implications of the text and the effect it will have in practice on providing a name suggestion when the Name supplied by the Payer almost matches the name registered at the Payee PSP. On the one hand we hear concerns around privacy because data is shared with the Payer and on the other hand the, what we see as controversial, practice of providing the full name in case of a name suggestion.
In this article we explore why, in our view, providing full names in instances of a ‘close match’ falls short of GDPR standards and how privacy can be guaranteed in combination with providing a name suggestion in case of a close match, by presenting the better alternative for European PSPs aiming to both comply with the upcoming regulation while at the same time protecting their customers’ privacy.
Building trust is key
Results of name matching are crucial for ensuring a seamless payment experience. Users desire a smooth payment flow without disruptions in the payment process.
To maximise the benefits of the IBAN-Name Check and establish trust with payers, it is important that they have confidence in the messages they receive. If there is any doubt, payers may ignore messages, making them potential victims of fraud and introducing additional friction into the payment process.
Providing a name suggestion is essential to assist PSUs in determining whether they should continue with the payment in case the provided Name and IBAN almost match, see the example below.
In the final text indicating the name of the Payee associated with the IBAN is in scope where the result of the verification is that they almost match.
“…a situation where the name of the payee and the payment account identifier supplied by the payer do not match exactly but almost match. In such cases, to avoid undue friction in the processing of instant credit transfers in euro and facilitate the payer’s decision on whether to proceed with the intended transaction, the PSP should indicate to the payer the name of the payee associated with the payment account identifier provided by the payer in a manner which ensures compliance with Regulation (EU) 2016/679.”
While it is explicitly stated that providing the name should ensure compliance with the GDPR, rumor has it that the full name should be provided. The following cases show the differences between the rumors in the market and how SurePay currently handles name suggestions:
SurePay approach
‘Disclosing full-details’ approach
In our view these last cases will not comply with the GDPR and risks sharing data that was not previously known to the Payer, making it a possible data (lookup) service instead of a verification service.
The best of both worlds
As pioneers in the IBAN-Name Check verification domain, we have been refining and enhancing our matching process since 2016, and our commitment to improvement persists to this day. Our guiding principle has consistently been privacy by design, guaranteeing that no data is disclosed to payers unless it was previously known to them.
The examples we’ve compiled from real cases demonstrate the feasibility of safeguarding customer privacy while offering Payment Service Users (PSUs) a reliable payment service. This builds trust in the payment journey and instils confidence for PSUs when making payments.
What makes a good matching algorithm
- Shares no personal data (GDPR compliant with privacy by design)
- Results in a Match, No Match or Close Match
- Includes a name suggestion in case of a Close Match and also for a No Match in case of a corporate/business bank account.
- Gives the customer useful and actionable messages to improve trust in the payment process
- Provides the possibility to solve edge cases (like factoring parties, matching on trading names)
- Can be easily adapted and updated when new insights emerge
About SurePay
SurePay is thé pioneer in the field of IBAN-Name Check verification and it has been our core business since 2016. With over 100 PSPs already trusting our solution on a daily basis and performed over 7 billion checks since, we are confident we have a solution that suits your needs. Curious how we can help you achieve GDPR compliance, prevent yourself from being held liable for errors in matching and ensure a great customer journey? Please reach out to us.
Want to know more?
Visit our Developer Portal
Schedule a meeting
The latest developments
Elevating Bank Fraud Prevention with Fraud Risk Indicator
Beyond Rumour: Solving GDPR Challenges in IBAN Name Verification
SurePay IBAN-Name Check portal now available in the Exact App Store
SurePay announces one European IBAN-Name Check
CEO fraud runs rampant, but can be minimised with an IBAN-Name Check
