Table of Contents
The most important decision in Nordic payments isn't about the rails.
- Bridget Meijer
- Utrecht
When markets implement Verification Of Payee (VOP) bank-by-bank, they get partial protection. When they implement it as a country, they get infrastructure. The Nordics are at that fork in the road right now and the choice they make will define how well the region’s payment systems actually protect the people using them.
By Bridget Meijers, Director of New Markets, SurePay
The question behind the question
Every market implementing Verification Of Payee faces the same surface-level question: which banks go live, and when? It feels like a sequencing problem. A project management problem. Something to work through systematically, institution by institution, until coverage is complete.
It isn’t. It’s an architectural decision. And the difference between getting it right and getting it wrong isn’t visible until the fraud data comes in.
I’ve spent the past several years working with national payment associations and financial institutions across Europe to design and implement VOP schemes. The pattern is consistent enough to state plainly: markets that approach VOP as shared national infrastructure outperform markets that treat it as a bank-level feature. Not marginally. Significantly. And the gap widens over time.
Why partial coverage isn't just incomplete, it's counterproductive
The logic of a bank-by-bank rollout is intuitive. Start with the largest institutions, build momentum, let others follow. In practice, it creates a problem that undermines the entire purpose of the scheme.
Fraudsters do not respect bank boundaries. They operate across the entire payment ecosystem, and they are systematic about finding the institutions where verification isn’t in place. In a fragmented rollout, those institutions aren’t hard to find. They are simply the ones that haven’t gone live yet. The fraud that VOP prevents at one bank doesn’t disappear. It routes to the next weakest point.
This isn’t theoretical. It is the documented experience of early VOP implementations across Europe. Partial coverage creates uneven protection. Uneven protection creates exploitable gaps. And because instant payments are irreversible, the window for recovery once a fraudulent payment executes is narrow and expensive.
There is a further problem. When customers encounter VOP that only works for some payments, where checks return results for certain IBANs but not others, they lose confidence in the system. The hesitation that follows is its own risk. Either customers ignore VOP guidance because they don’t trust it to be complete, or they develop a false sense of security when a check does return a result. Both outcomes weaken fraud prevention at precisely the moment the system should be strengthening it.
Network effects are not a bonus. They are the mechanism.
VOP is not a product. It is a network. And networks follow a different logic to products.
When a single bank implements VOP, it gains coverage for payments sent to accounts at other participating institutions. Useful, but limited. As more banks join, the coverage doesn’t grow linearly, it grows exponentially, because each new participant increases the number of payment flows that can be verified across the entire network. At some point, coverage approaches completeness, and VoP stops being a feature that some customers experience and becomes a standard that all customers rely on.
That tipping point is the goal. And the speed at which a market reaches it is almost entirely determined by whether the rollout is coordinated at a national level or left to individual institutions.
In the Netherlands, where SurePay supported a broad, community-driven rollout from the outset, VOP reached systemic coverage early. It became a market-wide control rather than a bank-level differentiator. Fraud didn’t disappear. It never does. But, the ecosystem made it significantly harder to execute at scale, because there were no gaps to exploit. The network was the defense.
Markets that start fragmented rarely close that gap cleanly. The banks that move early have little commercial incentive to accelerate the participation of competitors. The banks that move late have little urgency until the regulatory deadline forces the issue. The result is years of partial coverage, during which fraud continues to route through the unprotected parts of the system, and the data that a complete network would generate. Data that improves matching accuracy, flags emerging fraud patterns, and strengthens the whole ecosystem…never gets built.
The governance question no one asks early enough
When markets approach VOP as a bank-level project, governance tends to follow the same fragmented logic. Each institution builds its own implementation, its own matching logic, its own customer messaging. The result is inconsistency that customers feel directly: different response types, different name matching behaviour, different guidance on what to do when a check returns a mismatch.
Standardisation matters for a reason that goes beyond user experience. When VOP behaves consistently across the market, customers learn to trust it. When it behaves inconsistently, they learn to second-guess it. The fraud prevention value of VOP depends not just on the technology working, but on customers actually acting on what it tells them. Consistency is what makes that possible.
A country or regional approach builds standardisation from the start. One rulebook. One response framework. One customer-facing language. Banks compete on the services they build on top of the infrastructure, not on the infrastructure itself.
This matters even more when you consider where VOP is going. The current mandate is name-to-IBAN matching. The direction of travel is richer verification: additional data fields, cross-border interoperability, integration with fraud intelligence signals that go beyond the payment itself. Markets that build on a fragmented foundation will face costly rework to align with those developments. Markets that build on a coordinated foundation will be able to upgrade once, for everyone, at a fraction of the cost.
What the Nordics need to decide now
The Nordic region is, right now, in the middle of a significant infrastructure transition. ISO 20022 migration is active across Sweden, Denmark, and Norway. The Nordic Payments Council launched a public consultation on its new Verification Of Payee scheme in March 2026. The regulatory deadline for non-euro EU members is 2027.
That combination of factors creates a window that will not stay open indefinitely. The decisions being made in the next twelve to eighteen months about how VOP gets implemented across the region will determine whether the Nordics end up with national infrastructure or a patchwork of bank-level solutions that will take years and significant cost to rationalise.
Denmark has already shown one path. Finance Denmark selected a national VOP provider ahead of the regulatory deadline and ahead of the NPC scheme publication. It is the first Nordic country to implement VOP at scale, and it did so through a coordinated, community-first model. The results will speak for themselves over time but the strategic logic was sound from the moment the decision was made.
The question for the rest of the region is straightforward. Norway and Sweden are not yet committed to a national approach. The NPC scheme creates the interoperability standard, but it does not determine how each market implements it. That choice still sits with the national banking communities and it is a choice that gets harder, not easier, to reverse once banks start building individual solutions.
The real question isn't whether to collaborate. It's whether to start now.
There is a version of this conversation that treats country-level coordination as the aspirational outcome — something to work toward once the banks have got their own implementations in order. That framing has the logic backwards.
Coordination is not the reward for getting implementation right. It is the precondition for getting implementation right. The fraud reduction, the network effects, the customer trust, the data quality. None of it materialises at scale without it.
The markets that have moved furthest on VOP are the ones that decided early that this was shared infrastructure, not competitive differentiation. The markets still catching up are the ones that didn’t.
The Nordics have the institutional instinct for this. The region built Swish, MobilePay, and BankID through exactly the kind of collective thinking that VOP requires. The cultural foundation is there. What’s needed now is the same decision, applied to the next layer.
The architecture starts with the choice. Make it a national one.
Bridget Meijers is Director of New Markets at SurePay, the leading Verification Of Payee platform relied upon by 250+ European banks to prevent fraud and misdirected payments. She works directly with national payment associations, financial institutions, and regulatory bodies to design and implement VOP scheme frameworks, and is currently active across multiple markets preparing for the 2027 mandate.
Start today.
Be sure who you pay.
Continue reading
The most important decision in Nordic payments isn’t about the rails.
VOP: Key Lessons Learned According to the CTO
How Fraud detection in the “Wild West” era was superior
How Bank Account Verification is the key to compliant & safe Instant Payments
Understanding IBAN-Name Check: What It Is and Why It Matters
Verification Of Payee in the EU: What it is, how it works, and how to prepare
What is SurePay and How Does It Work?
