Skip to main content
In a payout scenario, as a Requesting PSP, Mangopay will be carrying out VOP checks on recipients and payouts and returning the result in the API response.

Scope

VOP applies to EUR Recipients and Payouts using SCT or SCT Inst. In terms of Recipient properties, this means:
  • Currency is EUR
  • PayoutMethod is LocalBankTransfer
  • Country is a SEPA country
VOP does not apply to non-EUR payouts in SEPA countries, such as SEK payouts to a bank in Sweden (which uses the local scheme RIX). VOP also does not apply to international payouts, such as EUR to a non-SEPA country or, for example, SEK to a SEPA country that isn’t Sweden, both of which use SWIFT.
Note – VOP on Recipients available for all platformsThe VOP checks on Recipients are available for all platforms for anti-fraud purposes.If your platform offers User-Owned Accounts to your users, their payouts are also impacted by VOP and may be blocked.

VOP result API fields

The following endpoints will be enriched with the Verification of Payee in the API response: These endpoints will return a new object parameter, RecipientVerificationOfPayee, containing:
  • RecipientVerificationId – A unique identifier of the VOP check performed by Mangopay.
  • RecipientVerificationCheck – The outcome of the VOP check performed by Mangopay, using the details in the Recipient or Bank Account object referenced in the BankAccountId field.
  • RecipientVerificationMessage – The explanation of the check outcome.
The fields will give the result of the VOP check:
RecipientVerificationCheckRecipientVerificationMessageScenarioRecommendation
MATCHAccount name fully matches account identifier.The account is valid and the account name matches the IBAN.Proceed with the payout or recipient.
CLOSE_MATCHAccount name partially matches account identifier. Name returned by check: FirstName LastName. Payment made to this account may not reach its intended counterparty.The account is valid but the name doesn’t match exactly.Confirm details with your user before proceeding. Reregister the Recipient if required.
NO_MATCHAccount name does not match account identifier. Payment made to this account may not reach its intended counterparty.This account likely belongs to a different owner.Do not proceed until you confirm the account details with the user.
MATCH_NOT_POSSIBLEResponding PSP’s verification service unreachable. Payment made to this account may not reach its intended counterparty.The check could not be completed.Retry later, or proceed only after confirming the account details with the user.
Caution – Risk of misdirected payoutsFor any result other than MATCH, there is a risk of the funds not reaching their intended destination. Funds sent to the wrong account may not be recoverable.

Implementation recommendations

  1. Retrieve and display the RecipientVerificationCheck and RecipientVerificationMessage to your users. These data points are both returned in the RecipientVerificationOfPayee object on GET View a Recipient, POST Create a Recipient, and POST Create a Payout.
  2. Check the VOP result of Recipients using GET View a Recipient before initiating payouts, to avoid funds being sent to the wrong account.

Recipients

Mangopay performs a VOP check on the endpoints: VOP is only performed on Recipients where:
  • Currency is EUR
  • PayoutMethod is LocalBankTransfer
  • Country is a SEPA country
The GET View a Recipient and POST Create a Recipient endpoints will return the VOP result in the RecipientVerificationOfPayee parameter of the API response:
API response - 200 OK
{
    "Id": "rec_01K3V3GWJQBZXQ3HKNWCQCJRXF",
    "Status": "ACTIVE",
    "CreationDate": 1756477551,
    "DisplayName": "ExampleBusinessName EUR FR account",
    "PayoutMethodType": "LocalBankTransfer",
    "RecipientType": "Business",
    "Currency": "EUR",
    "Country": "FR",
    "UserId": "user_m_01JH2Z9GXCCHGFN65T5HDZG4GB",
    "Tag": "Created using the Mangopay API Postman collection",
    "RecipientScope": "PAYOUT",
    "BusinessRecipient": {
        "BusinessName": "ExampleBusinessName",
        "Address": {
            "AddressLine1": "3929 Dickinson Streets",
            "AddressLine2": "Stamm Tunnel",
            "City": "Paris",
            "Region": "Ile de France",
            "PostalCode": "75001",
            "Country": "FR"
        }
    },
    "LocalBankTransfer": {
        "EUR": {
            "IBAN": "FR7630004000031234567890143",
            "BIC": "BNPAFRPPXXX"
        }
    },
		"RecipientVerificationOfPayee": {
			  "RecipientVerificationId": "123456789",
			  "RecipientVerificationCheck": "MATCH",
			  "RecipientVerificationMessage": "Account name fully matches account identifier."
    }
}
The GET View a Recipient endpoint returns the latest VOP check performed for that account. If no check has ever been performed (for existing Recipient objects and Bank Account objects), then a new check will be carried out. The GET View a Bank Account endpoint will not trigger a VOP check nor return any VOP result. Ensure your platform uses GET View a Recipient object to retrieve account information. The Recipient endpoint can be used to retrieve legacy Bank Account objects by using the Bank Account Id as the RecipientId path parameter.

Payouts

Mangopay is introducing VOP checks when your platform requests a payout using POST Create a Payout only if the owner of the payout’s BankAccountId has at least one User-Owned Virtual Account. If the user doesn’t have at least one User-Owned Virtual Account, or if the payout does not use the SCT or SCT Inst rails, then VOP is not performed.
The steps are as follows:
  1. Your platform calls POST Create a Payout.
  2. Mangopay performs Verification of Payee (VOP) using the associated Recipient or Bank Account data (reference in the BankAccountId) by checking the IBAN and account holder name with the Responding PSP (which is the Payee’s bank).
  3. Mangopay returns the VOP result in the API response.
  4. Mangopay proceeds with the payment, unless it is blocked as described in the scenarios below.

Payout scenarios

Match or close match

When Mangopay performs the VOP check with the Responding PSP, if the result is MATCH or CLOSE_MATCH, then the payout will continue as before.
The POST Create a Payout endpoint will return an HTTP 200 result containing the RecipientVerificationOfPayee fields:
API response - 200 OK
{
    "Id": "po_b_01K3GM8HWNCVDMACCRA0ZZPH02",
    "Tag": "Created using Mangopay API Postman Collection",
    "CreationDate": 1756126005,
    "AuthorId": "user_m_01K075ZBVXGFYAXM7529W2ZS5W",
    "CreditedUserId": null,
    "DebitedFunds": {
        "Currency": "EUR",
        "Amount": 1000
    },
    "CreditedFunds": {
        "Currency": "EUR",
        "Amount": 900
    },
    "Fees": {
        "Currency": "EUR",
        "Amount": 100
    },
    "Status": "CREATED",
    "ResultCode": null,
    "ResultMessage": null,
    "ExecutionDate": null,
    "Type": "PAYOUT",
    "Nature": "REGULAR",
    "CreditedWalletId": null,
    "DebitedWalletId": "wlt_m_01J9KQE9Z2S4G4R867C5H6W5ZV",
    "PaymentType": "BANK_WIRE",
    "BankAccountId": "rec_01K1ZWF7RJG9MEY8VQ0QE2RQ4D",
    "BankWireRef": "Example123",
    "ModeRequested": null,
    "ModeApplied": "PENDING_RESPONSE",
    "FallbackReason": null,
    "EndToEndId": "3b891fba337d45ec874646ac48565964",
    "PaymentRef": null,
    "RecipientVerificationOfPayee": {
      "RecipientVerificationId": "123456789",
      "RecipientVerificationCheck": "MATCH",
      "RecipientVerificationMessage": "Account name fully matches account identifier."
    }
}

No match or match not possible

If the result of the VOP check is NO_MATCH or MATCH_NOT_POSSIBLE, then the behavior will be as follows.

Before Oct 9, 2025

Before Oct 9, 2025, the payout will continue as normal. The NO_MATCH or MATCH_NOT_POSSIBLE result will be returned in the RecipientVerificationOfPayee object. This behavior serves as a warning: NO_MATCH result means your platform should inform the user that their payment may not reach its intended payee. In these cases, the user should check their account details and re-register the Recipient if necessary.

After Oct 9, 2025

Mangopay has sent a contract amendment to platforms that offer User-Owned Accounts to their users.

If amendment signed

If the amendment is signed, from Oct 9, 2025, the behavior will stay the same: the payout will continue and the NO_MATCH or MATCH_NOT_POSSIBLE result will be returned in the RecipientVerificationOfPayee object.

If amendment not signed

Until the amendment is signed, from Oct 9, 2025, payouts will fail if the VOP result is NO_MATCH or MATCH_NOT_POSSIBLE. While the POST Create a Payout endpoint will return a 200 OK response, the payout will subsequently fail with the ResultCode 008500Transaction blocked by Fraud Policy. Once the amendment is signed, the block will be lifted.
Note – Block only applies to UO account holdersThe block will be applied to users who hold a User-Owned Account. For these users, all payouts will be blocked regardless of which wallet they are debited from (determined by the owner of the payout’s BankAccountId).The block will also only apply to EUR payments via SCT and SCT Inst.Payouts authored by users without User-Owned Accounts will not be VOP checked and not be blocked because of VOP.On Recipients, VOP checks are applied and available to all platforms, regardless of whether they offer User-Owned Accounts or not.

Testing

In Sandbox, Mangopay provides testing data to allow you to simulate different VOP results when you call POST Create a Recipient.
Note – You must use test data to simulate VOP checkMangopay does not perform VOP checks in Sandbox, so you must use the test IBANs and account names below to simulate the different responses.In Sandbox, any Recipient (or legacy Bank Account) created with a different IBAN and account holder name combination always returns MATCH_NOT_POSSIBLE, and the RecipientVerificationId is null, indicating that the check was not attempted.
Tip - Try in PostmanMangopay’s Sandbox API collection contains a dedicated Recipients VOP testing folder with the VOP testing data ready for you to see how it works. For more about setting up your Postman environment, see the Postman guide.

FR business recipient

IBANBusinessNameVOP result
FR7630001007941234567890185EuroCorpMATCH
EuroCarpCLOSE_MATCH
Any other valueNO_MATCH
Insert the data above in the relevant fields when you call POST Create a Recipient, ensuring you follow the schema for a LocalBankTransfer payout method with the Country set to FR and the Currency in EUR.

API request

{
    "DisplayName": "EuroCorp EUR FR account",
    "PayoutMethodType": "LocalBankTransfer",
    "RecipientType": "Business",
    "Currency": "EUR",
    "Country": "FR",
    "Tag": "Created using the Mangopay API Postman collection",
    "RecipientScope": "PAYOUT",
    "BusinessRecipient": {
        "BusinessName": "EuroCorp", 
        "Address": {
            "AddressLine1": "6 rue de la Cité",
            "AddressLine2": "Appartement 3",
            "City": "Paris",
            "Region": "île-de-France",
            "PostalCode": "75003",
            "Country": "FR"
        }
    },
    "LocalBankTransfer": {
        "EUR": {        
            "IBAN": "FR1420041010050500013M02606"
        }
    }
}

API response

{
    "Id": "rec_01K6CYKD6MW45X0TFXS8GSMNWH",
    "Status": "PENDING",
    "CreationDate": 1759223854,
    "DisplayName": "EuroCorp EUR FR account",
    "PayoutMethodType": "LocalBankTransfer",
    "RecipientType": "Business",
    "Currency": "EUR",
    "Country": "FR",
    "UserId": "user_m_01K6ATMK6BA01BHGF14P7M1Q95",
    "RecipientScope": "PAYOUT",
    "Tag": "Created using the Mangopay API Postman collection",
    "BusinessRecipient": {
        "BusinessName": "EuroCorp",
        "Address": {
            "AddressLine1": "6 rue de la Cité",
            "AddressLine2": "Appartement 3",
            "City": "Paris",
            "Region": "île-de-France",
            "PostalCode": "75003",
            "Country": "FR"
        }
    },
    "LocalBankTransfer": {
        "EUR": {
            "IBAN": "FR7630001007941234567890185",
            "BIC": "BDFEFRPPCCT"
        }
    },
    "PendingUserAction": {
        "RedirectUrl": "https://sca.sandbox.mangopay.com/?token=sca_019999e9b6f97eb49e77af2505f5a816"
    },
    "RecipientVerificationOfPayee": {
        "RecipientVerificationId": "383db3d8-2bdd-480d-bed8-28bf5be275a9",
        "RecipientVerificationCheck": "MATCH",
        "RecipientVerificationMessage": "Account name fully matches account identifier."
    }
}

DE individual recipient

IBANFirstNameLastNameVOP result
DE75512108001245126199JohnDoeMATCH
JohnDaeCLOSE_MATCH
Any other valueAny other valueNO_MATCH
Insert the data above in the relevant fields when you call POST Create a Recipient, ensuring you follow the schema for a LocalBankTransfer payout method with the Country set to DE and the Currency in EUR. Follow the examples below.

API request

{
    "DisplayName": "John Doe EUR DE account",
    "PayoutMethodType": "LocalBankTransfer",
    "RecipientType": "Individual",
    "Currency": "EUR",
    "Country": "DE",
    "Tag": "Created using the Mangopay API Postman collection",
    "RecipientScope": "PAYOUT",
    "IndividualRecipient": {
        "FirstName": "John",
        "LastName": "Doe",
        "Address": {
            "AddressLine1": "Oranienburger Str. 87",
            "City": "Berlin",
            "PostalCode": "10178",
            "Country": "DE"
        }
    },
    "LocalBankTransfer": {
        "EUR": {        
            "IBAN": "DE75512108001245126199"
        }
    }
}

API response

{
    "Id": "rec_01K6CYKD6MW45X0TFXS8GSMNWH",
    "Status": "PENDING",
    "CreationDate": 1759223854,
    "DisplayName": "EuroCorp EUR FR account",
    "PayoutMethodType": "LocalBankTransfer",
    "RecipientType": "Business",
    "Currency": "EUR",
    "Country": "FR",
    "UserId": "user_m_01K6ATMK6BA01BHGF14P7M1Q95",
    "RecipientScope": "PAYOUT",
    "Tag": "Created using the Mangopay API Postman collection",
    "BusinessRecipient": {
        "BusinessName": "EuroCorp",
        "Address": {
            "AddressLine1": "6 rue de la Cité",
            "AddressLine2": "Appartement 3",
            "City": "Paris",
            "Region": "île-de-France",
            "PostalCode": "75003",
            "Country": "FR"
        }
    },
    "LocalBankTransfer": {
        "EUR": {
            "IBAN": "FR7630001007941234567890185",
            "BIC": "BDFEFRPPCCT"
        }
    },
    "PendingUserAction": {
        "RedirectUrl": "https://sca.sandbox.mangopay.com/?token=sca_019999e9b6f97eb49e77af2505f5a816"
    },
    "RecipientVerificationOfPayee": {
        "RecipientVerificationId": "383db3d8-2bdd-480d-bed8-28bf5be275a9",
        "RecipientVerificationCheck": "MATCH",
        "RecipientVerificationMessage": "Account name fully matches account identifier."
    }
}

Technical error cases

The following IBANs allow you to simulate error cases with any account holder name.
IBANVOP resultDescription
FR1420041010050500013M02606MATCH_NOT_POSSIBLESimulates a technical error. A RecipientVerificationId value is returned, which generally indicates that Mangopay was able to attempt the check but that a technical error occurred.
FR7630006000011234567890189MATCH_NOT_POSSIBLESimulates a PSP not responding, with delayed response. The RecipientVerificationId is null, which generally indicates that Mangopay was not able to attempt the check.

View a Recipient

If you use the testing data above, the GET View a Recipient returns the VOP check that was performed at creation, with the same RecipientVerificationId. Otherwise, in Sandbox, the GET View a Recipient for a legacy Bank Account or Recipient created before VOP always returns:
Recipient or Bank Account not using test data
    ...
    "RecipientVerificationOfPayee": {
        "RecipientVerificationId": null,
        "RecipientVerificationCheck": "MATCH_NOT_POSSIBLE",
        "RecipientVerificationMessage": "Account name could not be verified. Payment made to this account may not reach its intended counterparty."
    }
    ...
In Production, Mangopay will perform a VOP check on all active Recipients and legacy Bank Accounts (unless one was already performed at creation or retrieval). The check result is returned on the GET View a Recipient (but not the legacy GET View a Bank Account).

Payouts

If you use the testing data above, the POST Create a Payout returns the VOP check that was performed at recipient creation, with the same RecipientVerificationId. Otherwise, in Sandbox, the POST Create a Payout returns a nulled object:
Payout created with Recipient not using test data
    ...
    "RecipientVerificationOfPayee": null,
    ...
I