Verifying External Accounts

Helix requires you to verify customer ownership of an external account before initiating transfers. There are two options for verifying external accounts.

Instant Verification

Most programs opt to use an Instant Account Verification (IAV) service such as Plaid (requires separate license) to validate customer ownership of external accounts. The general flow in this scenario is as follows:

  1. Customer requests to link their external account via your app
  2. Customer is prompted to enter their online banking login credentials (usually the IAV service provides an SDK to securely capture this info on your behalf)
  3. The IAV service validates ownership of the external account and provides some information about the external account, e.g., account number, routing number, etc.
  4. You pass the required external account information to Helix's /externalAccount/create endpoint
  5. Helix creates the external account object with status=Verified and is immediately available to use in the /transfer/create endpoint

Verification via Micro-Deposits

Helix natively supports external account verification via micro deposits. Most programs use this method as a backup in case the customer is attempting to link an external account at a financial institution not supported by the IAV service, the customer does not wish to use the IAV service, or the IAV service is down. The general flow for verification via micro-deposits is as follows:

  1. Customer requests to link their external account via your app
  2. You prompt the customer for the required external account information and POST it to /externalAccount/initiate
  3. Helix creates an external account object with status=Unverified
  4. Helix originates two small deposits (and a single offsetting withdrawal) to the external account. Amounts are random, but will fall between $0.01 and $0.49 inclusively.

📘

In the Sandbox environment one amount is hardcoded to 0.18 and the other is 0.28 (since no ACH files are actually being sent to an external bank).

  1. At a later date, (deposits take 1-3 business days to complete) the customer logs onto your app and enters the amounts that were deposited into their external account
  2. You pass the amounts to /externalAccount/verify
  3. If the amounts are correct Helix updates the external account object to status=Verified. The external account is now available to use in the /transfer/create endpoint
    • If verification attempts fail 3 times Helix updates the external account to status=VerifyLocked
    • If verification time limit has been exceeded Helix updates the external account to status=Expired
    • If manual intervention by a CSR happens prior to verification Helix updates the external account to status=Denied