Frequently asked questions

Payit™ utilises Open Banking APIs to facilitate payments without the exchange of account details.  This is achieved through a payment initiation call to the customer's bank via Open Banking APIs. 

The customer then authorises payment using their bank’s online or mobile banking journey and you receive funds via the Faster Payment rails.  A full breakdown of this process is described below; 

1. Customer selects Payit™ as the payment option

2. Access token request sent to and issued by Payit™ service

3. Ecommerce site sends payment information to Payit™ service. Payit™ responds with TPP ID & redirect URL

4. Customer is directed to Payit™ bank selection page and chooses their bank

5. Payit™ facilitates API call to chosen bank and manages the customer handoff to bank site/app

6. Customer logs into their bank and authorises payment.  Bank sends payment consent & redirect to Payit™

7. Payit™ sends payment request to bank and receives a Payment ID in return confirming a faster payment has been initiated

8. Customer is shown confirmation of payment Payit™ page and is handed back to your ecommerce site

9. Payit™ sends payment status to your ecommerce site

10. Payment confirmation page on your ecommerce site

Below is a list of the banks and account providers that are currently connected to Payit™:

Bank of Scotland

Barclays

First Direct

Halifax

HSBC

Lloyds Bank

Monzo 

Nationwide Building Society

NatWest

Revolut

Royal Bank of Scotland

Santander UK

TSB

Ulster Bank (N.I)

We plan to connect the following banks in the coming months, depending on reliability and deviation from the Open Banking Standard:

• Coutts
• Clydesdale Group (including Yorkshire Building Society and Chelsea Building
• Danske Bank
• Metro Bank
• Allied Irish Bank (AIB)
• Virgin Money

Payit™ leverages the UK Faster Payment scheme for single immediate payments. As such payments are usually settled within seconds although the scheme allows for up to 2 hours. 

In a small proportion of cases, the paying customer's Bank may hold a payment internally prior to release (for fraud checks for example). 

In this scenario Payit™ will return a pending status to you and continue to poll the Bank for updates for up to 3 days after which point the payment will be marked as failed.

Currently you will need a separate NatWest account for Payit™ where each Payit™ payment will credit your account individually.

You can then transfer your funds to other accounts at NatWest or other banks. 

We provide the opportunity for you to specify contents of the faster payment reference field. This will appear on bank account transaction reports and provide a mechanism for reconciliation at this level, if required.

If you choose to populate the payment reference field, your customer will not be able to claim refunds.

We have focused our initial offering on UK domestic payments however we plan to enhance Payit™ during 2021 to enable international payments to be initiated via Open Banking.

Payments can currently only be made in GBP. However, functionality to make payments in other currencies has been planned in for 2021. 

No. Payit™ charges are a blended charge including the PISP technology platform service and the receipt of the payment and as such are exempt from VAT.

The Faster Payments Scheme is generally available 24/7 for the majority of large Banks. Payments usually clear immediately, however guidance is given that it can take up to 2 hours. 

In a small number of cases, payments may take longer if they are held (e.g. if they trigger a fraud warning). 

For each and every Payit™ transaction, we will pass the payment status back to you showing the payment as “successful” or “failed”.

If there is no status received this means the payment is “in progress”. This could mean the ASPSP has placed the payment in a fraud queue for example.

You can then use an API to send a request to Payit™ to check the payment status. Payit™ has two polling strategies;

• Mid Term – Payit™ will poll the ASPSP for two hours

• Long Term – Payit™ will poll for up to 3 days

If Payit™ does not receive a terminal message (success or failed) after three days, Payit™ will confirm back to you the payment was unsuccessful. 

NatWest will provide you with daily reconciliation reports for Payit™ which will include data fields such as; date and time of transaction, merchant name, bank name, amount, payment status and the transaction ID. 

The four reports that will be available are;

1. Successful transaction file – containing all successful transaction for today

2. Failed transaction file - containing all failed transaction for today

3. In progress transaction file - containing all transactions that are neither successful or failed and therefore are deemed “In progress”

4. In progress in past but completed today – containing all transactions that were previously “in progress” but were successfully processed today

Files are available to the merchant from 01:00 and will detail transactions for the previous day from 00:00 to 23:59. Files are generated at the merchant parent level, so different brands within the file will have reporting control breaks with Total number of transactions and Total amount of transactions.

If you are unsure on the merchant and brand setup, please ask your Implementation Manager.

The response payload contains the direct URL for various reconciliation files. You can action a download of the file using the URLs.

Payit™ also provides an API endpoint which allows you to pass in transaction ID and receive status for an incomplete (pending) payment supporting intraday reconciliation.

If you’re an existing business customer with a query, please get in touch by contacting the team at payit@natwest.com.

Businesses will be provided with FAQs to support depending on the scenario. 

For example, this could ask your customers to contact their bank, or ask you to contact Payit™ helpdesk depending on the type of issue. 

Yes, you will be required to have a dedicated account with NatWest Group for Payit™ as this enables us to execute payments for you, as well as making it easier for you to reconcile payments and manage your account balance.

Payments can currently only be made in GBP. However, functionality to make payments in other currencies has been planned in for 2021. 

Yes. The email will be shared with your customer after you have approved the payment.

You are only able to make a payment to a UK account number (8 digits) and sort code (6 digits).

The current maximum limit for an individual payment is £250,000. In addition to this, we can add individual pay-out limits and maximum pay-out values per day, as part of the initial set-up.

Currently, Payit™ requires all payments to be approved regardless of value, this means only one approver is required. 

In the future, we are looking to investigate multiple approval requirements based on value as part of our roadmap.

The audit logs can display the status of a pay-out. We can provide information on the meaning of each status and if needed, you can use this as evidence.

Below is a list of the banks and account providers that are currently connected to Payit™:

AIB

Bank of Ireland

Barclays

Danske Bank

First Direct

First Trust 

HSBC

M&S Bank

Monzo 

Nationwide

NatWest

RBS

Revolut

Tesco Bank

TSB

Ulster Bank

We plan to connect the following banks in the coming months, depending on reliability and deviation from the Open Banking Standard:

• Bank of Scotland
• Santander
• Halifax
• Lloyds

A separate Portal allows for a clear separation between Payit™ activities and other activities.

The Portal can be used to track and manage all activities, providing a number of benefits.

Full training will be provided when onboarding to ensure that Portal usage is not an issue. Support will be available from NatWest once live to ensure the Portal works smoothly.

Network Security

The NatWest Group has deployed secure network environments called Layered Scalable Perimeter (LSP). Each network zone is separated from an adjacent network zone through firewalls, physical network separation, separate network addressing and subnet masking. All network security infrastructure supporting the tiered environment is managed from a common secure management zone.

Wireless access is only used to provide internet access, through which employees are able to access the standard remote access solution if required. There is no direct wireless connection to the enterprise network.

Security Threat Mitigation

The NatWest Group deploys a number of different processes and tools to help identify and mitigate against security threats. This includes tooling to identify attacks against the NatWest Group including Malware, Network Intrusion Detection Systems (NIDS) and Distributed Denial of Service (DDoS) protection. The Technology function manages other tools to defend against security attacks including Anti virus, Firewalls and web proxies.

Data Loss Prevention (DLP) Tools

DLP controls are deployed to monitor and block specific information from leaving the NatWest Group.

Security Testing

A panel of approved Penetration Testing companies work with the Security function to test our systems and infrastructure. Those on the panel are CHECK and CREST accredited, with assurance checks performed before a vendor is added to the panel. 

Regular application and infrastructure (internal and external facing infrastructure) vulnerability scans are conducted using vulnerability management tools. The Vulnerability Assessment Service (VAS) evaluates the security exposure to determine the appropriate response. Critical responses, including patches if available are managed as incidents in real-time with lower category exposures included in periodic update cycles. Security updates or patches are tested against defined criteria.

Customers have a maximum number of 30 days to claim their funds before the link becomes inactive.

You can reduce number if you wish, however you cannot extend it beyond the 30-day maximum. 

Funds are sent via Faster Payment.

All existing process around Faster Payment can be employed including tracing a payment using the FPID and making use of the Credit Payment Recovery process.