Account Control
Orum's second tier of verification — Account Control — ensures the end user has control of the account – combatting Reg E fraud. Verify drops a random code into the bank account and prompts the user in real-time to authenticate it – removing the lost time and expense of microdeposits.
Note
A control verification also includes an account status verification. This means both
control_statusandverification_statuswill update tovalidupon success.
Orum verifies account control by sending a unique four-character code to the bank account of your end user. Once they locate the code on the transaction, there are two ways to confirm it:
- API-based solution: Send back the code via the Control endpoint
- Email-based solution: Orum triggers an automated email to the end user with instructions on how to verify the code via an Orum-hosted website. This email comes from you, but is automatically sent by Orum.
If using the email-based solution, Orum will send an email based on the following logic:
- If the bank account is FedNow-eligible, the email is sent once a
verify_account_updated webhookevent returns averification_statusofvalid. - If the bank account is not FedNow-eligible, the email is sent during evening hours or the following morning of the next business day (if not a bank holiday).
Configuring Your Domain for Sending Emails on Your Behalf
To enable Orum to send emails on your behalf securely and reliably, you'll need to update your domain settings. This process ensures your emails are trusted by recipients and aren't marked as spam.
Steps to Configure Your Domain
- Verify Your Domain
- Add a special record to your domain's DNS settings to prove ownership.
- Set Up Email Authentication
- SPF Record: Authorizes us to send emails on your behalf.
- DKIM Record: Adds a digital signature to your emails for better security and deliverability.
- Use a Custom Mail Domain (Mail From): Emails will be sent from a custom domain like mail.yourdomain.com, to enable this a specific DNS records must be added.
What You'll Need to Do
- If you manage your DNS settings, we'll provide the records you need to add.
- Once the DNS updates are in place, we'll verify and test the setup to ensure everything works perfectly.
Control Status
Regardless of whether you choose to use the API-based or email-based solution, the Control statuses and webhook events remain the same.
| Ownership Status | Description |
|---|---|
Pending | Acknowledgment of the request being received |
Valid | A match has occurred and ownership has been verified |
Canceled | The maximum number of attempts has been reached, a transfer has failed, or it has been 5 days since the request was sent to the receiving bank |
Note
The maximum number of attempts defaults to three
Sample Webhook Event
{
"created_at": "2023-11-17T20:10:06.173Z",
"event_data": {
"account": {
"id": "2b610cd7-0366-47a0-94c7-923dc0472bc5",
"account_number": "12345678910",
"routing_number": "102001017",
"account_holder_name": "John Doe",
"estimated_verification_date": "2023-11-17T00:00:00Z",
"verification_status": "valid",
"control_status": "valid",
"created_at": "2023-11-17T20:09:58.356657Z",
"updated_at": "2023-11-17T20:10:05.351604Z"
}
},
"event_id": "562eec7a-b6e7-489a-bbaa-2f04c137b3d1",
"event_type": "verify_account_updated"
}
Updated 19 days ago