We provide the opportunity for you to specify contents of the faster payment reference field. This will appear on bank account transaction reports and provide a mechanism for reconciliation at this level, if required.
If you choose to populate the payment reference field, your customer will not be able to claim refunds.
For each and every Payit™ transaction, we will pass the payment status back to you showing the payment as “successful” or “failed”.
If there is no status received this means the payment is “in progress”. This could mean the ASPSP has placed the payment in a fraud queue for example.
You can then use an API to send a request to Payit™ to check the payment status. Payit™ has two polling strategies;
• Mid Term – Payit™ will poll the ASPSP for two hours
• Long Term – Payit™ will poll for up to 3 days
If Payit™ does not receive a terminal message (success or failed) after three days, Payit™ will confirm back to you the payment was unsuccessful.
NatWest will provide you with daily reconciliation reports for Payit™ which will include data fields such as; date and time of transaction, merchant name, bank name, amount, payment status and the transaction ID.
The four reports that will be available are;
1. Successful transaction file – containing all successful transaction for today
2. Failed transaction file - containing all failed transaction for today
3. In progress transaction file - containing all transactions that are neither successful or failed and therefore are deemed “In progress”
4. In progress in past but completed today – containing all transactions that were previously “in progress” but were successfully processed today
Files are available to the merchant from 01:00 and will detail transactions for the previous day from 00:00 to 23:59. Files are generated at the merchant parent level, so different brands within the file will have reporting control breaks with Total number of transactions and Total amount of transactions.
If you are unsure on the merchant and brand setup, please ask your Implementation Manager.
The response payload contains the direct URL for various reconciliation files. You can action a download of the file using the URLs.
Payit™ also provides an API endpoint which allows you to pass in transaction ID and receive status for an incomplete (pending) payment supporting intraday reconciliation.
Yes, you will be required to have a dedicated account with NatWest Group for Payit™ as this enables us to execute payments for you, as well as making it easier for you to reconcile payments and manage your account balance.
The NatWest Group has deployed secure network environments called Layered Scalable Perimeter (LSP). Each network zone is separated from an adjacent network zone through firewalls, physical network separation, separate network addressing and subnet masking. All network security infrastructure supporting the tiered environment is managed from a common secure management zone.
Wireless access is only used to provide internet access, through which employees are able to access the standard remote access solution if required. There is no direct wireless connection to the enterprise network.
Security Threat Mitigation
The NatWest Group deploys a number of different processes and tools to help identify and mitigate against security threats. This includes tooling to identify attacks against the NatWest Group including Malware, Network Intrusion Detection Systems (NIDS) and Distributed Denial of Service (DDoS) protection. The Technology function manages other tools to defend against security attacks including Anti virus, Firewalls and web proxies.
Data Loss Prevention (DLP) Tools
DLP controls are deployed to monitor and block specific information from leaving the NatWest Group.
A panel of approved Penetration Testing companies work with the Security function to test our systems and infrastructure. Those on the panel are CHECK and CREST accredited, with assurance checks performed before a vendor is added to the panel.
Regular application and infrastructure (internal and external facing infrastructure) vulnerability scans are conducted using vulnerability management tools. The Vulnerability Assessment Service (VAS) evaluates the security exposure to determine the appropriate response. Critical responses, including patches if available are managed as incidents in real-time with lower category exposures included in periodic update cycles. Security updates or patches are tested against defined criteria.