FAQ Remittance as a Service

1. What is remittance as a service?

Remittance as a service is a platform or solution provided by Digit9 that enables fintechs to send money internationally. It streamlines the process of transferring funds across borders, typically offering features such as real-time transfers, competitive exchange rates, and secure transaction processing.

2. How does remittance as a service work?

Remittance as a service works by leveraging digital technologies and banking infrastructure to facilitate cross-border money transfers. Users can initiate transfers through online platforms or mobile apps. The service then processes the transaction, converts currencies if necessary, and transfers funds to the recipient's account or designated payout location or wallet.

3. What are the benefits of using remittance as a service?

• Convenience: Users can initiate transactions anytime, anywhere, using digital channels.

• Speed: Remittance as a service often offers real-time or same-day transfers, enabling recipients to receive funds quickly.

• Cost-effectiveness: Competitive exchange rates and lower fees compared to traditional remittance methods can result in cost savings for both senders and recipients.

• Security: Robust security measures and encryption protocols protect transactions and sensitive customer data.

• Accessibility: Remittance as a service extends financial inclusion by providing access to banking services for underserved populations, including migrants and unbanked individuals.

4. How can I send money using remittance as a service?

To send money using remittance as a service, you typically need to:

• Create an account: Sign up for an account with the remittance service provider.

• Provide details: Enter recipient information, including name, contact details, and bank account information.

• Initiate transfer: Select the amount to send, choose the desired payout currency and method, and confirm the transaction.

• Complete payment: Fund the transfer using available payment options, such as bank transfer, debit/credit card, or mobile wallet.

5. Are there any limits on the amount of money I can send using remittance as a service?

Remittance service providers may impose limits on the amount of money that can be sent per transaction, per day, or per month. These limits vary depending on factors such as regulatory requirements, risk management policies, and customer verification status. It's advisable to check with the specific provider for information on transaction limits.

6. How do I track the status of my remittance transaction?

Remittance service providers typically offer tracking capabilities that allow users to monitor the status of their transactions in real-time. You can usually track transactions by logging into your account on the provider's website or mobile app and accessing the transaction history or tracking section. Additionally, some providers may send notifications or updates via email or SMS.

7. Is remittance as a service regulated?

Yes, remittance service providers are subject to regulatory oversight and compliance requirements in the jurisdictions where they operate. Regulatory frameworks aim to ensure consumer protection, prevent money laundering and fraud, and maintain the integrity of the financial system. Providers are often required to obtain licenses, adhere to anti-money laundering (AML) and know your customer (KYC) regulations, and implement robust security measures.

8. What currencies and countries are supported by remittance as a service?

Remittance service providers typically support a wide range of currencies and countries, allowing users to send money to various destinations worldwide. Popular corridors may include transfers between major currencies (e.g., USD, EUR, GBP) and countries with significant remittance flows (e.g., India, Philippines, Pakistan). Providers often list supported currencies and countries on their websites or apps for reference.

9. Are there any fees associated with using remittance as a service?

Remittance service providers may charge fees for processing transactions, currency conversion, and other services. Fees vary depending on factors such as the transfer amount, destination country, payout method, and provider's pricing structure. It's essential to review the fee schedule and terms of service before initiating a transaction to understand the total cost involved.

10. How can I contact customer support for assistance with remittance transactions?

Remittance service providers typically offer customer support channels, such as phone, email, live chat, or in-app messaging, to assist users with inquiries, issues, or feedback related to remittance transactions. Contact information for customer support is usually available on the provider's website or within the app.

11. What is a funding model in the context of remittance services?

A funding model refers to the mechanism or process by which funds are transferred or made available for remittance transactions. It determines how and when funds are collected from senders and disbursed to recipients.

12. What are the available funding models for remittance services?

The available funding models include:

• Pre-fund: Counterparty to deposit funds into their account before initiating remittance transactions.

• Post-fund: Counterparty initiate transactions first, and funds are collected from their account after the transaction is completed.

• Real-time collection: Funds are collected from senders and made available for remittance transactions in real-time, often through instant payment methods.

• Managed treasury model: Funds are centrally managed and allocated by a treasury department, ensuring liquidity and efficiency in processing remittance transactions.

13. How does the pre-fund funding model work?

In the pre-fund model, partners deposit funds into their account with the remittance service provider before initiating transactions. These funds are then used to fund remittance transactions when initiated by the partner. Pre-funding ensures that sufficient funds are available to cover transactions and reduces processing time.

14. What is the post-fund funding model, and how does it differ from the pre-fund model?

In the post-fund model, partners initiate remittance transactions first, and funds are collected from their account after the transaction is completed. Unlike the pre-fund model, funds are not deposited in advance but are instead collected as needed for transactions, providing flexibility for partners.

15. Can you explain how real-time collection works in remittance services?

Real-time collection allows funds to be collected from senders and made available for remittance transactions instantly or within a very short timeframe. This is often achieved through integration with real-time payment systems or instant payment networks, enabling seamless and immediate processing of transactions.

16. What are the advantages of the managed treasury model for remittance services?

The managed treasury model centralizes the management of funds and liquidity, allowing for efficient allocation and utilization of resources. This model helps minimize risks associated with liquidity management, optimize capital usage, and ensure timely processing of remittance transactions.

17. Are there any specific considerations for choosing a funding model for remittance services?

The choice of funding model depends on various factors, including regulatory requirements, market dynamics, risk management considerations, and customer preferences. Remittance service providers may evaluate factors such as cost-effectiveness, speed, and scalability when selecting a funding model that aligns with their business objectives and customer needs.

18. How does the remittance service provider ensure security and compliance with different funding models?

Remittance service providers implement robust security measures and compliance controls to safeguard customer funds and ensure adherence to regulatory requirements. This includes implementing encryption protocols, identity verification procedures, anti-money laundering (AML) measures, and Know Your Customer (KYC) checks to mitigate risks and maintain trust in the remittance process.

19. What is the three-step transaction processing model?

The three-step transaction processing model is a sequential process involving the invocation of three APIs in a specific order to facilitate payment transactions. These steps include creating a quote, creating a payment order, and authorizing the payment order for final processing.

20. What is the purpose of the Create Quote API?

The Create Quote API is used to create and lock the exchange rate and fee for a payment transaction. It requires details such as send-to-receive currency pair, amount to be sent or received, and payment receipt mode. The API responds with exchange rate, fee, tax (if applicable), and a unique Quote ID for subsequent API calls.

21. What information is required for the Create Transaction API?

The Create Transaction API requires sender details, receiver details, receiving mode and purpose, receiving institute, and a reference to the Quote ID obtained from the Create Quote API. It also validates data against various checks including payload structure, quote validity, fund availability, and screening through world-check’s watchlist data.

22. What are the prerequisites for customer registration in the transaction process?

If the sending institute follows the agency model, customer registration is mandatory. The Create Transaction API can carry the customer registration number within the sender block. However, if the sending institute follows the payment services model, customer registration is not mandatory, and detailed sender information should be provided in the API.

23. What is the purpose of the Confirm Transaction API?

The Confirm Transaction API authorizes the payment order from the sending institute to the processing institute. It passes the transaction through AML screening and monitoring checks. Upon successful AML checks, the payment order is processed, and the transaction value is deducted from the agent's balance in the system.

24. How can I check the status of a transaction?

You can use the Enquiry API to check the status of a transaction periodically. This API allows the sending institute to retrieve information on the progress of the transaction status.

25. What is the Reference Code API used for?

The Reference Code API defines properties such as flags and codes used in the transaction process. It is expected by the transaction API and should be stored and mapped at the sending institution’s systems for reference during message passing.

26. What is the purpose of the Get Codes API?

The Get Codes API is used to retrieve master data for various categories, including ID types, relationships, professions, account types, and more. It provides a comprehensive list of codes and their corresponding descriptions for the available services.

27. What types of data can I retrieve using the Get Codes API?

The Get Codes API allows you to retrieve master data for the following code types:

• Relationships

• ID Types

• Sources of Income

• Purposes of Transaction

• Professions

• Account Types

• Payment Modes

• Visa Types

• Instruments

• Receiving Modes

• Fee Types

• Address Types

• Transaction States

• Income Types

• Income Range Types

• Cancel Reason Codes List

• Transaction Count Month

28. How is the response structured for the Get Codes API?

The response from the Get Codes API contains multiple types separated by commas. Each type includes a list of code-value pairs, where the code represents a specific category or type, and the value provides a description or name associated with that code.

29. How can I use the data retrieved from the Get Codes API?

The data obtained from the Get Codes API can be used for various purposes, such as populating dropdown lists or selection fields in user interfaces, validating user inputs, or performing data analysis and reporting. It provides standardized and consistent master data for different categories, enhancing the efficiency and accuracy of applications and systems.

30. Is the data returned by the Get Codes API updated regularly?

Yes, the master data returned by the Get Codes API is maintained and updated regularly to ensure accuracy and relevance. Any changes or updates to code values or descriptions are reflected in the API response to provide users with the most up-to-date information.

31. Can I filter the response based on specific code types?

Yes, you can specify the code types you want to retrieve by including them as parameters in the API request. The API will then return master data for the specified code types, allowing you to customize the response based on your requirements.

32. What is the purpose of the Access Token API?

The Access Token API is used to obtain API access tokens from the D9PS (Digit9 Payment Service) identity & security engine. These tokens serve as keys to access other APIs within the system.

33. How does the Access Token API work?

The Access Token API authenticates users using credentials provided by the payment processor. Upon successful authentication and authorization, the API returns an access token to the calling application. This token grants access to the requested services.

34. What is the significance of an access token?

An access token acts as a gateway key, allowing authenticated users to access specific APIs within the system. It serves as proof of authorization and facilitates secure communication between the calling application and the D9PS identity & security engine.

35. How long is an access token valid?

Each access token is tagged with a validity period, and the expiry duration is echoed in the response from the Access Token API. The calling application can manage the token's state accordingly based on its validity period.

36. What happens if an access token expires?

If an access token is used after its validity period expires, access to the services is restricted. In such cases, the calling application needs to generate a new access token by re-authenticating the user through the Access Token API.

37. How can the calling application manage access tokens effectively?

The calling application should monitor the expiry duration of access tokens received from the Access Token API. When a token approaches its expiry, the application should proactively request a new token to ensure uninterrupted access to the services.

38. Can multiple access tokens be issued for different users or applications?

Yes, the Access Token API can issue multiple access tokens for different users or applications, each with its own validity period and scope of authorization. This allows for granular control over access to services based on user roles and permissions.

39. Is the access token transmission secure?

Yes, the access token transmission is secured using industry-standard encryption protocols and secure communication channels. This ensures that sensitive authentication credentials and tokens are protected from unauthorized access or interception during transmission.

40. How can I integrate the Access Token API into my application?

You can integrate the Access Token API into your application by making HTTP requests to the API endpoint with the appropriate credentials and handling the response to retrieve and manage access tokens. Detailed documentation and guidelines for integration will be provided by the D9PS identity & security engine.

41. What is the purpose of the Get Branch Master API?

The Get Branch Master API is used to retrieve the list of bank branches available for a specific bank and country. It provides essential information about the branches, such as their names, addresses, and contact details.

42. How does the Get Branch Master API work?

The Get Branch Master API accepts parameters specifying the bank and country for which the branch information is requested. It then queries the database or backend system to fetch the relevant branch data based on the provided criteria.

43. What information does the Get Branch Master API return?

The API returns a list of bank branches matching the specified bank and country. Each branch entry typically includes details such as:

• Branch Name

• Swift/ISO Code

• Routing Code

• Sort Code

• Town Name

44. How can I use the Get Branch Master API in my application?

You can integrate the Get Branch Master API into your application by making HTTP requests to the API endpoint with the required parameters (bank and country). Upon receiving the response, you can parse the data and display it within your application to provide users with access to branch information.

45. What are the parameters required for the Get Branch Master API?

The main parameters required for the Get Branch Master API are:

• Bank: The name or identifier of the bank for which branch information is requested.

• Country: The country for which branch information is requested.

46. Is the branch data returned by the API updated regularly?

Yes, the branch data returned by the API is typically maintained and updated regularly to ensure accuracy and relevance. Any changes or additions to the branch information in the backend system are reflected in the API response.

47. Can I filter or search for specific branches using the Get Branch Master API?

Yes, you can filter or search for specific branches by providing additional parameters such as branch name, location, or other identifiers. This allows you to narrow down the search results and retrieve the desired branch information more efficiently.

48. Is the Get Branch Master API secure?

Yes, the Get Branch Master API is designed to adhere to security best practices and may implement authentication and authorization mechanisms to ensure that only authorized users or applications can access branch data.

49. What is the purpose of the Transaction Status Callback API?

The Transaction Status Callback API is used to push the status of a transaction from our system to the partner's end. It facilitates real-time updates on the status of transactions, enabling timely processing and communication with stakeholders.

50. How does the integrity validation work for the callback API?

Integrity validation is ensured by using a pre-shared secret to compute a hash value based on the request payload. This hash value is included in the request header as "hash" for verification. Upon receiving the callback, the partner system computes the hash using the incoming payload and the pre-shared secret and compares it with the value in the header to validate the integrity of the request.

51. Can you provide an example of how the hash value is computed?

The hash value is computed using the SHA512 algorithm and the following formula:

SHA512-hashOf({"transaction_ref_number":"5712122130661730","state":"COMPLETED","sub_state":"CREDITED"}<<secret>>)

The "<<secret>>" represents the pre-shared secret concatenated at the end of the request payload.

52. What security measures are in place to prevent unauthorized access to the callback API?

To enhance security, access to the callback API is restricted by whitelisting the IP address (20.207.110.226). This ensures that only requests originating from the specified IP address are accepted by system.

53. How should partners handle invalid callback requests?

Partners should validate incoming callback requests by computing the hash value and comparing it with the value in the "hash" header. If the values match, the request is considered valid and can be processed. Otherwise, the request should be rejected to prevent unauthorized access or tampering with transaction status updates.

54. Is there any documentation or guidelines available for partners regarding the callback API?

Yes, partners can refer to the documentation provided for detailed instructions on implementing the callback API, including payload format, hash computation, and IP whitelisting requirements. This documentation ensures smooth integration and adherence to security protocols.

55. How does the partner ensure the security of data in transit and at rest?

To secure data in transit, the partner uses AES256-SHA2 encryption and authentication for VPNs and minimum TLS 1.2 with AES for SSL. For data at rest, AES 256 encryption is employed. Key management processes involve securely generating, storing, and archiving keys with physical protection measures, and in cloud environments, keys are protected using an Access Management solution.

56. Where is the data stored and how is it protected?

Data is stored in PostgreSQL databases. The storage is protected using strong encryption (AES 256) for data at rest and various security measures to ensure the data's integrity and confidentiality. Cloud-based keys are secured with an Access Management solution.

57. How long is the data retained, and what is the justification for this duration?

Data retention policies comply with the Central Bank of UAE's regulations, requiring customer and transaction data to be stored for a minimum of 5 years. Corporate financial records and business information are retained for a minimum of 10 years. This retention period ensures compliance with regulatory requirements and supports auditing and legal needs. Detailed policies can be found on the Central Bank of UAE's website and the Lulu Exchange privacy policy.

58. What is the process and frequency for data purging?

Highly confidential or sensitive data is purged using a two-step process: initial sanitation with a software-based tool followed by additional sanitization using a degaussing machine. If degaussing is not feasible, the initial sanitation phase is combined with crypto shredding. This ensures that all data is irrecoverable. Purging includes deletion from backup tapes and other storage media.

59. Who has access to customer data and what type of access is granted?

Access to customer data is carefully controlled based on job roles and business needs:

• Compliance Team: Read-only access for Anti-Money Laundering (AML) processes to review customer information and transactions.

• Customer Support Team: Read-only access for re-engineering processes to analyze customer interactions and feedback for improving customer experience.

Customer onboarding process flow:

1. What is the Customer Onboarding API used for?

The Customer Onboarding API is used to initiate the process of onboarding new customers into our system. It captures all necessary customer information, performs validation checks, and initiates the customer verification process, including Video KYC (Know Your Customer) and liveliness checks.

2. What steps are involved in the customer onboarding process?

The customer onboarding process involves the following steps:

• Capturing Customer Information: All relevant customer details are collected through the API.

• Validation and Verification: The collected information is validated for correctness, and various verification checks, including ID checks and customer verification processes such as Video KYC and liveliness checks, are performed.

• Compliance Screening: Once verification is completed, the customer details are sent to our compliance system for name screening to ensure compliance with regulatory requirements.

• Regular Onboarding: If the customer passes all verification and compliance checks, their details are sent to our regular onboarding platform for further processing.

• Customer ID Generation: Upon successful verification, the API returns a unique customer ID as a response, indicating that the customer has been successfully onboarded.

3. What happens if the AML System rejects the onboarding process?

If the AML (Anti-Money Laundering) System rejects or stops the onboarding process for any reason, an alert is generated, and the compliance team is informed. The investigation process for enhanced due diligence takes place to address any issues or concerns raised by the AML System.

4. Who controls, accepts, and maintains the onboarding process and customer data?

The entire customer onboarding process, including controls, acceptance, and maintenance, is managed and executed by Lulu International Exchange. All customer data collected during the onboarding process is stored securely in our data center, ensuring compliance with data protection and privacy regulations.

5. Is customer data stored securely?

Yes, customer data is stored securely in our data center, and strict security measures are implemented to safeguard against unauthorized access, loss, or misuse of customer information. We adhere to industry best practices and comply with data protection regulations to ensure the confidentiality and integrity of customer data.