Credit BIN sponsorship integration

Detailed requirements

	Requirement	Description
1	Load customer data into COS	Cross River (CR) must perform OFAC/PEP screens in our system (COS) at the time of onboarding and regularly after that.
2	Add unique cardholder identifier into COS	Cross River receives files from processors and from the networks with tokenized card numbers. The processor uses the tokenized card numbers as unique identifiers for each cardholder. To match cards with accounts, we need this unique identifier to be added to the cardholder’s COS customer record. CR expects that whenever a new card token is generated, you update this COS customer record. It makes no difference if the card is new or reissued.
3	For Commercial Card Partners: Link the businesses and cardholders in COS	Cross River requires Commercial card partners to create both business and cardholder customer records in COS. Use the beneficial owner API call to update the COS customer record.

Requirement

Description

Load customer data into COS

Cross River (CR) must perform OFAC/PEP screens in our system (COS) at the time of onboarding and regularly after that.

Add unique cardholder identifier into COS

Cross River receives files from processors and from the networks with tokenized card numbers. The processor uses the tokenized card numbers as unique identifiers for each cardholder. To match cards with accounts, we need this unique identifier to be added to the cardholder’s COS customer record.

CR expects that whenever a new card token is generated, you update this COS customer record. It makes no difference if the card is new or reissued.

For Commercial Card Partners:

Link the businesses and cardholders in COS

Cross River requires Commercial card partners to create both business and cardholder customer records in COS.

Use the beneficial owner API call to update the COS customer record.

OFAC/PEP screening and loading customer data

To add customer data in COS:

After a successful KYC (know your customer) check, call the POST /core/v1/cm/customers endpoint in COS to create the cardholder’s customer account.
OFAC uses the customer name, date of birth (DOB), and address. The Customer Identification Program (CIP) requires the customer social security number or government-issued ID (for non-US persons).
The webhook event Core.Customer.Ofac.Changed is triggered and returns an initial status of Clear or Failed.
If the status is Clear, you can approve and create the customer credit card facility on your side.
If the status is Failed, the CR AML team investigates the case. The webhook event is triggered again, sending a status of Reviewing or Pending, indicating that a person is reviewing the case. This can take up to 48 hours. Very rarely, the CR team might reach out to you to ask for additional supporting documents. You will need to provide an email address for this. The Core.Customer.Ofac.Changed webhook returns any change in status, not just Reviewing or Pending.
After reviewing, the CR team moves the status to either Clear or Positive. The webhook event fires again.

If Clear, you can continue with approving and creating a credit card facility for your customer.
If Positive, you must decline the application. This is quite rare.

To trigger an OFAC/PEP failure in the Sandbox use these values in your call:

For PEP, in the name object use the name Vladimir Putin to get a hit.
For OFAC, in the name object use the name Francisco Javier Arellano Félix; and in the profile object use the birthdate 1969-12-11 (December 11, 1969)
For OFAC entity, in the name object use the entityName value Blue Star Diamond

Once the customer record is cleared, there is no longer a reason to subscribe to the specific customer webhook.

Cross River scans customer records nightly for OFAC/PEP. If a customer hits OFAC during a nightly scan, our AML team will reach out via Zendesk to help clear.

You must keep the customer records you create up to date.

If a customer changes their name, address, email, or other details, use the Customer Management APIs to update their record.
You can make this part of a nightly process.

The scans take less than a second. Anything that needs manual review is taken care of within 3 business days.
Status Definition Changes (applies to OFAC, PEP, and Internal List). Webhook event responses from this point on mean:

Positive: Must be rejected (no change)
Clear: Everything is fine (no change)
Pending: The case is being reviewed (no change)
Reviewing: A potential match within a category is being reviewed by CR and is pending a disposition. Previously this was Failed.
Failed: There isn’t enough information to know the status (for example, RFI not responded to).

See How to onboard a customer.

Add a unique user identifier into a customer record in COS

Cross River receives files from processors and from the networks that contain tokenized card numbers identifying each cardholder. We need to add these unique user identifiers to the COS customer record of each cardholder. This allows Cross River to track all the information that the card networks need to know about that customer's card and how they use it.

Add the identifier to the Customer ID section with this endpoint:

POST /core/v1/cm/customers/{id}/identifications

Use these values in the body of the request:

Copy

Sample add identifier to customer record request

1
2
3
4
5
6
7
8
{
"isPrimary": false,
"idNumber": "<token value goes here>",
"idType": "Other",
"issuingAuthority": "TOKEN",
"issuingCountryCode": "US"
{

See How to add an identification document to a customer record.

As always, if you have any questions, email cos.support@crossriver.com.

Associate a beneficial owner resource with a COS customer record

When you provide cards to a business (and not directly to individual cardholders), both the business itself and each cardholder from that business have customer records in COS.

To ensure that the cardholder customer records are associated with the correct business customer record, you add each cardholder as a beneficial owner to the business record.

Associate the customer record with the business customer record using this endpoint:

POST /core/v1/cm/customers/{customerId}/beneficial-owners

In the body of the request, use the customer ID of the business issuing the company card for the customerId value, and the customer ID of the cardholder for the ownerCustomerId value. Enter Auth User for the ownerTitle value.

Copy

Sample associate beneficial owner resource to customer record request

1
2
3
4
5
{
"ownerCustomerId": "a9da21a8-a9df-4db3-90f5-138d7cf4b10e",
"ownerTitle": "Auth User",
{

See How to add a beneficial owner resource to a customer record.

As always, if you have any questions, email cos.support@crossriver.com.

Back-office integration

Provide Cross River with the reports and data files described in this section.

Operational reports

To manage the daily and monthly obligations to the card networks, Cross River requires new Credit BIN Sponsor Partners or Platforms to provide the following Operational Supports via SFTP:

Daily Net Settlement
Monthly Spend and Interchange
Monthly Chargeback
Quarterly Reports
Transaction data files

Cross River requires Partners or Platforms to send transaction details daily. These transaction files must minimally include the following elements:

Transaction Reference ID
Posted Date
Transaction Amount
Transaction Currency
Return Amount
Transaction Credit/Debit Indicator
Transaction Status
User Token Value
Card Token Value
Last 4 digits of PAN
Merchant ID
Merchant Name
Merchant City
Merchant Country
Merchant State
Merchant Category Code (MCC)