When it comes to VOP, creating a seamless and secure customer experience is a delicate balance between protecting the users from fraud and ensuring a frictionless experience. Banfico has outlined the customer experience principles and essential DOs & DON’Ts that PSPs should consider when updating their customer channels. These guidelines are expected to help the VOP participants deliver a trustworthy digital banking experience that meets modern customer expectations while maintaining robust security standards.
VOP Customer Experience Principles
The following principles shall be applied without compromising the fraud exposure and compliance to regulation:
- Design Excellence: Implement industry-standard UX practices for consumer applications while maintaining robust security measures
- Streamlined payment flow that reduces friction
- Clear Communication compliant with regulatory requirements and scheme guidance
- Priority to Performance: Optimise page loads & API calls, pre-validations where possible
- Explore options for improving customer confidence
Essential DO’s and DON’Ts
DOs:
- Use clear, simple, and easy-to-understand language but still legally appropriate
- Make sure the language is suitably translated based on the customer demographics
- Banks should do everything in their capacity to create awareness about the risks proceeding without a VOP match.
- Use appropriate symbols and color codes for messages. Examples:
- Red, Amber, and Green font colors for NO MATCH, CLOSE MATCH, MATCH
- Traffic Light icons
- The customer must be offered the right navigation options and must be made aware of the recommended next steps depending on the VOP response. Examples:
- Match – Continue/Cancel options with “Continue” highlighted in Green
- Close Match – Continue/Edit/Cancel options with the “Edit” option highlighted in Green
- No Match – Continue/Edit/Cancel options with “Continue” highlighted in Red
- No Result – Continue/Recheck/Cancel, with the “Continue” option highlighted in Red
- For ‘Close Match’, ‘No Match’ & ‘Not Applicable’ responses, an appropriate message complying with IPR Article 5(c) must be displayed.
- “Continuing with the payment may result in a misdirected payment or a Fraud and the bank may not be able to recover the funds”
- A second message reiterating the risk can be displayed and the user shall be forced to actively act/dismiss the warning if they want to proceed with a payment that was not a MATCH
- Robust error/exception handling that covers all scenarios in API documentation and also additional scenarios from RVM and EDS integration.
- Examples: Payee PSP is not live on EDS, ID Type unsupported by Payee PSP, RVM side payload validations, Bulk pre-validation failures, etc.
DON’Ts:
- Don’t use verbiage such as ‘fraud’ or ‘scam’ that may scare the customer
- Don’t use banking or VOP specific technical jargon {‘VOP’, ‘Payee’, ‘Payer’, ‘Authorise’, “PSP”, “Responder”, “API” etc.}
- Don’t include any verbiage around liability
- Don’t include verbiage implying that the Account Details entered by the user are incorrect
Who will be responsible for drafting CX guidelines?
From our inference, the EPC is not likely to deal with it. The local regional associations of banks, central banks, local schemes or even the RVM community (market working group) are likely to address drafting CX guidelines.
Let us Connect!
Want to know more about how we can help you improve your VOP security while maintaining a positive customer experience? Get in touch with Banfico or register for one of our breakfast events across Europe this February by using the link below.
Banfico periodically sends newsletters on various topics related to EPC Verification of Payee implementation. Visit this page to read the previous newsletters.