Same-Day Micro-deposits Link best practices

When linking a bank account, it is important to verify the source of funds to reduce fraud on your platform. We recommend you use Plaid Identity to verify account ownership - the name, phone, email, and address from the connected bank account matches your user’s inputted identity data. Note that if a user authenticates with Same Day Micro-deposits, Identity is not available for that account. Configuring Auth Type Select as an active choice will increase the number of users who authenticate with Same Day Micro-deposits compared to configuring it as an option at Link failure points. If confirming the ownership on the account is more important to your business than extended Auth coverage, we do not recommend configuring Same Day Micro-deposits as an option for consumers.

In order to reduce fraud upstream on your application, we recommend leveraging Plaid Identity Verification to verify a government ID or match with a selfie of the document holder. This requires your user to take additional steps, though ensures verification of the Identity before the user opts to link their bank account, and is available for all Auth Types (manual and credential-based).

If your application does not have an identity verification solution or Plaid Link is not gated from the general public with fraud prevention and user verification checks in place, we do not recommend adopting Same-Day Micro-deposits as it may introduce an unnecessary fraud vector onto your platform.

Some developers perform other safety checks before the user connects their bank account. If you identify a user to be riskier, consider disabling same-day micro-deposits (either as an optional configuration at Link failure points, or via the upfront Auth Type Select configuration) for those users, since Identity is not available to verify a user’s identity when they connect via this method. To do this, specify the same_day_microdeposits_enabled and/or auth_type_select_enabled parameters to false in the auth object in your /link/token/create call for that user.

You may also consider changing your user’s experience with your service based on their connection method. For example, if a user connected via same-day micro-deposits, you may consider enforcing a lower spending threshold than for users where it was possible to verify identity.

Nacha establishes thresholds for overall, administrative, and/or unauthorized returns:

• Overall Returns (all return codes): 15%
• Unauthorized Returns (R05, R07, R10, R11, R29, R51): 0.50%
• Administrative Returns (R02, R03, R04): 3%

It is possible (though rare) to risk surpassing these thresholds as a result of micro-deposit activity. If this happens, Plaid may contact you to lower return rates. In this situation, you may wish to enable Bank Transfers webhooks to monitor your Same-Day Micro-deposits traffic and return rates. Plaid returns the return reason and code if applicable. You may also consider disabling Auth Type Select configuration to reduce visibility of Micro-Deposit flows, implementing other user verification/risk mitigation measures, or disabling Same-Day Micro-deposits altogether.

Instant Match and Automated micro-deposits are supported as additional Auth types when Instant Auth is not available. Same-day micro-deposits can be configured as an option at failure points in Link. These configurations can improve conversion by enabling more users to connect their institutions when Instant Auth fails.

Prompt user to verify micro-deposits in Link

To optimize conversion, we strongly recommend sending your user a notification (e.g. email, SMS, push notification) prompting them to come back into your app and verify the micro-deposit code in the transaction description.