Confirmation of Payee (CoP) is an account verification service that checks whether the account name provided by a payer matches the name held by the receiving bank before a payment is made.

CoP helps prevent:

Misdirected payments
Payments fraud and scams
Data entry errors when adding a new payee bank account

CoP is an industry-wide initiative led by Australian Payments Plus (AP+) and is implemented by most banks in Australia. Zai supports CoP as a CoP Data Requestor so that platforms can verify account name details at the point a payee bank account is created, and incorporate the result into their onboarding, review and payout workflows.

For more information about Confirmation of Payee at the scheme level, see auspayplus.com.au/solutions/confirmation-payee.

Overview

Zai's CoP Account Verification solution extends the existing bank account workflow to meet CoP Data Requestor requirements. The Bank Account API has been enhanced to support account name matching for CoP, returning real-time matching results that guide your platform on whether to proceed with payments or verify details with the end user.

Why use CoP?

CoP enhances payment security and user confidence by verifying beneficiary details in real time.

Key features

Account name matching. Confirms the entered account name, BSB and account number against the records held by the receiving bank, to verify the payee is the intended person or business.
Real-time verification. Runs an instant check when a new payee bank account is created.
Match outcome responses. Returns a clear result — Match, Close Match, Weak Match, No Match, Account Closed, Account Not Found, Not Enough Info, or Error — to help you decide whether to use the account for payments.
User decision support. Provides information so you can decide whether to use a bank account for payouts. Zai does not automatically block payments based on the CoP result alone.

Key benefits

Fraud prevention. Helps reduce authorised push payment (APP) scams.
Error reduction. Minimises incorrect account transfers caused by typos or out-of-date details.
Improved trust. End users feel more confident sending payments.
Regulatory and industry alignment. Supports the AP+ CoP scheme and broader payment safety initiatives.

How CoP works

When a new payee bank account is created via Zai's Bank Account API, Zai automatically performs a CoP lookup using the supplied account name, BSB and account number. The result is returned on the bank account record via the API response and via your configured webhook.

Step-by-step flow

User creates a Bank Account with:
- User ID
- Bank Name
- Account Name
- routing_number (BSB)
- Account Number
- Account Type
- Holder Type
- Country
- Currency
Verification request sent. Zai automatically calls the CoP Account Lookup.
Name matching performed. Zai's CoP service provider returns the Account Lookup response.
Matching result returned. Account verification information, including the CoP match result, is returned on the GET Bank Account API response. A webhook notification is also sent once the CoP match result is received.
Customer decision. Your platform confirms whether to use the bank account for payouts based on the result, and decides how to present the outcome to the end user.

📘
Note
CoP runs automatically when a payee bank account is created. Existing seller wallet accounts and historical bank accounts are not re-verified unless they are re-created or updated through your integration.

Prerequisites

Before implementing CoP Account Verification, ensure you have:

A Zai account with Account Verification enabled — contact Support.
OAuth2 authentication implemented — see the Authentication Guide.
Webhooks configured — see the Webhook Guide.
Users created in Zai.
Sandbox access via dashboard.hellozai.com.

Quick start

1. Create a user

curl -X POST https://test.api.promisepay.com/users \
  -H "Authorization: Bearer {oauth_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "seller_456",
    "first_name": "Jane",
    "last_name": "Smith",
    "email": "[email protected]",
    "country": "AUS"
  }'

2. Create a bank account

Creating a bank account automatically triggers a CoP lookup.

curl --request POST \
  --url https://test.api.promisepay.com/bank_accounts \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --data '{
    "user_id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
    "bank_name": "Bank of Australia",
    "account_name": "Samuel Seller",
    "routing_number": "111123",
    "account_number": "111234",
    "account_type": "checking",
    "holder_type": "personal",
    "country": "AUS"
  }'

3. Retrieve the CoP matching result

curl --request GET \
  --url 'https://test.api.promisepay.com/bank_accounts/?include_decrypted_fields=false' \
  --header 'accept: application/json'

Example response

{
  "bank_accounts": {
    "id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
    "active": true,
    "created_at": "2020-04-27T20:28:22.378Z",
    "updated_at": "2020-04-27T20:28:22.378Z",
    "verification_status": "processed",
    "verification": {
      "verified_at": "2020-04-28T15:00:00.000Z",
      "verification_method": "COP",
      "result": {
        "match_result": "MTCH"
      }
    },
    "currency": "AUD",
    "bank": {
      "bank_name": "Bank of Australia",
      "country": "AUS",
      "account_name": "Samuel Seller",
      "routing_number": "XXXXX3",
      "account_number": "XXX234",
      "iban": null,
      "swift_code": null,
      "holder_type": "personal",
      "account_type": "checking",
      "direct_debit_authority_status": "approved"
    },
    "links": {
      "self": "/bank_accounts/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
      "users": "/bank_accounts/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/users",
      "direct_debit_authorities": "/bank_accounts/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/direct_debit_authorities"
    }
  }
}

📘
Polling tip
The CoP lookup is asynchronous. When a bank account is first created, verification_status will be in_progress until the check completes. Use the webhook event to react to the final result, and use the GET API as a fallback to poll the record.

API reference

Zai has extended the Bank Account APIs to provide additional CoP information once the account name matching lookup is triggered when a user creates a new bank account.

API field	Description	Type / values
`verification_status`	The status of the verification process. This does not indicate the outcome.	String (enum): `not_verified` — applies to records where the CoP check is disabled. `in_progress` — initial status for bank account records where CoP checks are performed. `processed` — the verification check is complete. Check the `verification` block for the result.
`verification`	The verification object. For bank account types this object is always present whether or not a result is available, so your integration logic can be consistent.	Object
`verification.verified_at`	The date and time the verification response was recorded.	String (ISO 8601 timestamp)
`verification.verification_method`	Identifier for how the account was verified.	String (enum): `COP` (Confirmation of Payee).
`verification.result`	The result of the verification.	Object
`verification.result.match_result`	Result code from the CoP lookup. Zai returns this code as it is provided by the CoP service.	String (enum). See Match result codes below.

Match result codes

The verification.result.match_result field returns one of the following codes once verification_status is processed. Recommended actions reflect AP+ scheme guidance and the Zai user guide; how the result is applied within your payout flow remains your decision.

Code	Meaning	Recommended action
`MTCH`	Match Confirmed	The account name matches what is stored. The bank account can be used to process payments.
`MTCO`	Match Observed	The account name matches what is stored. The bank account can be used to process payments.
`CMTC`	Close Match Confirmed	The account name closely matches the stored data. The bank account can be used to process payments.
`WMTC`	Weak Match Observed	The account name only partially matches the name on file. Verify the account details with the customer.
`NMTC`	No Match Confirmed	The account name does not match the records on file. It is recommended to verify the account details.
`NMTO`	No Match Observed	The account name does not match the records on file. Verify the account details with the customer.
`NINF`	Not Enough Info Observed	There is insufficient information to confirm whether the account name matches. Verify the account details.
`NFND`	Account Not Found	No account was found. Verify the account details with the customer.
`CLSD`	Account Closed	The account is already closed. Do not process the payment and request new bank account details from the customer.
`ERRR`	Error / Opt-out	The account cannot be confirmed. Verify the account details with the customer.

Customer experience requirements

The following CX requirements come from the AP+ CoP CX Guidelines and apply to any organisation using Zai's CoP service for lookups. Zai returns the raw match result; you are responsible for the end-user experience. Please reach out to us for more details.

Error handling

The CoP lookup can return transient errors when the verification service is unavailable, when account details are invalid, or when the receiving bank is not supported.

Common scenarios

Timeout from the verification service.
Invalid account details.
Unsupported bank.

Example error response

{
  "error": "verification_unavailable",
  "message": "Unable to verify account at this time."
}

When a transient error occurs, the bank account record remains in in_progress. Your integration should:

Wait for the webhook event with the final verification result, or
Re-query the bank account record via GET.

If the receiving bank cannot perform the CoP check, the lookup may return ERRR. Treat this as "unable to confirm" rather than a positive or negative match.

Support

Documentation: developer.hellozai.com
Support email: [email protected]
Dashboard: dashboard.hellozai.com
Status page: Monitor API status and incidents at status.hellozai.com.

FAQs

Can I choose not to use this?

While it is not currently mandatory for business customers to use the results, we strongly encourage you to use this data as a measure to prevent scams and fraud.

Can I apply this to a segment of clients only, rather than a blanket approach?

CoP will be made available to all customers. You can determine how to utilise the result within your own onboarding and payout workflows.

What do we need to do on our end?

We strongly recommend utilising the additional data available through the API when a bank account is added, so you can take any further actions required by your own operational and risk processes. You should also implement the customer experience requirements set out in the Customer experience requirements section.

Will it affect payouts to my existing seller wallet accounts?

No. There is no requirement or obligation to block any payouts. The CoP matching result is intended to guide your decision on whether to proceed with using the bank account for payouts. Existing bank accounts are not re-verified unless they are updated or re-created through your integration.

Could Zai support us in uplifting our integration to support CoP?

Yes. Zai can provide consultation on how best to use this data. We will also share UX guidelines as required by AP+ alongside this developer guide.

What happens if we do not make these changes by Zai's recommended date?

This change is not mandatory. However, we recommend using this API as a measure to help prevent fraud and scams.

Does CoP automatically block a payment?

No. Zai returns the CoP match result as a decision-support signal. You decide how the result is used in your payout flow.

What does each match result code mean and what should I show the end user?

See Match result codes for the codes and Customer experience requirements for the mandatory and recommended messaging by outcome.

What happens if the verification service is unavailable?

The bank account record will remain in_progress and Zai may return a transient error (for example, verification_unavailable). Your integration should wait for the webhook event or re-query the bank account record before assuming any outcome.

Where can I find the AP+ CX Guidelines?

Zai will share the current AP+ CoP CX Guidelines alongside this developer guide. Please contact your Zai account manager or [email protected].