What I was getting at is the following
(This is in the UK)
Up to now you entered up the account No, the sort code and the name into your online banking to set up a new payment.
The names are not checked due to the number of possibly variations.
The online screen currently just responds saying this is destination is an account at XXX bank and goes on to some additional security measures you have to pass (text, sms auto phone call etc) before the payment is set up.
Post 2018 what you will get back real time on the screen is
This destination account to which you are setting up an online payment is in the name of...... for example Mr & Mrs JP Jones at Natwest Bank.
So you have another chance to make sure the end destination is really the person you want to pay.
Up to now in the UK you could never know 100% if the sort code number you were given were really correct as you had no way of verifying at the time that the destination account was the right one.
This resulted in the misdirected payment scam where scammers sought to convince people (via false letters and emails) that they should for example pay a solicitor with a new account/sort code details - which in fact was actually theirs in their name.
Some people had becomes accustomed to making £1 test payment and then contacting the end user by phone to confirm it had come though before making the XXX thousand pound one as a way of getting round this verification issue.
I've spoken to a person whose professional office email account was hacked and indeed clients were being sent messages telling them to in future send any payments to this new account number - all of which was totally false.
Anyone who queried the strange message would get the hackers who had hacked the email to respond by another email confirming it was all OK and correct.
I've no idea how much money was lost/diverted to the hackers account
How was it spotted?
Well the email tone, grammer and mode of conversation did not read true to a couple of clients who knew the alleged sender well and thought that something was up - though they suspected an internal inside job impersonating the sender rather than an external hacker inside the company email system.
So they got on the phone to contacts within the company, and the hack was discovered.
Trying to pay with a card is going to be pretty pointless with an individual as a seller as only businesses are going to be registered with the banks giving them the capability to accept card payments.