DocsDuitNow Online BankingDuitNow Autodebit

DuitNow AutoDebit

See also API reference for DuitNow Autodebit

Check API

Introduction

DuitNow AutoDebit is a convenient and efficient collection method for businesses or billing organization to collect payment directly from customer’s bank account, in a recurring or on-demand basis with a pre-established consent in 1 place.

info

Consent is a form of approval for someone to do something. In this context, customer is giving approval (consent) for businesses to debit from their bank account.

Consent Registration Flow (Steps 5-8)

Step	Sender	Receiver	Process
1	Customer	Merchant	Process
2	Merchant	RPP	Merchant will perform the following: Authorize and validate Consent Registration request Send Consent Registration request to RPP
3	RPP	Merchant	RPP performs the following: Message Logging Message Validation Message Format Validation Digital Signature Validation Business Validation Timeout Validation Transaction Type Validation Date Expiry Check Allowed Max Amount Check If any of the Message Validation fails, RPP will Send a REJECT response to Merchant If any of the Business Validation fails, RPP will Send a NEGATIVE response to Merchant If all validations are successful, RPP will Generate Signature with End-to-End ID Send an ACCEPTED response back to Merchant with End-to-End ID and Signature Note: Timeout is set at 20 seconds
4	Merchant	Debiting Agent	Merchant performs the following Stop timer Message Validation Message Format Validation Digital Signature Verification If all validations are successful, Merchant will Redirect Customer to selected bank Sends End-to-End ID and Signature to Debiting Agent

Exception Handling

Step	Event	Action
2, 3	Timeout (Merchant gets no response from RPP)	RPP: If RPP received the request and processed it, but RPP's response failed to send to Merchant/Biller at Step 3, then the transaction is logged and a PENDING status Consent Request is created but is orphaned in the staging table If RPP never received the request, no action on RPP side Merchant: Merchant may not send a duplicate of the request after a timeout. Merchant can send a new request
2, 3	Rejection	RPP: RPP logs reject, returns reject status to Merchant. If RPP responds with reject after storing a pending Consent Request record in staging table, the record will be orphaned, no reference to it will be sent back to Merchant in the rejection response Merchant: -

Retrieve Consent Info Flow (Steps 9-12)

Step	Sender	Receiver	Process
1	Debiting Agent	RPP	Debiting Agent Performs the following Validate Signature from Merchant Send Retrieve Consent Info Request based on End-to-End ID Start timer
2	RPP	Debiting Agent	RPP performs the following Message Logging Message Validation Message Format Validation Digital Signature Validation Business Validation Timeout Validation Transaction Type Validation Check Consent Staging Status If any of the Message Validation fails, RPP will Send a REJECT response to Debiting Agent If any of the Business Validation fails, RPP will Send a NEGATIVE response to Debiting Agent If all validations are successful, RPP will Return Retrieve Consent Info Response
3	Customer	Debiting Agent	Customer login into Mobile/Internet Banking portal of Debiting Agent
4	Debiting Agent	Customer	Debiting Agent performs the following: Perform Login Validation If Login Validation fails Debiting Agent will Reject Customer Login and return error code If validation is successful Display Consent Detail to customer

Exception Handling

step	Event	Action
1,2	Timeout (Debiting Agent gets no response from RPP)	RPP If RPP received the request and processed it, but RPP's response failed to return to Debiting Agent at Step 2, then the transaction is logged, and the PENDING of Consent request status may be updated to RETRIEVED If RPP never received the request, no action on RPP side Debiting Agent Debiting Agent may re-request after a timeout. RPP shall return the consent info if the consent status still in PENDING or RETRIEVED state
1,2	Rejection	RPP RPP may reject based on parameter validation, in this case the PENDING status of Consent request record remains at status PENDING Debiting Agent -

Update Consent Status (13-16)

Step	Sender	Receiver	Process
1	Customer	Debiting Agent	Customer performs the following Confirm Consent Detail Confirm Consent Detail Note: Update to Pending Authorisation is an optional step for scenarios where the Consent Registration needs to be updated to Pending Authorisation for two level Authentication
2	Debiting Agent	RPP	Debiting Agent performs the following Validate Customer Response Any other validation Send Update Consent Status request to RPP Note: If customer selects multiple consent type, Debiting Agent will send multiple Update Consent Status request
3	RPP	Debiting Agent	RPP performs the following: Message Logging Message Validation Message Format Validation Digital Signature Verification Business Validation Mandatory and conditional fields validation Business Message Identifier validation Timeout Validation Transaction Type Validation Allowed Max Amount Check Expiry Date Check Check Consent Staging Status If any of the Message Validation fails, RPP will Send a REJECT response to Debiting Agent If any of the Business Validation fails, RPP will Send a NEGATIVE response to Debiting Agent If all validations are successful, RPP will If Debiting Agent sends an Update Consent Status to PDAU (Pending Authorisaton); Update Consent Staging Table Status to PDAU If Debiting Agent sends an Update Consent Status to ACTV (Active); Update Consent Staging Table Status to SUCC (Success) Create entry in Consent Table Generate Consent ID Set Consent Status as ACTV Send the ACCEPTED response to Debiting Agent Note: Timeout is set at 20 seconds
4	RPP	Merchant	RPP performs the following: Notify Merchant of Update Payment Status via Merchant Notification API
5	Debiting Agent	Customer	Debiting Agent will display the Consent Registration status to the Customer

Exception Handling

Step	Event	Action
2,3	Timeout (Debiting Agent gets no response from RPP)	RPP: RPP may or may not have updated the RETRIEVED status of Consent Request to COMPLETE Debiting Agent: Debiting Agent has already saved the Consent before attempting the send of Consent Registration Fulfillment request. The request may be sent again by Debiting Agent but may get rejected if Consent Request status had been updated by previous timed-out request
2,3	Rejection	RPP: If field validation error, RPP sends an error message to Debiting Agent (at Step 3) with details of field validation failure, and the request message is logged in the reject log If Session/Business Rule validation failure or other error within session: Transaction is logged, and RPP sends response with rejection status/reason code to Debiting Agent. Consent Registration status notification (Not Approved) is sent to Merchant Debiting Agent: Debiting Agent has already saved the debtor before attempting the send of Consent Registration Fulfilment request. Debiting Agent has rejection information so can process accordingly
4,5	Timeout (RPP gets no response from Merchant)	RPP: Sent by SAF, SAF will continue to re-send while timeout occurs on send attempts Merchant: -
4,5	Rejection	RPP: Sent by SAF, SAF will log the reject response (sent from RFI in Step 3A) in SAF log and consider the request as sent and responded to Merchant: -

Merchant Initiated Cancellation (After Step 8, before step 14)

After Step 8, a Merchant may initiate a Cancellation Request of the Consent in the Redirect Flow. However, this request must be initiated before Step 14 where the Customer would have already approved the consent

Step	Sender	Receiver	Process
1	Merchant	RPP	Merchant will perform the following: Send a Cancellation Request to RPP Start timer
2	RPP	Merchant	RPP performs the following Message Logging Message Validation Message Format Validation Digital Signature Validation Business Validation Timeout Validation Transaction Type Validation Check Consent Staging Status If any of the Message Validation fails, RPP will Send a REJECT response to Merchant If any of the Business Validation fails, RPP will Send a NEGATIVE response to Merchant If all validations are successful, RPP will Change status of Consent in staging table to CANC (Cancel) Send an ACCEPTED response back to Merchant

Exception Handling

Step	Event	Action
1,2	Timeout (Merchant gets no response from RPP)	RPP: - Merchant: Merchant shall not send a repeat request after a timeout Merchant can perform enquiry to check the status of the Consent in the staging table Merchant can send a new request
1,2	Rejection	RPP: If field validation error, RPP sends an error message to Merchant at Step 2, with details of field validation failure, and the request message is logged in the reject log If Session/Business Rule validation failure or other error within session: Transaction is logged, and RPP sends response with rejection status/reason code to Merchant at Step 2 Merchant: Merchant has rejection information so can process accordingly

Debit Flow

With customer registered for DuitNow AutoDebit, businesses may initiate the debit request to start collect the payment from customer’s bank account.

The figure below explains in detail the process of initiating the debit request.

Step	Sender	Receiver	Process
1	Customer	Merchant	Customer proceed to checkout at Merchant portal/app
2	Merchant	RPP	Merchant identify that there’s consent in place and initiate Debit Request to RPP
3	RPP	Debiting Participant	RPP validate the consent details and forward the Debit Request to the Debiting Participant
4	Debiting Participant	Customer	Debiting Participant debit Customer’s account and notify Customer
5	Debiting Participant	RPP	Debiting Participant debit Customer’s account and notify RPP on the debit status
6	RPP	Merchant	RPP send the Debit Response to Merchant
7	Merchant	Customer	Merchant update Customer on the transaction status
8	RPP	Crediting Participant	RPP send Credit Transfer to Crediting Participant
9	Debiting Participant	Merchant	Crediting Participant update Merchant on the crediting status