Same Day Micro-deposits Link best practices

Plaid provides a suite of fraud prevention products that assist your application in catching bad actors and ACH returns. You can verify the source of funds with Identity, confirm the real-time Balance prior to a transfer, and leverage our machine learning model Signal to prevent returns and release funds earlier. If an account is connected via Same Day Micro-deposits, these features are not always available and could increase the likelihood that you experience fraud and ACH returns. Following the recommendations below can help mitigate these risks.

Approximately 30% of Items created with Same Day Micro-deposits are supported by /identity/match, which allows you to determine the likelihood that the user's identity details, such as name and address, on file with their financial institution match identity information held by you. For more details on this feature, see Identity.

The same Same Day Micro-deposit Items that are supported by /identity/match are also supported by Signal. Signal can assess the return risk of a transaction based on machine learning analysis and alert you to high-risk transactions. For more details, see Signal.

Identity Document Upload verifies account owner identity based on bank statements, and is compatible with Same-Day Micro-deposit Items that don't support /identity/match or /identity/get. After creating the Item with Same-Day Micro-deposits, you can use update mode to send the user through a Link session where they will be asked to upload a bank statement. Plaid will then analyze this statement for an account number match and will parse identity data from the statement. With the optional Fraud Risk feature, you can also check the uploaded statement for signs of fraud. For more details, see Identity Document Upload.

In order to reduce fraud upstream on your application, we recommend leveraging Plaid Identity Verification to verify a government ID or match with a selfie of the document holder. This requires your user to take additional steps, though ensures verification of the Identity before the user opts to link their bank account, and is available for all Auth Types (manual and credential-based).

If you identify a user to be riskier, consider disabling Same Day Micro-deposits (either as an optional configuration at Link failure points, or via the upfront Auth Type Select configuration) for those users, since fraud prevention products are not available when they connect via this method. To do this, set the same_day_microdeposits_enabled and/or auth_type_select_enabled parameters to false in the auth object in your /link/token/create call for that user.

Another option for riskier users is to leave Same Day Micro-deposits enabled, but enable Reroute to Credentials in Forced mode, which will only allow the user to link via Same Day Micro-deposits when using a routing number not supported by other authentication methods. To do this on a per-session basis, specify the FORCED value for the reroute_to_credentials field within the auth object in your /link/token/create call.

You may also consider changing your user’s experience with your service based on their connection method. For example, if a user connected via Same Day Micro-deposits, you may consider enforcing a lower transfer threshold than for users where it was possible to verify identity and increasing hold times on those funds.

Customers who use Text Message Verification see a significant increase in their conversion rates. To fully support Text Message Verification, make sure you set the auth.sms_microdeposits_verification_enabled flag to true in your /link/token/create configuration object and handle the SMS_MICRODEPOSITS_VERIFICATION webhook.

If the webhook indicates that the user has successfully verified their account information, remove any in-app messaging directing the user to complete the verification process. We also recommend sending the user a notification prompting them to come back to your app and complete any tasks that may have been waiting on this verification.

If you are not using Text Message Verification, we strongly recommend sending your user a notification (e.g. email, SMS, push notification) prompting them to come back into your app and verify the micro-deposit code in the transaction description.