How does a Volley payment work?

Posted by Jack Callister, 16th May 2024

Open Banking, Secure APIs, Payment Initiation, Consent, contracts and bank partnerships... there’s a lot of jargon that may make the concept of Open Banking payments seem quite opaque and confusing.

Our mission at Volley is to take care of the hard stuff, so you can make payments without worrying about whether you’ve just accidentally risked the safety of your money.

So, here’s a quick explainer on how a Volley payment works:

• You, your friends, or a business use Volley to make a Payment Request. Something like "Hey, please pay me $25 for dinner last night", or "Your cart total at the day spa is $80".
• You send the request to a friend or customer.
• The payer checks out your request, then selects their bank.
• They’re taken directly to their banking app to confirm the payment.
• We settle the money directly between their account and yours, just like a regular bank transfer, but without the hassle of setting up a payee or mashing in an account number.
• That’s it, all done! We’ll send you a notification to let you know they’ve paid 🎉

Easy right? Paying a Volley request takes about 10 seconds, all completed in your bank app, and secured by your pin or fingerprint that you usually use to log in.

And you’re in control the whole time. You choose whether to approve or reject each individual payment, and Volley has absolutely no ongoing access to your bank account.

Ok, but how does it really work?

If you're interested in the technical stuff, here’s how it all fits together under the hood:

• Volley has contracted access with your bank for Open Banking APIs, specifically the Payment Initiation API. An API just means that our software can talk to your bank’s software in a secure way.
• Volley uses the API to ask your bank to “make a consent for this payment to X for Y”, then we send you over to your bank’s app to view that consent.
• When you approve a consent, Volley receives a one-time use token that lets us securely access your account to perform the payment.
• That token only gives us access to perform the exact payment that you approved. We can’t make multiple payments or look at your account balances (this is one of the reasons that screen-scraping services carry risk! The username and password you give them can be used to do anything with your account).
• Volley uses app-to-app redirection, so payments are confirmed on your phone, in your bank app and you won’t have to provide your password when paying.
• We never ask for your bank’s password or 2FA security codes.

As of the 30th May (in about 2 weeks!) the big four banks will be ready for market with the Open Banking APIs that make this all tick, so you’ll able to pay Volley payment requests with your bank very soon. Watch this space!

Jack Callister

Co-founder, Volley