Max
pajOwO 
i'm surprised to have seen no discussion so far about the fact that all european banks will start massively leaking trans peoples deadnames in october. so let's change that! (𧾠thread with more information)
quick note to start: this is just my understanding from reading the epc documents on vop. this is glossing over a lot of detail. i might make mistakes, if they are relevant to the larger message, please correct me in a reply.
starting october 2025 banks taking part in sepa (aka all banktransfers between european banks) need to perform verification of payee (vop).
verification of payee means that if you ("requester") send money to someone your banks checks in with the bank of the person you're sending money to ("payee") and tells you if the name you entered matches the iban. a simple check to make sure you're not sending money to the wrong person, right?
well not so much for people who use another name than their legal name, for example many trans people. every time someone tries to send them money, a warning is shown that the names do not match. so you either have to give people your deadname or at least out yourself and warn them beforehand that this will happen. but it gets even worse!
because your bank not only tells you whether the name you entered is correct or not. if the name you entered is close enough to the name associated with the iban ("close match"), you also get told that name. great if you mistyped, but horrible if your legal name should stay private!
but what qualifies as a "close match"?
the european payments council (who make the rules for this) leave that to the banks to decide for themselves, so the real implementation might differ. but they give some guidance on how these rules should look.
so if your bank account is registered to your deadname (which often is the case), all someone has to know (or guess) is your last name and the initial of your legal name. since the last name might very well be public, this takes a bad actor at most 26 tries.
and if your legal name is close enough to your real name (or has the same initial), it might even be shown to everyone sending you money.
this is the part of the thread where i would like to offer some hope or solutions on how people can protect themselves. but i don't know any. so if you have good solutions that work for most people or know how to prevent a specific bank from leaking that information, please add a post to this thread :)
Someone was so kind to play around a bit with their banks implementation and reported the following:
> ⢠It depends on the recipient's bank. (I've seen different behaviours from the same source to different destinations.)
> ⢠Some banks suggest "Jane Alice Doe" when just given "Doe", others will report no match for "Doe" but provide the full name when given "J. Doe".
> ⢠For shared (spouse) accounts, "Smith" got no match, "A. Smith" got "Adam Smith" and "E. Smith" got "Eve Smith".
>>>
> ⢠It depends on the recipient's bank. (I've seen different behaviours from the same source to different destinations.)
> ⢠Some banks suggest "Jane Alice Doe" when just given "Doe", others will report no match for "Doe" but provide the full name when given "J. Doe".
> ⢠For shared (spouse) accounts, "Smith" got no match, "A. Smith" got "Adam Smith" and "E. Smith" got "Eve Smith".
>>>
> ⢠The banks that require an initial seem to only apply the initials matching for "J. Doe", not "J Doe".
> ⢠In the cases where I was able to test it, I could omit up to two letters before failing the match. ("Andr Jones" â "Andrea Jones", "And Jones" â no match)
this matches up with what I saw with my bank
Zora@pajowu i player a bit around, too.
With all three of my banks accounts just the surname is sufficent for a close match.
Any of my first names (also multiple if them and regardless of order) together with the surname gives an exact match.
On the shared account with my spouse, the last name gives a close match with their name (potentially because their name is lexographically smaller(?)).
A close match always leaks the full name including all first names.
With all three of my banks accounts just the surname is sufficent for a close match.
Any of my first names (also multiple if them and regardless of order) together with the surname gives an exact match.
On the shared account with my spouse, the last name gives a close match with their name (potentially because their name is lexographically smaller(?)).
A close match always leaks the full name including all first names.
spooky Ske-Lil-ton đŚ@pajowu one of my banks (Sparkasse) told me that they only check that for Girokonten, not for any other accounts (which matches the EU guidelines iirc)
So giving out the IBAN of other account types (like Tagesgeldkonto in Germany) could maybe help with keeping your deadname from being leaked
So giving out the IBAN of other account types (like Tagesgeldkonto in Germany) could maybe help with keeping your deadname from being leaked
@pajowu do we know who (sending bank or receiving bank) checks for the differences between the "official account holder name" and the name used as the recipient of the transaction?
(i.e. does the receiving bank always send out the full name and tells the receiving bank to do the check and show the fitting message?
Or does the receiving bank get a name from the sending bank and does the checks and then either sends back "no match", "near match, <official name>" or "match"?)
(i.e. does the receiving bank always send out the full name and tells the receiving bank to do the check and show the fitting message?
Or does the receiving bank get a name from the sending bank and does the checks and then either sends back "no match", "near match, <official name>" or "match"?)
@pajowu I think that would be relevant if specific people with accounts at specific banks want to know in which case their "passport name"/possible deadname gets leaked
@pajowu the diagram above makes it look like the bank that will be sending the money only receives the matching result (so no name at all in the case of "no match"), but I'm not sure if that diagram is that precise?
That would mean, that the bank where the account is handles the matching. Meaning my name would always be leaked in the same cases and that it would not depend on the bank that is used to send me money
(Which also seems like the more sensible implementation)
@Larymir yes, that's correct
@pajowu ah, great!
This means it's easy to create an overview how different banks do those checks and then people can at least try to minimize the risk of leaking names they don't want leaked
(We just need somebody with a Girokonto account at that bank who is willing to try that out and then provides the results)
It still sucks that this is necessary. But at least that's better than the bank who sends the money being relevant for the behavior
@Larymir the matching happens at the receiving bank.
Xayo@pajowu also matches my experience âŚ
- initials get completed, but only with a trailing dot
- if both chosen and dead name are present and start with the same initial, deadname is preferred
- with multiple first names, one seems to be enough to get them all
- last name alone isn't enough
- it all depends on the receiving bank â one didn't implement it (yet), so every attempt at validation simply gave an error
- the way other account types are implemented varies from bank to bank
it is a mess.
see https://toot.kif.rocks/@xayomer/115322004852978383 and https://toot.kif.rocks/@xayomer/115322620061011981
floy
inactive â-707570-aurora@pajowu they do allow "Complaint on the schemes" in their contact form:
https://www.europeanpaymentscouncil.eu/contact
Wrote a few lines about the danger for trans people specifically, both mentally and physically, and that I'm disappointed that this seemingly was not thought of.
Casey@pajowu Whatâs your understanding of whether secondary names may also be leaked when either one of multiple given/chosen names are entered correctly?
Mitsunee@pajowu I feel like I'm somewhat mostly dodging this by getting my name change done about a month after coming out (I already declared intent to make use of SBGG in March, so the 3 months waiting period are over already, just couldn't get an earlier appointment sadly) and my new name is a shortened version of my old name, so even if, I don't really care too much about my deadname being out there and I should be able to get things changed soon enough.
terru@pajowu fwiw i asked my bank about this, and they offered to add my usual name to what they use to do the matching so both should be allowed now. I guess we'll see how well that works in October đ
lenchen unsustainable@pajowu
at least in germany there were banks that allow name/gender change with a dgti supplemental id, but that was pre sbgg, not sure if they still handle it the same way now, but may be worth looking into
wouldn't solve the leaking problem, but at least the deadnaming problem i think? (only germany, and not certain)
trisscĚhen@therealkuu @pajowu also only some banks
Keith Wansbrough@pajowu no solutions, but this has been the case in the UK for at least a few years now, so there should be actual experience reports
moanos
GLS BankThe legislation aims to prevent money laundering, but we are currently unable to say how this applies to dead names.
Self-Censored Fake Girl@pajowu does that also happen after one changes their legal name?
Oomfie Snoofies@littlerao @pajowu no. if the bank has had notice and they changed your name in their systems, this should not happen
xenia@pajowu i read through it, when my bank send info, came to same conclusions and made a mental note to at least write a blog post for queer lexikon blog. i hope I'll find the time, there are lots of things going on atm.
Arian@pajowu dutch banks already started. Can already get anybodys deadname by just filling in any name in bank app and it autocorrects to the recipients name
@pajowu the German GLS Bank is working to fix this for their customers: https://ruhr.social/@glsbank/114980625300454665
GLS Bank (@[email protected])
Attached: 1 image đ˘ Ab 9. Oktober 2025 gilt in der EU: Bei Ăberweisungen mĂźssen Name und IBAN des Empfängers exakt Ăźbereinstimmen, wie im Pass oder Firmenregister angegeben. Banken prĂźfen dies vor Freigabe, die zahlende Person wird informiert und kann entscheiden, ob die Zahlung erfolgt. Problematisch ist die Regelung fĂźr Menschen mit Ergänzungsausweis, da der Passname (Dead Name) verwendet werden muss. Wir sind uns der Problematik bewusst & arbeiten mit unseren Dienstleistern an einer LĂśsung. đłď¸âđ #GLSBank
210561 ⨠[Q]@pajowu this toot is so misleading as to be misinformation
@q @kouett so your criticism is that i said âmassivelyâ instead of âunder certain circumstances, which might either be always or never, depending on the person, bank, and malicious intentionsâ?
Additionally: very similar names are not uncommon; at least according to the EPC âinitial + surnameâ may be enough for a close match, which takes 13 tries on avg to guess if you know the surname (likely if you have the chosen name)
ERRORSMITH
MattisCB@pajowu First of all, No names are leaked. The payer is notified if the name he already knows is correct, partially correct or wrong. Abbreviated names are reported as correct. (So maybe giving a name like K.Miller to anyone transferring money to your account may help) One of multiple names is reported as correct. Direct debit (sepa Lastschrift) is not name checked.
@MattisCB wrong. if a name is partially correct (âclose matchâ) the name the payees bank has on file is returned as well and shown to the user sending money. direct debit is just not an option for me receiving money, how would that work?
@pajowu I doubt that because the information the banks gave our company says otherwise. It would also defeat the purpose of name checks. no correct name will or should be transmitted. Since the whole thing hasn't even started I can't tell you how it will be in practice. Companies will be offered the option to skip the name check for quite some time. When we send you money we have your legal name on file anyway.
@MattisCB have you actually read the thread?
Yes, if itâs a full match, the name will not be transmitted. If itâs a close match, it will. The information on how the process in general will look like are already public, as this is a european banking standards, already active in some countries and many bank already provide information on that.
Companies arenât the only problem, individuals are too. it being optional changes nothing since thatâs in control of the sender, not the payee
@MattisCB âWhen we send you money we have your legal name on file anyway.â is just wrong in so many cases as well. Most of the people and companies sending me money donât. Why would they?
@pajowu because we base the transfer of money on contracts. I cannot for the life of me think of a transaction where someone send me money not knowing who I am. In my whole life. Can you give any example? Before SEPA recipient names were always checked in Germany.
@MattisCB basing it on contracts doesnât mean you know the legal (meaning government) name.
I never said not knowing who you are. I said: not knowing the name your bank account is registered on. One example (from the thread): trans people.
You can start using a chosen name nearly everywhere without changing your legal name. only at very few places you canât: government entities (health insurance, passport, âŚ), banks and phone providers. Work contracts, invoices, ⌠are all possible without
@pajowu the contracts where people sent me money to my bank account are: Appartment Rent, Work, bank accounts, mortgage. Rest assured I had to show my ID for all of them. None of these I could have signed under a chosen name. An eBay sale here and there I might have gotten away with giving a wrong account owners name. But these days who uses bank accounts for that? Everyone uses faster services like PayPal or Venmo. Maybe your chosen names has the same initial . Use that and you are fine.
@pajowu or change your name legally, then your deadname is legally dead. Let me cut that discussion short: I promise I will tell you what we at work get returned from the bank the very first time we have a partial match. (My guess is this will be an Arabian name, but technically that's no different. )
ubahnverleih@ubahnverleih @pajowu didn't say "just". Pajowu is in Germany. It's possible and like everything with authorites it's a hassle. Is the name important? Then take effort to go through the process. Nothing will be revealed through this name check is what Sparkasse told my company when asked we explicitly asked how this will be handled. In batch transfer we can only decide to transfer all money or none if there are wrong names. We will have to ask our clients for the correct names ourselves.
@MattisCB @pajowu The issue is an EU wide issue and @pajowu wanted to raise attention to this not just for her.
And no, itâs wrong that are nothing will be revealed through the name check. On close matches the name of the account holder will be returned. It might be, that Sparkasse is not able to handle close matches in bulk transfers. But in general names will be revealed to the sender on close matches.
And no, itâs wrong that are nothing will be revealed through the name check. On close matches the name of the account holder will be returned. It might be, that Sparkasse is not able to handle close matches in bulk transfers. But in general names will be revealed to the sender on close matches.
@ubahnverleih @pajowu We'll see. That's what I told pajuwo. In my experience SEPA regulations are handled very loosely. Most banks will not reveal names just to make sure they don't get into trouble over GDPR rules. And just telling the sender ther has been no or only a partial match is the minimum the can be forced to do so that's what they will do. (Spoken From my experience with past SEPA regulations)