Verification of Payee (VOP) is the process of confirming the recipient’s name and account details before the payment is executed. In an era where social engineering scams are practically a growth industry, VOP is a crucial line of defense against fat-finger errors and fraud.
Traditional finance has already been forced to care. VOP is mandatory under the European Instant Payments Regulation (IPR) for euro transactions, and non-euro countries are on the clock to comply by July 2027. When PSD3 and PSR kick in sometime in 2028, all fiat credit transfers in Europe are subject to VOP.
The plumbing is more or less in place. Heavyweights like SEPA (EU Verification of Payee), SWIFT and JPM / Kinexys are building pre-validation infrastructure, and payment institutions are adopting it globally.
For stablecoin payments, however, the VOP stack is yet to see the light of day.
The Broken Infrastructure of Crypto Compliance
In theory, Travel Rule networks should handle this. In practice, the Travel Rule market is fractured, interoperability is happening slowly, and stablecoin Payment Service Providers (PSPs) rarely practice pre-transaction workflows, even when the technology exists.
This makes provider-led payee verification nearly impossible for stablecoins. The result? A direct hit to both security and regulatory compliance.
But the alternative is in sight. By combining the decentralized ethos of digital currencies with emerging European digital identity (EUDI) frameworks, we can pivot to a model that actually works: VOP with verifiable credentials.
When in Doubt, Make the User Do It
When a beneficiary PSP cannot verify a payee’s identity data – and that is 100% the case for self-hosted wallets – the responsibility shifts to the user.
The workflow is straightforward, if tedious:
- Trigger: The payer gives the originating PSP the payee’s contact details (email or phone number).
- Ping: The PSP sends the payee a verification link.
- Proof: The payee undergoes a remote ID check using a selfie with an ID, eID, or sharing Personal Identification Data (PID) from the digital identity wallet.
- Claim: The payee declares ownership of the destination wallet address.
- Attestation:
- For self-hosted wallets, the payee proves control-of-wallet via a cryptographic signature or a micro-payment.
- For hosted wallets, the servicing VASP can validate custody and wallet ownership data.
- Certification: Based on the available attestation, CryptoSwift can act as an issuer and generate a credential stored in the user’s digital identity wallet.
- Match: The originating PSP verifies that the intended recipient’s name matches the newly validated data.
- Bonus content: In case the payee is a business, the PSP can request KYB and Right of Representation data.
While this includes quite some heavy lifting, this process solves two problems at once. Beyond verifying the payee, it collects the missing Travel Rule data already required under the Transfer of Funds Regulation (TFR).
Even better, the workflow can be reversed to verify the payer for incoming transactions.
Enter Reusable KYW Certificates
Asking a user to jump through these hoops for every single transaction is a spectacular way to kill conversion rates. Nobody wants to take a selfie just to split a dinner bill in USDC.
This is why CryptoSwift is introducing reusable KYW certificates.
While the liable PSP still decides when user-led VOP is required and how often it is renewed, the user retains control over how their KYW certificate is accessed. Once created, the user can consent to ad hoc verifications or broader reuse across multiple payments and even different PSPs.
If a user consents to share data from a previous verification, PSPs can simply query the certified data directly from CryptoSwift. The user avoids the paperwork, the PSP satisfies the regulators, and payments actually go through without friction.