How can we help?

Secure Payments overview

Learn about Secure Payments, LoanPro's PCI-compliant sister software.


Secure Payments is a LoanPro product that integrates with both LMS and third-party payment processors to move money between you and your borrowers, including payments, funding transactions, and card swipes. We developed it as a separate software so that it can stay PCI-DSS compliant while leaving your day-to-day operations out of PCI scope. Secure Payments' code, procedures, and practices all meet a high standard for security, and that's where all of your customers' payment profile information is saved.

This article will walk through the tools available in Secure Payments and how to use them. Secure Payments also uses a separate API (with its own credentials), which you can learn about in our Secure Payments API developer docs.

What are PCI-DSS security standards?

Payment Card Information (PCI) Data Security Standards (DSS) were created to protect consumers and their card information. Now, any company that stores, processes, or transmits card data must follow PCI compliance standards. LoanPro has made it easy to follow these standards with our sister software: Secure Payments. Secure Payments was developed to take payments and be PCI compliant so that the LoanPro loan management system (LMS) does not have to follow some of the more inconvenient rules. Secure Payments helps you protect your consumers while keeping LMS efficient.

PCI Compliance is broken down into twelve requirements across six categories.

Build and Maintain a Secure Network and Systems

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Stored Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need to know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for all personnel

 

Secure Payments follows all PCI requirements. When you use Secure Payments to store, process, or transmit data you can rest assured that you will be PCI compliant. Secure Payments has the following features to make compliance easier for you:

  • Automatic log-out after five minutes
  • Password expiration after 90 days
  • Frequent API token changes
  • Field validations: ensures credit/debit card data is not being stored in unintended fields (also in place in LoanPro LMS)
 
 

Account setup and linking

Before you use Secure Payments, you'll need to take two steps for setup: first, creating an account, and then linking it to your LMS account. 

Creating a Secure Payments account

ou'll need to use an email address as the username login for your Secure Payments account. Unlike LoanPro, where multiple users can access the same account, Secure Payments only allows a single user per account. This ensures a far greater level of security and protects your customers' private information. A separate Secure Payments account is required for each of your LMS tenants. So, if you only have a production LoanPro account, then you will only need one Secure Payments account. If you purchased an additional LoanPro Sandbox account during your account activation, you will need to create an additional Secure Payments account.

The email address you use needs to be a real, accessible email account where Secure Payments can send important communications such as password reset emails or import reports. Many clients prefer to create a new email address at their company domain specifically for each Secure Payments account. For instance, if your domain was SampleLending.com, you could use these:

  • Production – SecurePayments-Production@SampleLending.com
  • Sandbox – SecurePayments-Sandbox@SampleLending.com (Not Required if you do not have a Sandbox account)

With an email address ready, navigate to the Secure Payments Signup Page. There, you'll begin by entering your email address and setting a password. Click "Sign Up" and the system will redirect you to the Login Page, where you will enter the credentials you just created.

Having successfully logged in, you'll now see a screen like the picture below. Click the banner across the top of the page prompting you to Activate your account.

Our activation walkthrough will guide you through the process. If you face any difficulty, contact our support staff, who can sort out any issues.

In order to activate your Secure Payments account, you will be required to put a credit/debit card on file. You will only be charged money when you use additional paid services (see the Actions tab below).

 
 
 

Linking your Secure Payments and LoanPro accounts

Once your account is activated, navigate into LoanPro under Settings > Company > Merchant to link your newly created Secure Payments account to LoanPro. Depending on your account setup, you may see one of the two screens. Click either select ‘Change Account’ or ‘I already Have One’ to simply link the new account. Follow the steps prompted on the screen to enter in your Secure Payments credentials.

You have now successfully set up and linked your Secure Payments account to LoanPro. This means you're ready to begin processing payments.

 
 

Secure Payments credentials

Since Secure Payments holds sensitive customer payment information, maintaining credentials in a secure way is an important thing to know. In this article, we'll discuss how to use, monitor, and update your credentials.

Reset Your Password in LoanPro

The primary email associated with your Secure Payments account will receive notifications when the password is about to expire. If you update your password in Secure Payments, either via the UI or the API, your LoanPro account will no longer be connected to Secure Payments. Due to this, we strongly recommend that you complete all your password updates in LoanPro to avoid any issues. 

To update your password, navigate to Settings > Company > Merchant > Secure Payments inside of your LoanPro account. Then, select 'Change password'.

When you click 'Change password', you will be asked for your old password and to enter a new one.

Once you have entered your password information, click 'Save'. You'll want to make sure that your old password is correct, since you will only have a few unsuccessful attempts to change the password before the account will be locked. If you don't remember your old password, contact support for assistance. 

Password Guidance

Because of the sensitive nature of the data it stores, access to Secure Payments should be closely guarded. Here are some best practices to ensure unauthorized parties don't gain access to your Secure Payments account.

One of the most common ways unauthorized parties gain access to an account is through password theft. It is the responsibility of each user to safeguard their password. You should change your password if any of the following occurs:

  • You suspect your password may have leaked
  • Your password was posted anywhere public
  • Any device you use to log in to Secure Payments was lost or stolen

Always be conscious of password security. Don't share your password with anyone, and use a password manager instead of writing your password down.

Password Enforcement

LoanPro uses the following policies to enforce passwords:

  • A user can attempt to login five times before they will be locked out for 30 minutes and need to change their password.
  • Creating/changing your own password requires email verification and at least ten alphanumeric characters.

Secure Payments API Tokens

To communicate with Secure Payments API, requests for LMS and custom applications need to be authenticated. Secure Payments uses a token and secret to authenticate requests. These two tokens represent and give access to the Secure Payments account, so it's important to keep them safe. Here are the important points regarding Secure Payments credentials:

  • LMS and custom applications are required to authenticate the account's token and secret to access Secure Payments.
  • The token and secret do not expire.
  • Unused authentication should be revoked.

In the past, the token and secret were tied to login credentials (your username and password), but this is no longer the case.

 

API Requests

Most Secure Payments endpoints expect both the secret and token to be submitted as part of the request headers. The headers for your requests will need to be formatted like the following:

Authorization: {token}

Secret: {secret}

Tokens and secrets are a pair, and they don't work without each other: each secret is unique to each token and vice versa. While the token and secret do not expire, requests won’t be allowed if the account's password has. If this is the case, you'll receive a 401 response with an authentication error message.

Monitoring Expiration

You can monitor the expiration of your password via the Secure Payments API. To retrieve information about your Secure Payments user, send a GET request to the following endpoint:

https://securepayments.loanpro.io/api/users

The response from this endpoint will look something like this:

{
  "role": "user",
  "amount": 500,
  "nacha_action": true,
  "sftp_nacha_price": 0.28,
  "updated": "2019-10-01T19:05:33Z",
  "username": "user@email.com",
  "trial_account": false,
  "created": "2018-07-31T19:31:32Z",
  "routing_action": false,
  "card_lookup_price": 0.05,
  "days_since_update": 71,
  "echeck_price": 0.25,
  "days_remaining": 19,
  "balance": 4967.969999825582,
  "anet_price": 0.25,
  "anet_action": true,
  "address_verify_price": 0.09,
  "id": 798,
  "contract_signed": true,
  "minimum_balance": 50,
  "address_action": false,
  "echeck_action": true,
  "lookup_action": true,
  "bank_name_lookup_price": 0.01,
  "contact": "user@email.com",
  "country": "usa"
}

Generating New Authentication Credentials

It is possible to generate a new set of authentication credentials outside of the LoanPro UI. This is achieved by using sending the following POST request:

POST https://securepayments.loanpro.io/api/authenticate

{ 
   "username":"currentUsername",
   "password":"currentPassword"
}

If your request is successful, you will receive a response payload that looks like this:

{ 
   "token":"new token",
   "secret":"new secret"
}

Revoking Authentication Credentials

To revoke a set of credentials, send a POST request to the following endpoint:

POST https://securepayments.loanpro.io/api/revoke

Make sure you use the token and secret you want to revoke in the request headers to authenticate the request. The response from a successful revoke request should look like the following:

{ 
   "message":"Token revoked."
}
 
 

With these steps complete, you're ready to start using Secure Payments. 

When you first open Secure Payments, you'll land on the Customers page. On the left, you'll see a navigation pane listing other pages, which are categorized into four groups:

  • Customers and cards
  • Reports
  • Tools
  • Settings
  • My account

The rest of this article will explain how each individual page works.

Customers and cards

Here you can manage individual customers and the cards you've issued them.

Customer manager

To access the Customer section, head directly into Secure Payments and click the Customers tab on the left side of the page.

The Customers page has two main functions. You can search for existing customers by entering keywords into the ‘Search’ field on left side of the screen, or you can add new customers.

Customer Creation and Personal Info

To enter a new customer record, click the black plus button at the top right corner of the screen.

This should pull up a screen where you can fill in the personal customer's personal information. Required fields for creating a customer are marked with an * and include the customer's first and last name, gender, birth date, and address. Fields marked with a 1 are required for a customer to have a card for their line of credit account. These include the customer's email, phone number, and Social Security Number (SSN). 

If you enter a ZIP code (not a postal code) in the address field, the city and state will be automatically populated for you. Above the mailing address section, there is a “Same as primary” link. If you click it, the mailing-address fields will be populated with the values from the corresponding primary-address fields.

Once you have entered all of the required customer information, click Save.

Payment Profiles

Once you have created a customer, you can click on their name to see their information. This will automatically take you to the personal information screen, which will contain the information you entered when creating the customer. To create a payment profile for your customer, navigate to the Payment Profiles tab to the left of the customer profile screen.

Click the black plus button to add a payment profile.

Once the Add Payment Profile screen pulls up, choose the type of profile (whether it is a bank card or a bank account) and enter the rest of the required information.

Note: If the payment profile type is a bank account, you can choose between checking and savings accounts. The account type will be displayed.

 

Click the ‘Save’ button to complete the process.

Transaction History

The Transaction History tab is located right below the Payment Profile tab. Here you can see all the current and past transactions for the customer in Secure Payments. If needed, you can choose a date range to search transactions. By clicking the small info button to the far right of each transaction, you can see more details about the individual transactions.

Cards

If the customer has cards associated with a line of credit account, they will show up here in the Cards section. You'll see at a glance the card's status, available credit, and the card title. 

We plan on releasing future articles that will explain in-depth how to add a card to a customer's profile, but for now our creating a card article will help you understand how our card functionality works and what it can do for your operations. 

It's important to note that the cards in the Cards section are not the same as the bank cards you can add as a payment profile. Cards are used to access credit from a line of credit account while bank cards are a payment profile that can be used to make payments on an account (loan, lease, line of credit). 

 

Notes

The final tab on the Customer Profile page is Note Manager. On the Note Manager page, you can see any previous notes and add new notes related to the specific customer. Simply click the plus button to add a new note.

 
 

Card manager

Within the card manager, you'll see a list of all the cards you've issued. On the left, there are options to filter your results by type, program, status, and available balance.

Each individual card shows the following:

  • the card's UUID
  • the customer it's linked to
  • the card's title
  • the program it was created from
  • its available balance
  • the type (credit or prepaid)
  • it's status
  • the date when it was created (YYYY-MM-DD HH:MM:SS UTC)
 
 

Reports

In this area, you can run a Transaction History Search, view NACHA or CPA-005 files and history, and see your own usage history.

Transaction history search

The transaction history search lets you search through customer transactions. From this page, you can filter through results, get NACHA batch IDs, and get additional information about each transaction.

There are several ways to filter search results:

Filter Description
Keyword Enter any keywords you want to use to filter the results of your transactions into the “Search” field.
Date To view transactions that occurred in a specific date range, use the drop-down to choose the date range. Options include the past day, week, month, or quarter; from the beginning of the year to the current date; and a Custom Range, which lets you select a start and end date.
Status

Use this drop-down to filter transactions by status.

There are five possible transaction statuses:

  • Void: The transaction was reversed before it reached the processor.
  • Failed: The transaction reached the processor, but they were unable to move any funds. (This could be from insufficient funds, a closed account, or similar issues.)
  • Pending: Secure Payments has not yet sent the transaction to a processor.
  • Processing: The transaction was sent to the processor or batched, and they're currently moving money from account to account.
  • Successful: The processor successfully moved the money. (Note that on batched payments, an update may never come. After several days in the processing status, the system assumes the transaction succeeded.)
Operation Operation refers to the direction in which funds are moving. Process shows only payments, Credit shows only funding transactions, and Any shows them both.
Category Use this drop-down to filter by transaction category. The available categories are Debit/Credit Card, Bank Account/ACH, and Canada EFT.
Batch ID Use this drop-down to filter transactions by batch ID.
R Code Use this drop-down to filter your search by the NACHA return code associated with each transaction.

Most selections will automatically update your search results. If you are filtering by keyword, press Enter to run the search.

Once you have created a search, click the triple-bar icon in the top right corner to export them to a CSV file.

Transaction Summary

Select the lowercase 'i' icon next to any transaction to see its details (it's in the little red box in the picture above). Clicking it will display the following window which shows the transaction summary and history:

This window not only displays information but gives you the option to void a transaction or mark it as failed. Not every transaction will show you the option of "Mark Failed"; this is only available if the transaction is in 'Processing' status.

If you are marking a transaction as FAILED, an "R-Code" is required. Our NACHA Returns article explains what R-Codes are and lists all the available codes.

Summary Tab

This area shows basic info, as well as information about the account used to make the payment and the customer themselves.

Basic Info

Transaction details include the following information:

Field Explanation
Transaction ID This is the ID of the transaction in Secure Payments.
Operation This is the operation that will be performed on the payment.
Amount This is the amount of the transaction.
Submit Date The date and time (UTC) that the transaction was submitted to Secure Payments.
Batch ID The batch ID that has been assigned to the payment. This is only applicable for NACHA payments.
Processor ID The ID of the payment processor being used to process the transaction.
Processor Category The Category of the payment processor being used to process the transaction.
Processor Name The Name of the payment processor being used to process the transaction.
TX Status This is the current status of the transaction within Secure Payments.
TX Response This is the final NACHA return code of the transaction (e.g. R01). This is only applicable for NACHA payments. For a complete list of return codes see NACHA Returns.
TX History Note This displays codes received by integrated processors for the transaction, and any messages associated with that code.
 
 

Payment Information

Here's the information about the payment:

Field Explanation

 

Loan ID

 

This is the Display ID of the account for which the transaction is being processed.

Payment ID This is the Display ID of the transaction within LoanPro.
Account Number This is the number of the account from which the funds are being transferred.
Routing Number This is the Routing Number of the account from which the funds are being transferred.
 
 

Customer Information

And here is information about the customer:

Field Explanation
Customer Name This is the name of the customer making the transaction.
Address This is the address of the customer making the transaction.
ZIP This is the ZIP Code of the customer making the transaction.
City This is the city of the customer making the transaction.
State This is the state of the customer making the transaction.
Country This is the country of the customer making the transaction.
Email This is the email of the customer making the transaction.
Phone This is the phone of the customer making the transaction.
SSN This is the social security number of the customer making the transaction.
 
 

Transaction History Tab

If you select 'HISTORY', you can see the history of the transaction by status:

The statuses of a transaction can be pending, processing, failed, or voided.

Additional Information Tab

If you select the 'Additional Information' tab, the following can be displayed depending on the transaction:

Fields that may be included in the additional information tab are as follows:

Field Description
transaction_id The ID of the transaction
response_code This is the code for the response of the transaction
operation_success This shows if the transaction was a success
status This shows the status on the transaction
reason The reason for the status of the transaction.
message A message notifying you on a transaction.
 
 

Swipe history

Swipe history shows all the purchases made through cards you've issued.

On the left, you can filter for the swipe's status, issuer, program, date, and amount. Each swipe shows that information, as well as the customer, card title, and Merchant Category Code (MCC). Clicking an individual entry brings up more detailed information about that swipe.

Tab Description
Events This shows the history of events related to the swiped, like when it was authorized or voided.
Information This shows a list of the swipe information Secure Payments receives from the network.
Memos This area shows any memos or attachments connected to the swipe.
Enriched data This shows any enriched transaction or merchant data that's available.
 
 

Nacha files and history

This tab shows Nacha files you've generated, allowing you to search by date and manually generate a file.

For more information, check out our full articles on Nacha batch processing.

 
 

CPA005 files and history

This tab shows CPA005 files you've generated, allowing you to search by date and manually generate a file.

For more information, check out our full articles on CPA-005 files and batch processing.

 
 

Usage history

Under the Reports section of the left side panel in Secure Payments, you'll find the Usage History. The Usage History section of Secure Payments is designed to show your current balance and usage so you can see where you are spending money in Secure Payments. Your current balance is visible at the top left of the list of transactions. Underneath the balance are two drop-downs you can use to filter the list of transactions by date range or by service type. You can also search by a custom date range by clicking on the date range itself.

The transaction list is the main body of the page, where you can see the ID, Date, Service, and Action for each transaction. By default, the transactions list will show you a list of all transactions for the current month, but when you select a filter, the results will show in the transaction list. If you want to export the transactions list, click the button with three bars, then click the Excel icon that appears.

To the right of the transactions list, there will be a box that say 'Total Number Of Calls.' This will give a summary of how many call of each servicing type have occurred.

 
 

Tools

This section only contains imports. Since customer payment profiles fall under PCI scope, the process to import them into LMS also involves Secure Payments. It's a straightforward process, but it does involve enough steps that it's handled in it's own article on Payment Profile Imports.

Settings

These settings control how Secure Payments works. The profile section shows you your API credentials, the email where notifications are sent, and MFA settings. On the processors page, you can create and edit all of you payment processors.

You can set up webhooks to send information after specific events. You can also customize the styling for your Secure Payments iframe. Lastly, you can configure bank card and bank account controls.

Profile

The payment profiles section of Secure Payments is where you can add a payment profile for your account. This payment profile will be used to add funds to your account. To add a new payment profile, click the blue plus icon in the top right corner.

The following payment profile window will display and ask for basic card information such as cardholder name, card info, and billing address. Once you've entered the necessary information, click 'Save.'

After clicking 'Save', your payment profile information will be tokenized to ensure security.

You can use this token to access the payment profile through the API.

Secure Payments does not save the token, so this is your one chance to save it. Make sure to keep it in a safe place.

 
 
 

Processors

Here, you can add and manage instances of LoanPro's integrated payment processors. We actually recommend creating new processors from within LMS. For more details, check out our articles on creating payment processors and the individual articles for each processor.

 
 

Card programs

This tab shows all the card programs you've created, organized by issuer. You can edit, or toggle the activity for all programs, and delete programs if they don't have any active cards.

 
 

Card issuers

Here you can manage your configurations with card issuers.

 
 

Banking insight providers

Here you can manage your settings for banking insight providers, like Finicity. For more information on using banking insight providers, reach out to your regular LoanPro contact.

 
 

Events

Much like how LMS can send webhooks, Secure Payments can send information to a specified URL when certain events occur. In this article, we will explain how to add events to your Secure Payments account and provide some of the callback URLs used to link to your LoanPro account.

Adding Secure Payments Events

Full List of Events

  • User password update
  • Nacha file generation
  • Swipe event created
  • Card updated
  • Bank account created
  • Transaction status update
  • Banking insight disconnected
  • Galileo Pro event received
  • Bank card update
  • Card reissued
  • Processor deleted
  • User settings update
  • Processor update
  • Lithic event received
  • Bank card deleted
  • Card created
  • Bank account updated
  • Bank account deleted
  • VISA DPS Forward event received
  • Nacha batch generation
  • Payment processing
  • Swipe created
  • Card balances updated
  • Card status updated
  • Bank card created
  • Processor created
  • Swipe created
  • Job update
 

To view, edit, and delete events, navigate to Settings > Events inside your Secure Payments account.

Here, you can also use the toggle switches to the right of an event to turn it on or off. To add a new event, click the blue plus icon in the top right.

Next, select the event type for which you want to add a URL from the 'Event type' drop-down. Then, enter the URL in the URL field. You'll notice that each Secure Payments event can have up to 5 callback URLs. Click 'Save' to add the event to your settings.

Required Event Configurations

The NACHA Batch Generation, NACHA File Generation, and Transaction Status are likely already configured for your account. These three are required, as they communicate to the database and LoanPro's Loan Management System (LMS) when these events occur. We'll explain how to configure these in the instance that they aren't configured. All other events are optional, but we recommend setting them up if you'd like Secure Payments to send information to LMS.

NACHA Batch Generation

If you add the LoanPro callback URL for NACHA file generation, LoanPro will be updated with NACHA batch IDs. The batch IDs are assigned by Secure Payments for transactions processed with a NACHA processor. This is useful, as it will let you pull payments based on their batch ID.

To search by NACHA batch ID, go to Reports > Transaction History > Payment Breakdown.

LoanPro Callback URL:

https://loanpro.simnang.com/api/public/thirdparty.php/pciw/nacha-batch-generation/callback

NACHA File Generation

If you add the LoanPro callback URL for NACHA batch generation, LoanPro will be updated when a NACHA file is generated.

LoanPro Callback URL:

https://loanpro.simnang.com/api/public/thirdparty.php/pciw/nacha-file-generation/callback

Transaction Status

Including the LoanPro URL for transaction status updates will update payments' transaction status as they move through the payment process in Secure Payments.

If a payment is reversed, the r-code is included in the transaction status update callback.

 

LoanPro Callback URL:

https://loanpro.simnang.com/api/public/thirdparty.php/pciw/transaction-updated/callback

Other Events

As we mentioned above, these events are not required to be configured. But they are available if you'd like to use them. Here's a breakdown of what's available:

Event Description Response Example
Bank Account Create Sends a request when a new borrower bank account is created in Secure Payments.
{
  "type": "checking"
}
Bank Account Delete Sends a request when a borrower bank account is deleted in Secure Payments.
{
  "message": "A bank account has been deleted under the Secure Payments account accounting@lending.company"
}
Bank Account Update Sends a request when a borrower bank account is updated in Secure Payments.
{
  "message": "A bank account has been updated under the Secure Payments account accounting@lending.company"
}
Bank Card Create Sends a request when a new borrower credit/debit card is added in Secure Payments.
{
  "message": "A credit card was added under the Secure Payments account accounting@lending.company"
}
Bank Card Delete Sends a request when a borrower credit/debit card is deleted in Secure Payments.
{
  "message": "A credit card was deleted under the Secure Payments account accounting@lending.company"
}
Bank Card Update Sends a request when a borrower credit/debit card is updated in Secure Payments.
{
  "message": "A credit card was updated under the Secure Payments account accounting@lending.company"
}
User Password Update Sends a request when the user password associated with a Secure Payments account is updated.
{
  "message": "Secure Payments password for accounting@lending.company have been updated."
}
Payment Processing Sends a request when a payment is processed in Secure Payments.
{
  "type": "Authorize.net",
  "processor": 1454,
  "transaction-id": 6486581
}
Processor Create Sends a request when a new processor is created in Secure Payments.
{
  "type": "Authorize.net",
  "id": 1739
}
Processor Delete Sends a request when an existing processor is deleted from Secure Payments.
{
  "type": "Authorize.net",
  "id": "1740"
}
Processor Update Sends a request when an existing processor is updated in Secure Payments.
{
  "type": "Authorize.net",
  "id": "1741"
}
User Settings Update Sends a request when user settings are updated in Secure Payments.
{
  "message": "Secure Payments settings for accounting@lending.company have been updated."
}
 
 

Iframe CSS

To maintain payment card information (PCI) compliance, applications integrated with Secure Payments are required to use the Secure Payments iframe. It may be helpful to change the iframe style so it matches your user interface (UI). Secure Payments offers some custom styling options to make this possible.

To use the custom styling in Secure Payments, navigate to Iframe CSS: Menu > Settings > Iframe CSS.

The following styling options are available for the iframe:

  • Font – This selection lets you choose the text font for the iframe. Available options include:
    • Arial
    • Arial Black
    • Comic Sans
    • Courier New
    • Georgia
    • Impact
    • Times New Roman
    • Trebuchet MS
    • Verdana
  • Select Color – This color will display when a field is selected.
  • Button Color – This changes the color of the buttons. Use a HEX code to get a specific color.
  • Button Hover Color – This will change the color of a button when the cursor hovers over it. Use a HEX code to get a specific color.

These values will save automatically as you enter them.

Additionally, you have the ability to set a default country for the Secure Payments iframe.

Select United States or Canada, depending on what region you are in. 

The Secure Payments iframe is also mobile friendly, so your customers should have no issues using the iframe on their handheld devices.

 
 
 

Bank cards control

The numbers on a credit or debit card aren't random; they convey information about the account. The first four to six digits on a card are referred to as a Bank Identification Number (BIN), and they indicate the account's type (debit, prepaid, etc.) and brand (Visa, MasterCard, etc.). When a payment profile with a bank card is created in Secure Payments, the system can use the BIN to determine the account's type and brand. All you have to worry about is whether you want to accept those types of payment profiles.

Using BIN ranges, Secure Payments can restrict certain types or brands of card with the click of a button. Within Secure Payments, you'll find these features under Settings > Bank Cards Control in the navigation pane at the left.

Secure Payments will only be able to block unwanted payment profiles if "Card Attribute Lookup" has been turned on (see below).

 

Types

The first set of controls allow you to restrict certain types of cards. If you don't want your customers paying with a credit card, for instance, you would just switch off 'Credit'. If you only wanted customers using prepaid debit cards, you would leave 'Prepaid' and 'Debit' on but switch off 'Credit' and 'All Others'.

The 'Prepaid' category is not mutually exclusive with other types; all prepaid cards are also either credit or debit. If you only have the 'Prepaid' toggle enabled, Secure Payments will not accept any payment profiles.

Brands

The next set of controls governs which brands of cards are accepted, and the controls work just like the Types settings above. If you don't accept VISA, you would simply switch it off. If you only accept these four major brands, you would leave them on and switch 'All Others' off.

BIN Attributes

This last control determines what will happen if the BIN is not recognized. With this option on, you will still accept payment profiles even if the BIN attributes are not available. With this option off, you will not accept any payment profiles with unrecognized BIN attributes.

Card Attribute Lookup

All of these controls use cards' BIN ranges, but if your Secure Payments account doesn't lookup those ranges, it cannot block unwanted payment profiles. To turn on Card Attribute Lookup and enable Bank Card Control, go to My Account > Actions in the navigation pane on the left of the screen, and ensure 'Card Attribute Lookup' is turned on.

If you try to use Bank Card Control settings without Card Attribute Lookup, Secure Payments will display a notification with a link to turn it on.

 
 

Bank account control

NACHA has supplemented their fraud detection standards by requiring that lenders validate their borrowers' bank accounts. LoanPro is integrated with ValidiFI, whose services can help you validate your borrowers' bank accounts. These tools enable you to detect and prevent fraud, and maintain compliance with NACHA's due-diligence rules or any laws that your company is subject to. NACHA recognizes them as a preferred partner for account validation, meaning they can be trusted to provide top-tier service in this area.

ValidiFI's integration with LoanPro makes it simple and easy to validate any payment profiles you've entered on Secure Payments.

What are their service levels?

Through Secure Payments, you have access to three tiers of ValidiFI account validation: Basic, Standard, and Enhanced. All three tiers satisfy NACHA's standards, but the Standard and Enhanced options provide more information.

  • Basic: Basic searches cost $0.34 per validation. They authenticate the routing number structure and status, and ensure that the account number conforms to the routing number. They also identify the most basic errors associated with data entry and outdated information. 
  • Standard: Standard searches cost $0.66 per validation. They do everything the Basic search does, as well as screen and validate the payment profile against ValidiFI’s network of payment, banking, and merchant contributors. This helps eliminate common errors and confirm the status of routing and bank account numbers.
  • Enhanced: Enhanced searches cost $0.99 per validation. They do everything that the Basic and Standard searches do, and then verify routing and account numbers against an expanded list of sources. This search will return account attributes associated with the score. This is ideal for ensuring maximum coverage and identifying the account's status. It also identifies accounts associated with administrative returns.

Here's a breakdown of the different analytical tools applied with each tier of validation:

Analytics Tool Basic Standard Enhanced
Routing Number Validation X X X
Account Number Structure X X X
ValidiFI Bank Risk Data X X X
Third Party Data   X X
Merchant Data   X X
Banking Data   X X
ValidiFI Insights Data     X

Configuration

Within Secure Payments, click 'Actions' on the navigation pane on the left of the screen.

This page lists the different actions available in Secure Payments and lets you toggle each of them on or off. ValidiFI's services are listed as 'Bank Account Attribute Lookup', found near the bottom.

The drop-down menu lists the available service tiers.

Validating an account

Now that you've turned on bank account controls, the system will automatically validate any payment profiles you add. That validation happens any time the payment profile is saved or edited. Once you've created a payment profile, just navigate back to it in the Secure Payments UI and you'll see all the information ValidiFI found on the account. Add or edit a payment profile, then go to Customers > select a specific customer > Payment Profiles.

The Validation Response is a result, shorthand for what ValidiFI discovered. If there is an issue, it will be explained in the Message. This basic validation sample gives a result code of AVC8, and the message explains that while the routing number is valid, that bank has never used account numbers like the one this borrower gave. This would indicate either a simple typo or perhaps an attempt at fraud; in either case, the payment profile is likely unusable.

Result codes and controls

When an account is validated, the system will give you a result code explaining the results. You can configure your settings so that Secure Payments will not attempt to process payments from profiles with the result codes you specify. In the navigation pane at the left, select Bank Account Control

Toggling each result will determine whether the system will attempt to process payments with those codes. If a result code is turned on, the system will accept payment profiles that return it.

The Basic validation will only return AVC0-5, and AVC8-9. The Standard and Enhanced validations will return any AVC, and the difference between the two is the level of detail provided in the response, with the Enhanced responses containing much more data.

 

This table explains what each indicates:

Result Code Result Message
AVC0 Unexpected Service Disruption An unexpected service disruption with one or more data sources occurred.
AVC1 Invalid Routing Number Structure The Routing Number structure does not conform to the ABA standard.
AVC2 Suspected Bad Routing Number The Routing Number structure conforms to the ABA standard but has a history of returns for an invalid routing number
AVC3 Routing Number Not Found The Routing Number is not found within the ABA list of Routing Numbers.
AVC4 Routing Number is Not ACH Capable The Routing Number is not Active, not ACH capable, or is of the wrong type according to the ABA list of Routing Numbers.
AVC5 Suspected Bad Account Pattern The Routing Number is valid, active, and is ACH capable. The Bank Account Number is suspected to be invalid, or has a length or pattern with a history of returns for invalid account.
AVC6 Valid Account with History of Recent Returns, Unpaid, or Stop Payments The Routing Number is valid, active, and is ACH capable. The Bank Account Number is valid and there is recent histrory of returns/unpaid or stop payments seen in ValidiFI's database.
AVC7 Valid Routing Number with Limited Account Pattern and No History of Recent Transactions The Routing Number is valid, active, and is ACH capable. There is limited history of the Bank Account pattern and no history of recent transaction seen in ValidiFI's database for the provided Bank Account Number.The Routing Number is valid, active, and is ACH capable. There is limited history of the Bank Account pattern and no history of recent transaction seen in ValidiFI's database for the provided Bank Account Number.
AVC8 Valid Routing Number with No History of Account Pattern The Routing Number is valid, active, and is ACH capable. There is no history of the Bank Account pattern seen in ValidiFI's database for the provided Bank Account Number.
AVC9 Valid Routing Number and Account Pattern The Routing Number is valid, active, and is ACH capable. The Bank Account pattern is valid.
AVC10 Valid Routing and Bank Account with Recent Transaction History The Routing Number is valid, active, and is ACH capable. The Bank Account Number is valid and there is recent history of Bank Transaction seen in ValidiFI's database.
AVC11 Valid Routing and Bank Account with Verified Good Transaction History The Routing Number is valid, active, and is ACH capable. The Bank Account Number is valid, has history of good transactions, and there is no recent history of returns seen in ValidiFI's database.
NV 99 Not Validated
 
 

My account

This area is for information about your company, like your own payment profile, payment settings, and payment history. You can view your contract, and toggle which actions are available for your account.

Payment profiles

The Profile area of Secure Payments is where you view and update information that concerns your communication with Secure Payments. This includes three sections: API Credentials, Communication, and Multi-Factor Authentication Settings.

API credentials

The API Credentials page shows the information needed to interact with Secure Payments via the API.

Field Description
Username Your username for logging into Secure Payments
Account Created Date The date your Secure Payments account was created
Last Updated Date The date you Secure Payments account was last updated
Days Since Last Update The number of days since your Secure Payments account was updated
Days to Expire The number of days until your Secure Payments account will expire
Password (Encrypted) Your password to log in to Secure Payments
Token The token used to reference your Secure Payments account when using the API
Secret The secret key used to authenticate your account when using the API

You can change your current password by clicking the edit button.A warning text will pop-up explaining potential consequences of changing the password if the account is linked to a Loan Management System account. Click I Understand if you wish to proceed.

To change your password, simply enter your current password, the new password, and click Save.

Communication

The Communication tab lets you view and change the email where Secure Payments notifications are sent. Although this defaults to your username, changing this will not change your username. To edit this email, click the blue pencil icon in the top right corner. From there, just enter the new email and click 'Save'.

Login

When logging into the system, you have six attempts to before your account will be locked for 30 minutes this helps prevent brute-force, break-in attempts. You can either wait 30 minutes or contact an administrator to lift the lock. If your session is idle for 15 minutes, your session will be automatically ended, and you will be logged out of the software.

Any new password must be different from the last four passwords. We recommend the using a password manager and randomized, complex passwords.

Multi-Factor Authentication

On the Multi-Factor Authentication (MFA) Settings page, you can request to update your MFA, which is required for file upload in Secure Payments.

Payment settings

Secure Payments connects you to a number of services that charge for each use, but those costs are usually just a few cents. Rather than charging you per use, we have you create a balance in Secure Payments that you draw from. This section let's you configure that minimum balance and how much should be charged. Whenever your balance reaches the low point, you'll be charged the amount you specify. 

 
 

Payment history

The Payment History page of Secure Payments shows the payments that have been made to increase your company balance. You can find Payment history under My Account in the navigation window on the left. To manually add funds to your account, click the icon in the top right corner.

Enter the amount that you want to increase your balance in the 'Amount' field and click 'Save'. As noted in this window, the primary payment profile associated with your account will be used to increase your balance.

 
 

Actions

The Actions section of Secure Payments is designed to let the user turn on or off a specific service that Secure Payments offers. This allows the user to pick and choose which services they would like to use.

To navigate to the Actions page, look under the 'My Account' section in the navigation panel to the left. The Actions page lists available services, a description and price per use of each, and a switch to toggle them on or off. The actions are split into four categories:

  • United States Processing
  • Canadian Processing
  • Information Lookup
  • Finicity

United States Processing

These settings determine whether different payment methods are available for US accounts.

Service Description
Bank Card This service processes credit and debit card payments through one of the merchants integrated with Secure Payments.
ACH/eCheck This service processes bank account withdrawals through one of our integrated payment processors.
SFTP This service will create an unbalanced NACHA file and send it to a specified SFTP server.
NACHA Payment Updates This setting determines whether NACHA transactions will automatically move from a Processing status to Settled Successfully, and after how many days (banking or calendar).

Canadian Processing

Much like the United States Processing section does for US accounts, these settings control whether different payment methods are available for Canadian accounts.

Service Description
Bank Card This service processes credit and debit card payments through one of the merchants integrated with Secure Payments.
ACH/eCheck This setting toggles LoanPro's two Canadian e-check processors, EFT Canada and Versapay.
SFTP This service creates CPA-005 files and sendsthem to a specified SFTP server.

Information Lookup

Here you'll find settings that determine whether different information gathering tools are available within individual accounts.

Service Description
Routing number This service looks up the bank name from the routing number.
AVS Address Verify This service verifies the address associated with the payment profile. It can only be used through the Secure Payments API
Card Attribute Lookup This service pulls additional information regarding the credit/debit card. With this turned on, you can block unwanted payment profiles using bank card controls. 
Advanced Attribute Lookup Lookup more card information and funding attributes.
Bank Account Attribute Lookup This drop down lets you turn on the attribute lookup for bank accounts. The different options select different service levels.

Finicity

These settings control the actions you can take with our Finicity integration.

Service Description
iFrame Creation Toggles whether you're able to create Finicity iframes.
Payment Profile Creation Allows you to create payment profiles through your Finicity iframes.
 
 

Contracts

If you ever need to check the fine print of your contract with Secure Payments or Finicity, we keep a copy saved and easily accessible within the software, as well as a complete signature history. To view your contracts and signatures, navigate to My Account > Contracts.

The page is divided into three tabs: Signature History, Secure Payments, and Finicity.

Signature History

On this tab, a small table gives you a history of your contract signatures for both Secure Payments and Finicity.

Each entry on the table includes the following information:

  • Signature ID – A unique ID for each signature, distinguishing it from any others.
  • Contract ID – An ID for the specific version of the contract.
  • Service – Either Secure Payments or Finicity.
  • Signed On – The date and time when the contract was signed. It's formatted YYYY-MM-DD HH:MM:SS UTC.
 
 

Secure Payments

This tab includes a PDF copy of your contract for Secure Payments. Selecting different dates from the ‘Signature Date’ dropdown allows you to find earlier copies. If you click the new tab icon in the top right (the arrow in a box), the PDF will open in its own tab, making it easier to read.

You can download or print a copy with buttons on the PDF itself.

Secure Payments used to go by the name ‘PCI Wallet’. Don't worry if your contract says PCI Wallet and uses the old logo; it's still the same software.

 
 
 

Finicity Contract

If you use LoanPro's integration with Finicity, this tab includes a PDF copy of your contract with them. Selecting different dates from the ‘Signature Date’ dropdown allows you to find earlier copies. If you click the new tab icon in the top right (the arrow in a box), the PDF will open in its own tab, making it easier to read.

 
 
 
 

 


console.log(location);