Frequently Asked Questions

What Does Helix do?

Helix is a lightweight a bank core exposed as a realtime API. There are several primary areas of interest:

  • Customers
    • Tracking sensitive information such as SSN, drivers license / passport details, etc.
    • On-boarding with verification using IDology services (optional)
    • Maintaining addresses, phones, beneficiaries, etc.
    • Security functions, such as locking, archiving, date tracking, etc.
    • Ability to easily apply a lock via Admin console
  • Accounts
    • FDIC Insured
    • DDA, FBO, Savings
    • Joint account support (use of this functionality requires approval by the bank partner)
    • Available, Pending, and Actual balances
    • Supports concept of a goal via account properties
    • Ability to easily apply a lock via Admin console or API
  • External Accounts
    • Real-time routing number verification via the Federal Reserve
    • Account number verification via Trial Deposits (optional)
    • Ability to easily apply a lock via Admin console
  • Transactions
    • Extensive rules and limits for enforcing safe, reliable transfers with minimal fraud risk
    • Detailed auditing of who and when transaction state changes
    • Tight, real-time integration of transactions and balances
    • Settling, hold days, bank holidays -- all taken into account for funds availability
    • End-to-end tracking of ACH returns
  • Debit Cards
  • Backend processes
  • Admin Console Functionality
    • Dashboard to realize the "health" of your program
    • Extensive, granular security for all functionality
    • Quickly search customers by several data points, drill-down details, etc.
    • Transfer funds on behalf of customers if needed
    • Customer on-boarding Manual Review queue
    • Detailed Reports - Updated hourly
    • Much, much more

What does Helix not do?
  • User login / credentials management
  • Funds movement between two external Financial Institutions
    • It is possible to have two external accounts for a given customer in Helix, and move funds from one FI into Helix then from Helix out to another FI -- but your Bank of Record must agree to enabling more than one external account per customer at a time.
  • WebHooks. Please review our AMQP realtime event solution.

What is Helix's pricing model?

Our pricing model can vary greatly depending on several factors such as estimated user base, average accounts per customer, average monthly transaction counts, deposit volume, etc. Contact Us for more information

How do I get access to Helix?

Contact [email protected]

What kind of security measures does Helix adhere to?
  • Annual PCI Compliance Level 1 Audit
  • Annual SOC 2 Audit
  • HTTPS TLS 1.1+ for API
  • SFTP for file transfer
  • IP whitelisting for API and SFTP server access
  • Fully encrypted TLS 1.2 internal network communications
  • AES-256 encryption for sensitive data at rest
  • PCI compliant key management (annual key rotations, multiple active keys, key custodians, etc) for PAN and other PCI-sensitive data
  • Optional PGP encryption for files sitting on SFTP server

Why can't I connect to or

This issue is typically due to one of the following:

  • The login credentials are incorrect or expired
  • The IP(s) from which you are making the actual SecureFTP requests to the Helix SFTP environment does not match those we have on record
  • We have not yet whitelisted the IP from which you are trying to connect
  • Ensure your outbound firewall allows SFTP/SSH traffic
  • You need to connect over TCP port 22 to establish SSH connection

If none of the above apply, please contact us. Having your list of IP addresses to whitelist handy would be beneficial.

Should I call /externalAccount/create or /externalAccount/initiate? And what's /externalAccount/verify?

Helix is a very configurable service, and as such not all routes may apply to your particular situation.

  • If you have already vetted a customer is the owner of the external account you should call only /externalAccount/create
  • If you are relying on Helix to issue microdeposits to ensure a customer is in fact the owner of an external account, you should call /externalAccount/initiate, then after the microdeposits have appeared in that external account, prompt the user to enter the value(s) and send those answers to /externalAccount/verify
  • Extensive details can be found on the External Account definition page.

Why no Webhooks?

A number of API's expose out-of-band "callbacks" as Webhooks. They are very convenient, intuitive, familiar, and popular. In lieu of Webhooks, Helix provides an attractive alternative: Azure Service Bus. Azure Service Bus is PCI compliant and has SDKs in a variety of programming languages

Azure Service Bus is a service to which your code connects using AMQP 1.0

Helix also provides the Event Notification File which emits the same events as the Azure Service Bus. If you consume events via the Azure Service Bus, they will appear nearly instantly after being generated in Helix. The Event Notification File is generated and uploaded to the SFTP server at most once every 15 minutes.

Do you support XML? Do you have an XSD?

In short, the answer is no. We do not have XML and will not be supporting it in the future. In lieu of an XSD, this documentation site serves as the official definition for all data types and file formats.

My question isn't answered here

Please contact us