Sort Code and Bank Account Validation
Mintly provides a SaaS cloud based API for validation of sort codes, bank account numbers, International Bank Account Numbers (IBAN) and SWIFT Branch Identifier Codes (BIC).
The services can be accessed via web portal or API.
Features
- Instant validation via web portal, API or Zapier app
- Industry standard security
- OpenAPI 3.0 standards
- RESTful API with comprehensive documentation
- Team access to secure web portal
- Confirm the validity of account details at point of entry
- Helps comply with regulatory requirements, legislation and best practice
Benefits
- Ensure bank accounts are valid
- Enable teams to access one account
- Flexible monthly usage-based billing
- Reduces time spent checking payees accounts
- Increased Direct Debit success rate
- Reduces failed payments
- Increases payment success rates
- Help mitigate fraud and risk
- More confidence when making Direct Debits & Faster Payments
Pricing
£96 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 1 3 9 7 7 6 6 0 7 9 7 7 0 5
Contact
Mintly Ltd
Stephen Hughes
Telephone: 0330 043 2274
Email: stephen@mintly.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
- Modern web browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
2 hours in office hours (9am-5pm)
48 hours on weekends - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Customers get comprehensive support to use our web services and APIs. Our documentation is designed to help users operate and integrate our API in a self-service manner.
Custom API Integration support can be provided at £400 per day. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We have a getting started guide, with full API documentation. We also have demonstration videos and tutorials explaining the use of our web portal.
Onsite training can be provided if needed. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Users can contact our support team.
- End-of-contract process
- At end of contract, the API and web portal access ends. User data is deleted.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Web portal with access to account checking tools, monitoring charts and account/team management interface.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Testing with compliance tools
- API
- Yes
- What users can and can't do using the API
- Users can use our API to send sort codes, account numbers, IBAN and BIC to confirm their validity. Our API returns the valid status, the bank branch details and the supported payment types of the branch.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- No
Scaling
- Independence of resources
- Full cloud-managed auto-scaling.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Users can access daily, and monthly statistics for their API usage.
Data is presented in a bar chart, with breakdown for successful and invalid accounts. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- When using our web portal to validate multiple accounts, the results can be exported.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We have a 99.95% guaranteed uptime for our website and API.
Users can be refunded with credit on their accounts. - Approach to resilience
- Available on request.
- Outage reporting
-
Service outages reported to users on dashboards.
Any prolonged outage communicated via email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Staff do not have access to user accounts.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- An Information Security policy is in place to ensure that best practices are followed, including 2FA, reducing access to data to those who need access and at-rest and in-transit encryption of data.
- Information security policies and processes
- Mintly has a detailed information security policy so that processes are followed. The policy covers reporting processes and process for information security breaches. Further details available on request.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All software changes are managed using agile development techniques, and testing performed in staging environments prior to release into production. Security impact is assessed during development and mitigation put in place as required.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Threats are assessed with a risk matrix, and mitigation put in place. Threats are monitored regularly (monthly at least) and any new threads added to the register.
Patches can be deployed within hours if new vulnerabilities found.
Information on threats comes from a variety of sources, including monitoring channels for new security threats. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Automated monitoring and alarms can provide identification for compromises. Responses can vary, from updating rules on our firewall to (in extreme cases) shutting down services. Speed of response can be a little as 5 minutes in the case of automated alarms notifying us of issues.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Our IM plan covers four areas: command, control, coordination and communication. This helps to determine the actions, who is responsible and how the response is managed.
Users report incidents via our support email.
Incident reports can be provided direct to users via email.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Wellbeing
Fighting climate change
Mintly monitors it's carbon footprint and is working to achieve carbon neutral status. Currently all our office locations use 100% renewable energy. Our cloud resources are monitored for carbon usage and we offset our usage by working with partners who plant trees to offset our usage.
Our technology has been designed to use minimal energy: our servers operate when they need to and we operate an "on-demand" approach to cloud services where we can so that our energy usage is kept to a minimum. As demand for our service grows we aim to keep this on demand model to ensure a carbon efficient service.
We avoid travelling to meet clients and adopt video conferencing technology to eliminate the need to travel.Covid-19 recovery
Mintly supported is customers and clients throughout the Covid-19 pandemic and recovery. We use our knowledge and data to support our customers.
Mintly was founded during the Covid-19 recovery period and as a result we have a home-working policy for all employees.Tackling economic inequality
We help businesses, charities and educational institutions of all sizes, throughout the UK and around the world. We aim to provide all our customers with an excellent service no matter what industry they operate in. By providing bank account and sort code validation services, all our clients can ensure that their customers accounts are valid. Our mission is that we have a positive impact on the world, and that includes tackling economic inequality.Wellbeing
Wellbeing is a critical part of our business. We ensure all staff have support when they need it. All employees have access to wellbeing support apps and time off for wellbeing days.
We understand our role in providing accurate and up-to-date information to our clients, so that their process and procedures are stress free. Our systems have been designed to be easy to use and setup and reduce workplace stress and fatigue for both our employees and clients.
Pricing
- Price
- £96 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- 14 day free trial, which includes a limited number of checks. Full API and web portal functionality provided.