Surepay

Rabo Identity Services offers a SurePay API for businesses that want to perform IBAN Name Check combinations. The SurePay API verifies if the combination of the name and IBAN matches with the data of the bank and validates if the account is active. In addition, the SurePay API shows whether the account is registered as a business or private account and indicates how many account holders there are for this IBAN.

Integrating the SurePay API in your business process results in more efficiency and reduces the risk of errors or fraud. Your users experience an effortless onboarding and you can validate that you are interacting with the right person and/or organization.

In addition to the IBAN and Name Check, the SurePay API also offers the following validation services:

Company ID Check - The Company ID check validates if the chamber of commerce number matches with the Company ID known at the bank. This way you know if the registered company and bank account are the same.
VAT Check - The VAT Check validates whether the VAT number provided matches the company or trade name. This helps you check the validity of all basic/stem data of your creditor, which is now mandatory for an invoice.
Switch Check - The Switch Check provides the new user IBAN when the user moves to a new bank. This helps you to update the account details of your customer.
Account Age Check - Money mules and fraudsters are known to use newly opened bank accounts, which means recent opened accounts have a higher risk of being used in a fraudulent transaction. The Account Age Check shows the age of an account since the date of its opening. You can do additional checks to make sure no fraud can be conducted.
Cross-border Check - The IBAN-Name Check on international accounts. This enables you to check that the account information entered matches the intended beneficiary when initiating cross-border payments.

Using the API

After your account set up is complete, subscribe the SurePay API to your application.

Requests

You can initiate a transaction for the SurePay API with POST/surepay. All applicable data fields for a specific transaction should be added to the body of the request.

POST https://api.rabobank.nl/openapi/ris/surepay

To view the full list of POST parameters, go to:

POST/ris/surepay

Responses

POST /ris/surepay

To view the POST parameters, read the endpoint description for POST /ris/surepay.

The following example request body for IBAN Name Check - Natural Person - Match:

{
    "accountId": {
        "value": "NL72SRPY0000000001",
        "type": "IBAN"
    },
    "name": "David Alex Miller"
}

Results in the following example response body:

{
    "nameMatchResult": "MATCH",
    "dataUsedForMatching": "VERIFIED",
    "account": {
        "accountNumberValidation": "VALID",
        "paymentPreValidation": "PASS",
        "status": "ACTIVE",
        "accountType": "NP",
        "jointAccount": false,
        "numberOfAccountHolders": 1,
        "countryCode": "NL",
        "accountAge": "SIX_MONTHS_TO_ONE_YEAR"
    },
    "scheme": "SurePay"
}

The following example request body for Company Check - Organization - Match:

{
    "accountId": {
        "value": "NL77SRPY0000000008",
        "type": "IBAN"
    },
    "name": "Budget Luxury Resorts",
    "companyIds": [
        {
            "companyIdType": "NL_KVK",
            "companyIdValue": "28347582"
        }
    ]
}

Results in the following example response body

{
    "nameMatchResult": "MATCH",
    "dataUsedForMatching": "VERIFIED",
    "companyIds": [
        {
            "type": "NL_KVK",
            "matchResult": "MATCH"
        }
    ],
    "account": {
        "accountNumberValidation": "VALID",
        "paymentPreValidation": "WILL_FAIL",
        "status": "INACTIVE",
        "accountType": "ORG",
        "jointAccount": false,
        "numberOfAccountHolders": 1,
        "countryCode": "NL",
        "accountAge": "SIX_MONTHS_TO_ONE_YEAR"
    },
    "scheme": "SurePay"
}

🚧

Each response contains a X-Trace-Id header which can be used for troubleshooting failed transactions

Certain fields may not be available in the response body, this depends on the availability in the source and the type of request. Read the response schema object to understand which fields can be part of the response body.

All responses are signed by Rabobank, to validate the response read Validate signed responses

Test data for other scenarios

Below you can find all supported test scenarios. You can use these to explore the functionality of the SurePay API and to integrate the API into your own process.

Account Type	Scenario	IBAN	Name	Company ID
Natural Person	Match	NL72SRPY0000000001	David Alex Miller	n/a
Natural Person	Name too short	NL72SRPY0000000001	David Alex	n/a
Natural Person	Close match	NL72SRPY0000000001	David Alex Milner	n/a
Natural Person	No match	NL72SRPY0000000001	John P. Wildo	n/a
Natural Person	Unknown Account	NL93SRPY0000000011	Speedy Turtle Couriers	n/a
Natural Person	International Account	FR0218359000430598890U02759	Henri Dupond	n/a
Organization	Match	NL77SRPY0000000008	Budget Luxury Resorts	NL_KVK = 28347582
Organization	Close match	NL77SRPY0000000008	Budget Luxury	n/a
Organization	Match	NL77SRPY0000000008	Customer Success Management B.V.	NL_KVK = 12345678
Organization	International Account	IT46O0200811770000019486583	n/a	EU_VAT = IT06844860962

Note: These codes are for Sandbox & Preprod only.