Verify accounts using micro-deposits
Verify accounts using micro-deposits
When a customer cannot sign in to their account and authenticate instantly, Micro Challenge Deposits (MCD) act as your fallback. MCDs verify account ownership by confirming the customer can access their bank statement and identify specific deposits.
Trustly automatically handles the logic to choose the best available method:
- Instant MCD (single-session): Uses real-time rails (RTP or FedNow) to send a deposit immediately. The customer stays in the flow and verifies a code within seconds.
- Legacy MCD (multi-session): Uses standard Automated Clearing House (ACH). The customer must leave your site, wait one to three days for the deposit to settle, and return later to verify.
Automatic Fallback: You do not need to implement logic to choose between these methods. If a bank is not eligible for Instant payments, Trustly automatically defaults to legacy MCD to ensure the account can still be verified.
Prerequisites
- Integrated the Trustly client-side SDK: The verification flow requires rendering the Trustly Lightbox to collect the deposit amounts from the user.
- Implemented a transaction flow: MCD is a fallback method. You must have your primary Trustly Pay (Deferred) or Data (Retrieval) flow set up first.
Create the initial bank authorization
The initial bank authorization does not change. Pass in the same establishData object as was provided during the original authorization.
In the following example, the paymentType is set to 'Retrieval' for Data products. If you are using Trustly Pay, set this to 'Deferred'.
See Securing Requests to learn how to calculate the requestSignature
Do not pass Consumer PII (name, email address, etc) in the description field. You can pass Consumer PII in the customer object.
Retrieve the test verification code
You can use our Sandbox Merchant Portal to view the test account verification deposit code that was generated for the Bank Authorization.
- After signing into the Sandbox Merchant Portal, find the Bank Authorization transaction you created earlier.
-
Click the Transaction ID to bring up the details. Scroll down to the Account Verification Deposits section and then copy the Reference Code value.
For Instant MCD, this value is a three letter code that a customer finds in the penny-drop deposit description. For legacy MCD, this value is a three letter code that a customer finds in the ACH deposit description.
Initiate the verification flow
The following examples use the JavaScript SDK. For guidance on building for mobile apps, see Mobile SDKs .
- To load the SDK on the page, use the following JavaScript tag (replacing
{accessId}with the Access Id provided to you by Trustly):
- To provide optional Trustly configuration options, create a
TrustlyOptionsobject:
For details on the Trustly configuration options, refer to the SDK Specification.
- To provide the transaction details to the SDK, create an
establishDataobject:
Ensure you’re securing your call by including the requestSignature parameter.
- Finally, call the Trustly SDK’s
establishfunction:
The following is a full HTML page using the above example.
You’ll want to replace accessId and merchantId with the values provided to you by Trustly
Enter the test verification code
Using the verification HTML you created, launch the Trustly Lightbox.
After entering the code retrieved from the Sandbox Merchant Portal and clicking Continue, the customer is directed back to your site.
Handle the redirect
Once you get a successful redirect to your returnUrl, you must check the payment.account.verified status to determine if the customer has been verified instantly or requires further action.
Instant MCD
If the customer’s bank supports Instant Payment rails (RTP or FedNow), Trustly attempts a penny drop ($0.01) verification. The user locates a 3-letter code in their banking app and enters it on the Trustly-hosted page before being redirected to you.
Check for the following values:
payment.paymentProvider.typeis2(Manual Entry)statusis2(Authorized)payment.account.verifiedistrue
If payment.account.verified is true, the account is verified. You can proceed immediately; the user has already successfully entered their 3-letter code.
Legacy MCD
If the bank is not eligible for instant payments, or if the customer did not successfully complete verification, the transaction defaults to legacy MCD. The customer must wait one to three business days for the deposit to settle and return later.
Check for the following values:
payment.paymentProvider.typeis2(Manual Entry)statusis2(Authorized)payment.account.verifiedisfalse
Because payment.account.verified is false, you must message the customer to return to your site when they are ready to verify their account with the Establish Data object.
Verification Pending: Check your bank statement for a deposit.
-
Instant MCD (RTP or FedNow): Look for a $0.01 deposit containing a 3-letter code. This typically appears in seconds.
- Legacy MCD (ACH): Look for a $0.01 deposit containing a 3-letter code. This typically takes 1-3 business days.
Handle the Webhook
Trustly sends a webhook notification to your system for every transaction status change. For Instant MCD, you can use this webhook to confirm verification on your backend, which is more reliable than the browser redirect.
The logic for the webhook payload mirrors the redirect logic. Check the payload for:
payment.paymentProvider.typeis2(Manual Entry)statusis2(Authorized)payment.account.verifiedistrue
If these conditions are met, the account is verified. You can safely update the customer’s status in your database to Active or Verified.
Test
Trustly offers a Demo Bank in the Sandbox environment that can be used to trigger a number of testing scenarios. See Testing
Error Handling
Trustly uses conventional HTTP response codes to indicate success or failure of an API request.
Not all errors map cleanly onto HTTP response codes, however. In addition to the HTTP response code, Trustly returns an array of error objects that describes the errors as a JSON string such as the example below.