trusts Veri

Reputation+APIDownload
Verify+Person+APIDownload

Non Billable

Billable

Webhooks work in concert with third-party financial service providers (like Plaid) and banking partners (like Fifth Third Bank) to automate and secure fund transfers during a financial platform’s onboarding process. The platform links a user’s bank account through secure verification, and the webhook listener URL receives event notifications to trigger the fund transfer process via APIs. 

Here is a step-by-step breakdown of the process:

1. Secure bank account linking and verification

  • Use a third-party aggregator: During the onboarding process, the platform uses a third-party service like Plaid or Yodlee to link the customer’s bank account.
  • Customer authorization: The customer is directed to a secure, branded page to sign in to their online banking portal. This happens without the platform ever seeing or storing the customer’s banking credentials.
  • API tokenization: Upon successful login, the third-party service provides the platform with a secure, tokenized connection to the customer’s bank account, which is saved to the customer’s profile. 

2. Initiating and notifying fund transfers

  • Trigger an event: After the bank account is successfully linked and verified (e.g., through KYC/AML checks), the platform initiates a fund transfer via an API call. This might be an ACH transfer (takes 2-3 business days) or a faster payment method.
  • Webhooks for real-time updates: The financial API provider (e.g., Dwolla, Stripe, or a banking partner like Fifth Third Bank) is configured to send automated POST requests—webhooks—to a specific URL (the “listener”) on the platform’s server. These webhooks act as event notifications.
  • Event types: A single fund transfer can trigger multiple event-based webhooks, such as transfer_created, transfer_pending, and transfer_completed. This ensures the platform is updated on the status of the transaction in real-time. 

3. Processing the webhook payload

  • Receive the payload: The platform’s webhook URL receives the event notification (payload) from the financial service provider.
  • Validate the source: For security, the platform must validate the webhook by checking the X-Signature header to ensure it’s from a trusted source.
  • Process the event: The platform’s server processes the event data. For a successful transfer_completed event, the server might update the customer’s in-app balance, trigger a welcome email, or kick off a new workflow. A 200 HTTP response code is sent back to acknowledge receipt of the webhook. 

4. The role of financial institutions

  • Direct API access: Banks like Fifth Third Bank are developing their own APIs that allow platforms to embed payment functionality, including ACH and wire transfers, directly into their applications.
  • Backend rails: These banking APIs provide direct access to the underlying financial rails, allowing for seamless and secure fund movement. This embedded finance approach streamlines the entire onboarding and payment process. 

Integrate with Fifth Third BankPublic preview

image
image

Clients Hub Master Card

Employees Mastercard

Verification of Income and Employment – Paystub (with TXVerify)

Integrating with Mastercard Data Connect

https://developer.chase.com/products/aggregation-consent/guides/launching-the-oauth-flow-in-a-secure-container

Chase Server IP Endpoints While you can perform these tasks using the Open Finance APIs (for example, retrieve the list of reports generated for a customer by calling Get Report by Customer and ID, or check the status of a Financial Institution by calling Get Institution by ID), the Client Hub makes managing these tasks more accessible for a non-technical audience through its interface.

ONBOARDING MASTERCARDS

image

Profile/Profile

image
image

Data Connect Full (including for Joint Borrower)

Data Connect Full provides all the screens needed for the complete user experience. The Data Connect Full experience provides screens to allow the user to find and select their FI, sign-in, agree to the terms and conditions and privacy policy, and then select the account(s) that they want to connect to Open Finance.

You might already be familiar with the Generate Data Connect URL endpoint if you followed the Quick Start Guide.

Generate Data Connect URL

POST/connect/v2/generate

resource path caret icon

To generate a user experience which also covers joint borrowers, use the following endpoint:

Generate Data Connect URL – Joint Borrower

POST/connect/v2/generate/jointBorrower

resource path caret icon

Data Connect Lite

Data Connect Lite gives you the flexibility to build your own screens to allow the user to select the FI and account, with Mastercard hosting the Terms and Conditions and sign-in screens only.

In order to use Data Connect Lite you need to supply an institutionId. To facilitate this you can perform a search using the institutions endpoint given a search term from your customer. Once you have a customer select an institution from the list you will have the institutionId needed in the Data Connect Lite endpoint.

Get Institutions

GET/institution/v2/institutions

resource path caret icon

Once you have the institutionId for the institution concerned, pass it to the following endpoint in order to generate a sign-in screen which is appropriate to the FI. The user will also be prompted to accept the terms and conditions and privacy agreement before sign-in.

Generate Lite Data Connect URL

POST/connect/v2/generate/lite

resource path caret icon

Data Connect Fix

Data Connect Fix can be used when a problem occurs such as the connection to the user’s FI being lost. You will need the institutionLoginId relating to the user account in question (you can get this value using the Account Aggregation endpoints such as Get Customer Account by ID).

Not all connection issues can be resolved using Data Connect Fix. The Aggregation Status Code returned when you call one of the Account Aggregation endpoints will indicate what is causing the issue, and whether using Data Connect Fix will help.

The Data Connect Fix URL can be presented to the user to allow them to re-establish the connection with the FI.

Generate Fix Data Connect URL

POST/connect/v2/generate/fix

resource path caret icon

Send Data Connect Email

Instead of obtaining a Data Connect URL and displaying that link to the user directly, you can also generate an email containing a link which is sent to the user. The email includes a button which opens the Data Connect application.

You can specify the email’s subject, the name and company from which the email originates, the signature, and the customer’s name. Once sent, the Data Connect URL will be valid for 3 days, so the user has time to perform the Data Connect session when convenient to them.

Send Data Connect Email

POST/connect/v2/send/email

resource path caret icon

A second version of this endpoint is provided for joint borrowers:

Send Data Connect Email – Joint Borrower

POST/connect/v2/send/email/jointBorrower

resource path caret icon

Resources

  • Status Codes display when something interrupts the process of the Data Connect application. The error code number and description can help you know what the issue is and how to resolve it.
  • Data Connect Events are events sent from the Data Connect app through the SDK to your web and mobile apps.

Visa.thecountrybankofneedham.com

Api.thecountrybankofneedham.com

Event listenor, at Partners Institutions and for clients.

Fifth Third Bank, mastercard network: and too such account at three days, however our our fees and 90 days stationary platform holds them these, and reporting via webhooks.

90 day sets compared to annually.

Contract with Mastercard provides Institution or accounts transfers this through the card networks

image
image

image
image

Mastercard Lend at The Country Bank of Needham

Basically your creating organizations on one side with the BIN, 1-9 then institutions format of IINs

An Issuer Identification Number (IIN) is the first six to eight digits of a payment card’s Primary Account Number (PAN). It identifies the issuing financial institution and is structured with a leading Major Industry Identifier (MII), followed by the issuer identifier. The standard number of digits for an IIN has increased from six to eight, with an ongoing transition to the eight-digit format. 

Structure of a payment card number (PAN)

  • Issuer Identification Number (IIN): The first six to eight digits of the PAN.
    • Major Industry Identifier (MII): The first digit of the IIN, indicating the industry of the issuer (e.g., 4 for Visa).
    • Issuer Identifier: The remaining digits of the IIN, uniquely identifying the financial institution.
  • Individual Account Identification Number: A variable-length number (up to 12 digits) that is unique to the cardholder.
  • Check Digit: The final, single digit, which is calculated using the Luhn algorithm to verify the entire card number. 

Length of IINs

Older or specific standards: In some cases, such as national closed-loop systems, a nine-digit IIN may be used

Current standard: The international standard (ISO/IEC 7812) expanded the IIN length to eight digits in 2017, a transition from the previous six-digit standard.

Transition: While new IINs are eight digits long, existing six-digit IINs are being converted to a block of eight-digit numbers.

I love you.

Scroll to Top