An API otherwise known as application programming interface makes communication between different types of software possible so that multiple tasks can be executed automatically.
Assembly’s Payment APIs make accepting payments by card, Direct Debit and real-time, processing payouts and reconciliation possible in real-time. API automation is also used to help customers manage their payment workflows.
Arbitration is the final step in the chargeback process - credit-card-issuing companies need to determine whether an acquirer (or the business processing payments on behalf of a merchant) is responsible for a chargeback.
If the dispute between themerchant and cardholder is unable to be resolved by both the cardholder and the acquirer, the case is referred to the card scheme provider (Visa, MasterCard, AMEX, or Discover) to make the final decision.
Anti- money laundering (AML) refers to one way in which governments and financial institutions track and prevent the occurrence of financial crimes - particularly money laundering and terrorism financing.
Know your customer (KYC) is a process that exists within AML practices, which is concerned with verifying a customer’s identity. KYC requires relevant customers to provide appropriate identification credentials, in order to use a company’s service. For example, consumers are required to provide ID documents before opening a bank account.
To reduce the risk of cyber terrorism and financial crimes, businesses must implement practices that allow them to confidently and consistently identify, analyse and understand exactly the people they’re doing business with.
Different types of legislation may apply depending on your business. It is important that your businesses obtain independent advice on what legislation applies to your specific industry and type of payments.
The Australian Transaction Reports and Analysis Centre is an Australian government financial intelligence agency set up to monitor financial transactions to identify money laundering, organised crime, tax evasion, welfare fraud and terrorism financing.
Card payments authentication relates to the process involved in verifying the identity of a credit-card user so that a transaction or request for information may be completed.
In order to ensure that a customer’s debit or credit card has sufficient funds or credit limit to complete a transaction, an electronic authorisation request is sent to the card issuer. Approval of such a request indicates the account is in good standing, the card has not been reported lost or stolen and has sufficient funds or credit limit to cover the transaction.
Broadly, this term relates to grouping related transactions together for exchange and or processing. Examples include Direct Debit and BPAY where payment instruction batches are exchanged between banks in batch files at agreed times of the day. This contrasts with online card based payments and real time payments that are processed individually and immediately upon initiation by the payer.
For card payments the term is also used to describe the accumulation of sales / transactions that have been individually authorised but are waiting to be settled - that is, credited to the merchant. Multiple batches may be settled throughout the day.
At Assembly, we use the batch term to describe the collation of all the payment instructions for batch-based payment methods, such as Direct Debit and Direct Credit, that are ready to be processed and lodged with our banking partners for exchange with other financial institutions.
In order to prevent funds associated with fradulent transactions being disbursed, or to prevent further access to a account, a block or suspension may be applied to the impacted account.
BPAY was developed by Australian banks for domestic next-business-day payments. BPAY allows payers to initiate payments from their cheque, savings or debit account (or credit card if permitted) via their participating bank. The payment is directed to a specific biller by means of a biller code and the payment is identified using a customer reference number. BPAY can offer customers the convenience of paying using their trusted bank and it gives businesses a low cost way to receive cleared funds, while validated reference data allows for easy reconciliation.
Traditionally, businesses using BPAY had to wait a full business day after the payment was initiated to receive confirmation of it being made and to therefore act upon it. Assembly is the first payments platform to provide up to three BPAY advance notifications throughout each business day. This accelerated notification to businesses gives them the power to rapidly confirm and respond to BPAY payments - often on the same day the payment was initiated.
In card payments, the date that a transaction is processed by a merchant acquirer is known as the capture date.
Card payment transactions where the physical card is not present while the transaction is taking place, such as for online purchases.
A chargeback is similar to a refund, but instead of the cardholder going directly to the business to request a refund, they deal with their bank directly by disputing the transaction on their credit or debit card and requesting that it be reversed.
Card schemes determine the amount of time provided for cardholders, merchants, and banks to initiate or respond to various steps in the chargeback process. The time limits can vary considerably, depending on the nature of the chargeback and the card schemes involved.
If a cardholder, or someone who uses the card, makes a purchase and then submits a chargeback based on a false claim, it’s called chargeback fraud. For example, if a person falsely claims they didn’t receive purchased goods, this would be classified as chargeback fraud.
A digital currency where encryption technology, operating independently of a central bank, is used to regulate the generation of units of currency and verify the transfer of funds. Issuers of such currencies predominantly usedistributed ledger technology.
At Assembly, we don’t accept payments directly, but we do help cryptocurrency exchanges to receive and disburse funds when their customers seek to convert into and from cryptocurrencies. They can receive funds via either Assembly’s BPAY or Real Time Payment product.
For disbursement of funds to customers, the exchange can use our Direct Credit or Real Tim Payment option or a combination of the two, to optimise the speed of processing and the breadth of customer coverage.
When personally identifiable information (PII), is accessed, stolen, or used by an unauthorised party, it’s called a data breach. Depending on the jurisdiction and nature of a data breach involving PII, there are mandatory government and public reporting requirements which may apply.
Using an algorithm to transform sensitive data into another form that is unusable to anyone except those with access to a password or key to decrypt the data.
A DSS relates to a common set of information security policies and procedures that must be employed by any organisation that accepts, processes, stores, or transmits credit card information. These policies and procedures exist to protect cardholder data and prevent misuse of cardholders’ personal information. Also referred to as the Payment Card Industry Data Security Standard (PCI DSS).
Note, Assembly Payments is certified as a fully PCI DSS compliant Level 1 Service Provider, which is the most stringent level of certification available in the payments industry.
Direct Debit is an account-to-account payment method which allows businesses to debit a customer’s nominated Australian bank account based on a standing order authority from the customer. This standing authority gives businesses the ability to initiate the pulling of the funds from the customer’s account on the agreed date, and to set up recurring payments instead of waiting for the customer to do so.
Assembly gives you the ability to obtain a digital authority from users, to debit their bank account as per your service agreement with them. You can then trigger authorised payments using an API automation to allow you to initiate payments. Assembly's Direct Debit solution ensures your customers can pay easily and securely, while helping your business reduce manual effort, errors, and processing costs.
Direct Entry (DE) is a cost-effective batch-based payment system that allows for the easy transfer of money between individual accounts at Australian financial institutions. More than one third of Australian non-cash payments are made by DE through the Bulk Electronic Clearing System (BECS) which is administered by the Australian Payments Network.
Assembly payments can help set up DE for your business. The DE system consists of Direct Credits and Direct Debits. Direct Credits are commonly used by businesses for batches of payroll and creditor payments. Direct Debits are commonly used by B2C businesses to debit their customer’s bank account for recurring payments such as insurance premiums, memberships and subscriptions. DE may also be used for a series of one off payments triggered by the customer.
A Drop-in UI is a ready-made payment interface that makes capturing credit card details easy and straightforward. This solution allows you to capture card details securely .
Assembly’s Drop-in UI enables you to accept all major payment cards.
The buying and selling of goods and services via the internet.
EFT relates to the electronic transfer of funds between bank accounts.
Fiat is money that is declared to be legal tender, including any current form of currency, such as paper money or coins. Fiat money is backed by the government (instead of a physical commodity, such as gold) and the government maintains its value.
Any organisation concerned with moving, investing, or lending money, dealing in financial instruments, or providing financial services is known as a financial institution.
The Reserve Bank of Australia classifies FI's in Australia into 3 main types:
1. ADI - authorized deposit-taking institutions (e.g. the major banks);
2. Non-ADI FIs - money market corporations such as brokers, dealers, finance companies and securitisers; and
3. Insurers and Fund Managers.
Note, Assembly Payments (trading as PromisePay Pty Ltd) holds an Australian Financial Services Licence (AFSL) number 478497.
FinTech is short for financial technology and is a term that refers to an organisation that uses or develops technology to improve the delivery of processes or services within the financial services sector.
In payments, fraud is used to describe using dishonest means to perpetrate false or illegal transactions. Fraud may be conducted for monetary gain or other benefits and there are many different types of fraud including account takeovers, identity theft, card counterfeiting, and other illicit schemes.
Fraud rules combine the analysis of a customer's business model, type of industry, and historical data to develop effective rules used to detect fraudulent activity. This is done by looking at customers’ device information and purchase behaviour on every single transaction.
Assembly uses a fraud-prevention tool that delivers real-time, multi-tiered protection, which allows us to create and deploy fraud rules specific to the industry and geography, as well as tailored rules specific to our client’s business models.
In the payments industry, the term ‘hacker’ is used to refer to a cybercriminal, often an expert programmer, who gains unauthorised access to systems, networks, and or data.
An online marketplace is a website or app that aggregates products from different sources for customers to purchase. The operator of the marketplace generally doesn’t own the inventory - their business is to present other people’s inventory and facilitate the transaction. A great example of an online marketplace is eBay - who bring in products from all over and connect them with people looking to buy what they’re selling.
A retailer, or any other person, firm, or corporation that agrees to accept credit and/or debit card payments in exchange for goods or services.
The financial institution that processes a payment transaction on behalf of a merchant is known as a merchant acquirer. The merchant acquirer underwrites the merchant, and may in some cases, enable the merchant to capture transactions by providing the hardware and software required to do so. Merchant Acquirers enter agreements with the various payment-card schemes, which oblige them to pass on certain rules, terms and conditions to the merchants they sponsor to accept such card transactions. This is achieved via a merchant agreement, either directly with the merchant, or indirectly via an authorised payment facilitator like Assembly Payments.
Assembly partners with reputable global acquirers in the regions we operate in to streamline the process for businesses wanting to accept card payments.
The written contract between merchant and merchant acquirer that details their respective rights, responsibilities, and warranties related to the processing of payment transactions.
A number assigned to a merchant that uniquely identifies them throughout the course of payment card processing, settlement and billing activities.
Net settlement refers to the total net value of a bank’s transactions at the end of the day, after taking into account the value of all inbound amounts and outbound liabilities, with only the net difference being paid or received by the financial institution.
The NPP is an Australian domestic payments infrastructure that enables real-time clearing and settlement from bank account to bank account. These real time payments are simplified through the use of a PayID that uniquely identifies the payee. They also give the option to include extensive payment reference data, far more than any other payment method, making transactions easy to recognise.
Assembly is the first non-bank payments platform to offer instant money transfers using the NPP with Real Time Payments which is an API-based solution, allowing businesses in Australia to send and receive payments within seconds, 24 hours a day, 7 days a week.
The NPP has been developed in collaboration with 13 founding financial institutions as well as a number of others who are connected by way of these 13 institutions.
The introduction of the NPP means an increase in payment options - adding to the methods already in place, such as BPAY, credit/debit cards, cash, cheques. While these existing methods will still remain, it’s anticipated that the NPP will eventually become the preferred payment option due to its enhanced features and overall benefit to businesses and consumers.
The platform is expected to continue to evolve over time to meet the ever-changing needs of the market.
The New Payments Platform Australia Ltd (NPPA) is responsible for developing and maintaining the NPP to ensure it consistently meets the needs of the industry.
If a financial services provider is not licensed or authorised by APRA to operate a banking business as an authorised deposit-taking institution, they are considered a non-ADI.
For example, Assembly is a non-ADI that offers payment methods such as NPP, BPAY, Direct Debit, EFT, credit and debit cards and fraud protection.
OSKO is an NPP overlay service that acts as an enabler to move money rapidly from one account to another.
A PayID is an easy-to-remember N payee identifier such as a mobile number that can be linked to your bank account. Then, when you need to collect payment from a customer, you can provide them with your PayID instead of your BSB and account number.
PayID doesn’t replace your standard BSB or account reference number - it’s a linked ID that you can provide to avoid the hassle of having to remember/provide those numbers.
Assembly uses a fraud prevention tool that delivers real-time, multi-tiered protection, allowing us to create and deploy fraud rules that combine the analysis of the customer's business model, type of industry, and historical data to deploy the most effective rules aimed to detect fraud.
A “Payment Held” is a term that Assembly uses to describe when a payment is exhibiting fraudulent behaviour and is placed into a queue to be manually reviewed before approving.
Payment workflows refer to a series of steps or tasks related to a process involving payments. These could include:
Step 1: Tenant pays their rent with real-time payments to a property tech platform
Step 2: The payment is split and paid out to the property agent, the landlord and the platform receive payment for their services.
Step 3: Reconciliation takes place to ensure everyone has been paid their due amounts.
Payment workflows ensure that payments happen on time and have the appropriate approval levels.
The complex ecosystem supporting a payment transaction - for example, in a payment card transaction that would include: the cardholder, the merchant, their , the card scheme / network (e.g., Mastercard®, Visa®), the card issuer as well as various third-party servicing entities that are required to support many aspects of this process.
The PCI DSS are in place to help businesses navigate the correct handling of customer payments data. These standards apply to merchants, financial institutions, payment-device makers, software designers, processors, and other third parties that handle credit cards from major card organisations.
These standards are in place to ensure payment card account data is secure. All entities that store, process, and/or transmit cardholder data are required to adhere to these standards.
Assembly is PCI DSS Level One, which is the highest possible level of security under these standards.
RTGS makes it possible for high-value intra-day payments to be made between financial institutions. When compared to NPP-based real time payments, the Australian RTGS service has some significant constraints, such as being restricted to banking business hours, relatively high costs and limited transaction reference details.
RTP is a service provided by Assembly that uses NPP infrastructure to transfer money instantly, allowing your business to send and receive payments within seconds, 24 hours a day, 7 days a week.
By speeding up the way businesses make and receive funds, Real Time Payments gives the ability to enhance customers’ experience. It allows businesses to:provide customers with a superior experience through fast, flexible payments and faster service; maintain uptime and brand reputation through proven, reliable technology; and reduce manual effort, errors, and costs through API automation.
A retrieval request, also known as ‘first request’ or ‘request for information’ (RFI) is non-financial query used to verify a transaction. It can be instigated by either the card issuer or the cardholder. A retrieval request is usually conducted to clarify information about unrecognised transactions in order to verify if they are legitimate or fraudulent.
Although retrieval requests are non-financial queries, it’s essential to promptly respond with as much information as possible about the transaction so that the issuing bank doesn’t say that not enough information was provided, leading to a chargeback.
Web pages that are secured with secure sockets layer (SSL) 128-bit encryption and designed to accommodate the safe transfer of sensitive data are considered to be more secure payment pages for the purpose oftransactions.
All merchants must have SSL on their website to capture payments securely, as outlined in the PCI DSS guide.
A token is a unique identifier created by an algorithmic process that replaces a credit card number and other sensitive data when a payment transaction is processed. Tokens can be passed electronically without exposing actual customer account data, which protects against credit card fraud.
Tokenisation is data-security technology that substitutes sensitive credit card data with a non-sensitive alternative reference. This allows sensitive data to be passed over the internet without exposing the data to cybercriminals.
A payment transaction initiated by the payer, for example via a payment card, an -enabled real time payment or BPAY, that an investigation reveals has not been authorised by the account holder / cardholder, is said to be unauthorised. This may be the result of or cybercrime, for example an account takeover. This does not refer to a card issuer declining authorisation for payment on a transaction.
A credit or debit transaction cancelled by the seller / merchant, after authorisation but prior to completion and settlement of the transaction.
InsightsRebuilding the plane, while still flying it. Our journey on building our data platform from scratch.
Find out how Assembly took an eight year old monolithic platform that was slow, manual, and costly and built a fully scalable digital platform that connects all the data dots across our business. Now, we get the big picture view, allowing us to holistically see how our business is running.
CompanyAssembly’s Hack Day 2021: Tiny Care Slack Bot
Having been through more than a year in lockdown, the objective of this year’s Hack Day was to provide an opportunity for the Product & Tech teams to come together and collaborate on new ideas (outside of payments), learn, and simply have fun!
Insights5 scaling considerations for finance teams
As a company works at a frenetic pace to meet the challenges of scaling up, the finance team plays a vital role in working alongside the management team and the wider organisation to define and execute the business's strategy. Finance’s role in capturing and analysing financial data is central to these efforts, as using data-driven insights to guide strategic business decisions becomes the norm.