Intelligent EFT / ACH (iQ11)

Welcome to Open Banking Payments

VoPay’s Intelligent EFT / ACH (iQ11) adds a layer of data intelligence to EFT payments to make them faster, enables bank account verification and reduces NSFs. We utilize Open Banking technology to verify and validate all the necessary data and information, such as the ownership of the account, available balance, account information, and account performance history. This all happens at the time the user initiates the first transaction and links their preferred bank account to the merchant app or digital platform.

How does it work?

  • You generate a custom embed URL by calling iq11/generate-embed-url
  • You embed the generated URL in your website using an iFrame.
  • The user selects their preferred financial institution, logs into their online banking account and selects the account they wish to use.
  • VoPay generates an iQ11 token which uniquely identifies the user’s selected bank account.
  • The user is redirected back to the URL you specified when calling to generate the embed URL.
  • You use the iQ11 token instead of the institution number, bank account and transit number when calling other API methods such as eft/fund and eft/withdraw. (See EFT API Methods)

Note: The iQ11 Token generated uniquely identifies a bank account. If you wish to make multiple transactions without requiring the user to log in each time you should store it securely so that it can be reused.

Have an existing data aggregator token?

You can take advantage of your existing data integration with Plaid, Flinks or Inverite by leveraging your data tokens and have your users skip all the authorization access and bank account selection steps, streamlining the payment checkout experience. You’ll need to sync your data aggregator account with VoPay to enable this.

Processing times

Once an Intelligent EFT / ACH (iQ11) transaction is initiated it will follow the following timeline:

• Collecting payment: T + 1 business day for funds to arrive (Subject to Approval. Terms and Conditions Apply)

• Sending payment: T + 1 business day for funds to arrive (Subject to Approval. Terms and Conditions Apply)

How to test?

Once the iQ11 iFrame has been integrated into your website or application you will need to test the workflow. The bank authentication process is fully functional in both the sandbox and production environment. A red bar will be displayed at the top of the page when it is running the sandbox environment so that you can easily identify it.

There are two general ways that you can test your integration:

  • Logging into a real bank account (no real money will be moved when using a token for a real bank account in the sandbox environment)
  • Using the VoPay Bank (username/password = vopaydemo)

In both cases, you will be redirected to your configured Redirect URL along with a token. Once you have received the token, you will need to include it in your subsequent API call to the desired EFT endpoint. iQ11 fetches the account number, transit number, and financial institution number for the specified token and uses that to process the transaction

Redirection

We have introduced a new method for the redirection of our iQ11 iFrame: RedirectMethod in the /iq11/generate-embed-url endpoint that accepts InnerRedirect or JavascriptMessage as parameter values.

  • InnerRedirect is the existing default behaviour that will redirect you to your own RedirectURL that you have provided to us along with a Token, MaskedAccount and Bank name.
  • JavaScriptMessage will not redirect you anywhere but it will stay on the same page. We will pass a JavaScript object to you via Window.postMessage() once the account login is complete. You can consume this through to the event listener. With this method, you won't be forced to redirect to another page, it's expected that your app UI will take some action once this event is received.

Here's an example of how you can receive this message:

function receiveMessage(event) {
	console.log(JSON.parse(event.date))
}
window.addEventListener('message', receiveMessage, false);