Bank Account Verification API — Penny Drop vs Name Match
Before you can credit a customer’s bank account — payroll, refund, creator
payout, NBFC disbursal — you need to verify the account exists and
belongs to them. Three API methods dominate in India: penny drop,
name match, and UPI-VPA verification. They differ sharply on
cost, latency, UX, and compliance fit. This guide compares them and shows how
to integrate each via the NxtBanking API.
1. Why verify at all?
- Cost of failure. A wrong-account credit costs ₹100–₹500 in reversal fees and 3-7 days of customer support time.
- Fraud. Someone submits a beneficiary account they don’t own, hoping you’ll credit it. Verification raises the cost of attack.
- Compliance. RBI’s PA-PG and PPI master directions require KYC-grade name-match before routine large-value credits.
2. Method A — Penny Drop
Send ₹1 to the target account via IMPS / NEFT, then read the beneficiary
name that comes back in the bank’s credit confirmation. The response includes
the account holder’s registered name exactly as the bank has it.
Pros: ground truth — the credit only settles if the account
exists and accepts deposits. No ambiguity.
Cons:
- Cost: every verification actually transfers ₹1, plus transaction fees (typically ₹1–₹5).
- Latency: 3–15 seconds typical; up to 2 minutes in edge cases.
- UX noise: the customer’s counter-party sees ₹1 credited to them.
curl -X POST "https://api.nxtbanking.com/verify/v1/penny-drop"
-H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{
"account_number": "50100123456789",
"ifsc": "HDFC0000001",
"expected_name": "Ravi Kumar"
}'
# =>
# { "status": "VERIFIED",
# "returned_name": "RAVI KUMAR",
# "match_score": 0.98,
# "ref_id": "pd_17abc...",
# "txn_cost": 1.00 }3. Method B — Name Match (pull-based)
The bank / verification provider looks up the account without moving any
money and returns the registered name. This is the cheapest and fastest option,
but its availability depends on the account’s bank — some banks won’t expose
the lookup at all.
Pros: ~₹0.20–₹1.00 per call, 200–800 ms latency, no customer-side
side-effect.
Cons:
- Not universally supported — coverage varies by bank.
- Doesn’t prove the account accepts credits (frozen / dormant accounts still return a name).
curl -X POST "https://api.nxtbanking.com/verify/v1/name-match"
-H "Authorization: Bearer $TOKEN"
-H "Content-Type: application/json"
-d '{ "account_number":"50100123456789",
"ifsc":"HDFC0000001",
"expected_name":"Ravi Kumar" }'
# =>
# { "status": "VERIFIED",
# "returned_name": "RAVI KUMAR",
# "match_score": 0.98,
# "latency_ms": 410 }4. Method C — UPI VPA Verification
Validates a VPA (ravi@okhdfc) and returns the registered name
of the PSP-side account holder. Costless on most networks, sub-second, and
customer-friendly because customers already remember their VPA.
Pros: Near-free, sub-second, works for any UPI-enabled
individual.
Cons:
- Doesn’t work for non-UPI accounts (current accounts of firms, some NRO, etc.).
- Name fidelity depends on the PSP; PhonePe returns full name, some return a truncated string.
curl -X POST "https://api.nxtbanking.com/verify/v1/vpa"
-H "Authorization: Bearer $TOKEN"
-d '{ "vpa":"ravi@okhdfc", "expected_name":"Ravi Kumar" }'
# =>
# { "status": "VERIFIED",
# "returned_name": "Ravi Kumar",
# "match_score": 0.99 }5. Side-by-side comparison
| Dimension | Penny Drop | Name Match | UPI VPA |
|---|---|---|---|
| Cost per call | ₹1 + fees | ₹0.20 – ₹1 | ₹0 – ₹0.50 |
| P50 latency | 3–8 s | 400–800 ms | 200–500 ms |
| P99 latency | 30–120 s | 2 s | 1 s |
| Account coverage | All IMPS-enabled | Varies by bank | UPI-enabled only |
| Proves accepts-credits? | Yes | No | No |
| Customer-side side-effect | ₹1 credit visible | None | None |
| Best for | First-ever payout | High-volume recurring | Individual payouts |
6. How to combine them
In production we recommend a tiered approach:
- Try UPI VPA first (cheapest, fastest).
- If no VPA provided, try Name Match (if the target bank supports it).
- Fall back to Penny Drop for first-time beneficiaries, large amounts, or banks without name-match coverage.
- Cache verified (account, IFSC, name) triples for 90 days to avoid re-charging per payout.
7. Name-match fuzzy logic
Returned names rarely match submitted names character-for-character. You
need fuzzy matching. Our reference scorer uses:
- Unicode normalisation + case folding
- Remove honorifics (MR, MS, DR, SHRI, SMT)
- Tokenise and allow word-order permutation
- Levenshtein distance < 2 for each token
- Score = matched_tokens / max(tokens_in_a, tokens_in_b)
A threshold of 0.7 empirically balances false-accept vs false-reject for
Indian names. Log the raw returned_name + computed score for every call to
enable post-hoc threshold tuning.
8. Compliance considerations
- Store only the hash of the account number in your logs; the plaintext belongs in encrypted storage only.
- Returned PII (names) counts as sensitive personal data under DPDP Act; apply purpose limitation + retention caps.
- For beneficiaries >₹50,000 / month aggregate, run a full KYC cycle — verification alone is not KYC.
9. Production checklist
- ☐ Tiered provider (UPI → Name-match → Penny-drop)
- ☐ 90-day verified-cache table
- ☐ Fuzzy-match scorer with tunable threshold
- ☐ Metrics: verification-success-rate by method, cost per verified-beneficiary
- ☐ Alert on name-match-score distribution shift (indicates provider regression)
- ☐ Monthly reconciliation of penny-drop ₹1 credits vs accounting ledger