Curlec is a FinTech company that makes it easy for businesses of all sizes to collect recurring payments and take control of their cash flow. We do this by building technology on top of banking payment infrastructure, such as Direct Debit, FPX and MasterCard/Visa.
Who is Curlec for?
Curlec services are suitable for businesses of all sizes that collect one-off and/or recurring payments with variable amounts. Curlec services are appealing whether you are looking for bank-to-bank payment options or payments via credit/debit cards.
How can I use Curlec?
We provide an online dashboard where you can create mandates and initiate payment collections. With all records in one place, we strive to make financial transactions with your customers clear and organised.
Alternatively, we provide a RESTful API stack which your developers could use and integrate Curlec services into your business application.
If you are an e-commerce, we offer plugins on ECWID and WooCommerce which you could use to access Curlec checkout options.
What types of payments can I collect?
Broadly, there are 3 types of payments you can collect using Curlec services:
Direct Debit (recurring and one-off)
Credit/Debit cards (recurring and one-off)
Instant Pay (one-off)
Why is Curlec better than the other options I’m considering?
Here are some of our favourite reasons why:
1. Improved cash flow
We put you in control of collecting payments when they are due, reducing the risk of late and missing payments.
2. Flexibility
You can vary the collection amount date as long as it is below the maximum collection amount and frequency agreed.
3. Less admin work
We automate payment collections for you so that you have more time to focus on your business growth.
Who is PayNet?
PayNet (Payments Network Malaysia Sdn. Bhd.) is the national payments network and shared central infrastructure for Malaysia’s financial markets. PayNet connects banks across Malaysia to facilitate financial transactions. Curlec utilises PayNet’s infrastructure to provide secure and reliable transaction services.
Is Curlec licensed by Bank Negara?
No. As Curlec only facilitates interbank transactions as a service provider, we are not required to be licensed by Bank Negara. As an intermediary, funds are never credited into Curlec.
Collections
What is Direct Debit
Direct Debit is a payment method that allows you to collect payments from your customer’s bank account directly, without going through any card processing networks such as MasterCard or Visa.
Why Direct Debit?
There are many benefits associated with using Direct Debit for payment collection.
1. Convenient
You and your customers will not have to worry about missing payment dates as recurring payments are automated.
2. Cheaper
The transaction fee for Direct Debit is significantly lower than other payment options like Visa/MasterCard.
3. Flexible
The payment collection date and amount are variable as long as the agreed maximum collection frequency and amount are not exceeded.
4. Safe
Direct Debit in Malaysia is operated by PayNet, which has a secure payment infrastructure tightly regulated by Bank Negara Malaysia.
5. Everywhere
More than 90% of Malaysians have an online banking account, which is the only requirement to set up Direct Debit.
How does the Direct Debit payment process work?
The Direct Debit process is simple and straightforward:
First, you have to set up an eMandate with your customer to agree on the collection terms.
Once the eMandate is authorised, payments will be collected from your customer’s bank account on a recurring basis.
The status of collection will be notified through email. Alternatively, the status is visible on your Curlec’s dashboard.
What is an eMandate?
eMandate is an electronic form that is authorised by your customer that allows your bank to collect payments from your customer’s bank account directly. The form contains your customer’s details and collection terms.
How does my customer authorise a mandate?
After making sure that the information on the eMandate is accurate, your customers will click on “Proceed to FPX”. They will then be redirected to their online banking portal to approve a RM1 FPX transaction to complete the authorisation.
The purpose of this authorisation is to:
Make sure that the customer’s bank account is active and legitimate.
Inform your customer’s bank that your customer has allowed your bank to collect money from their bank account.
Who is PayNet?
PayNet (Payments Network Malaysia Sdn. Bhd.) is the national payments network and shared central infrastructure for Malaysia’s financial markets. PayNet connects banks across Malaysia to facilitate financial transactions. Curlec utilises PayNet’s infrastructure to provide secure and reliable transaction services.
Can I use Direct Debit for one-off payments?
Yes. After a mandate is in place, in addition to recurring collections, you can manually generate one-off collections from the mandate as long as the maximum amount per transaction is not exceeded.
What is Instant Pay?
Curlec offers Instant Pay via FPX which allows you to collect one-off payments from your customers. Instant Pay does not require a mandate, but the transaction would need to be authorised by the customer. The settlement time is immediate.
Can I fix the duration for a recurring collection?
Yes. You can set the start and end date for payment collections specific to each mandate.
Can I collect for variable amounts and frequencies?
Yes. You can set specific collection amounts and frequencies when setting up individual mandates. These settings can also be modified at a later date.
Can I set up subscription plans?
Yes. You can set up subscription plans for your customers to choose from when signing up for a mandate. Each subscription plan allows you to specify the collection amount, period and frequency.
Can I change a payment schedule after it has been created?
Yes. You can modify the collection amount and date of a payment schedule as long as the maximum amount and frequency are not exceeded.
When will I receive my payment?
Direct Debit in Malaysia follows the schedule of Interbank GIRO (IBG) processing windows. Payments are settled latest on the next business day after the collection date.
How do I know if I’ve been paid?
Curlec’s online dashboard gives you status updates on all your collections. You will also receive email notifications for unsuccessful collections.
What can I do if a Direct Debit collection is unsuccessful?
In cases where a collection is unsuccessful due to insufficient funds, we offer automatic retries and one-off payment links to combat those unsuccessful transactions.
Will I get charged for unsuccessful transactions with Curlec?
No. Transaction fees only apply to successful transactions.
Does Curlec accept credit or debit cards?
Yes. Curlec supports both one-off and recurring credit/debit card payments via MasterCard/Visa processing networks.
Can I receive payments in different currencies?
No. Currently, we only support payments in Malaysian Ringgit (MYR) for Direct Debit, Instant Pay and credit/debit cards.
How do I receive funds I collected with Curlec?
The funds collected via Direct Debit and Instant Pay will be credited directly into your bank account.
Onboarding
How do I sign up?
As part of the signup process, we will need your business information and bank account details to register with PayNet. Curlec will facilitate the whole process for you.
Is there a testing environment for me to try out?
Yes. We will provide you with a testing environment to try out our product features.
How many users can I have under an account?
There is no limit to how many users can there be under an account. There are four user types that can be assigned to an account, with different levels of access to the dashboard.
Can I sign up if I’m a Non-Governmental Organisation (NGO) registered with the Registrar of Societies?
Yes.
Are there any commitments?
There is a set up fee to open an account with Curlec and a monthly subscription fee to use our online dashboard. You can terminate our services at any point with a 30-day prior written notice.
Please contact our sales team for more information.
Security
Is Direct Debit safe?
Absolutely. As an intermediary, funds are never credited into Curlec, settlement happens directly between the buyer and seller bank.
We are compliant with the Malaysian banking standards and our software is officially approved by Payments Network Malaysia (PayNet).
Are card payments safe?
Absolutely. Curlec only accepts payments via MasterCard/Visa cards that are enrolled with 3D Secure. At checkout, customers would need authenticate themselves by entering a one-time password (OTP) sent to their phone.
Does Curlec store customer’s card details?
No. Curlec tokenises customer card details and processes the payment collections through Very Good Security Inc. Curlec does not store customer’s card details, the information is securely held by Very Good Security Inc.
How does Curlec protect my data?
Curlec is a Personal Data Protection Act (PDPA) compliant company, policy found here. We also encrypt you and your customers’ credit card details before they are stored in Very Good Security's vault.
We implement two-factor authentication for login as an additional security layer to make it harder for attackers to gain unauthorized access to your Curlec account.
Curlec has been audited by a PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider (the most stringent level of certification available in the payments industry). We employ best-in-class security tools and practices to maintain a high level of security. Our PCI compliance is attested to annually by a PCI Qualified Security Assessor (QSA). Our most recent Attestation of Compliance (AOC) was issued by usd AG in October 2021. Click here to view our latest PCI certification.
Include as much detail as possible, including steps for reproducing the issue
Do not exploit the vulnerability, except to demonstrate the issue to a Curlec staff
Please do not disclose the issue to anyone else before we roll out a fix
Customer Experience
Will my company’s name appear on my customer’s bank statement?
Yes. On the other hand, you would also see your customer’s name in your bank statement.
Can I complete the mandate form on behalf of my customers?
You can fill out certain fields on the eMandate form on behalf of your customers, then send it to them via a link for authorisation. Authorisation of a mandate requires customers to log in to their online banking portal and complete a RM1 FPX transaction.
Can my customers pay from their mobile devices?
Yes. As long as they have access to their email and a browser, they can authorise an eMandate or an Instant Pay from their mobile devices.
Can my customers monitor and check their Direct Debit transactions?
Yes. Your customers can create a Curlec customer account to monitor their personal Direct Debit and Instant Pay transactions. This is especially useful if the customer has signed up to multiple merchants who use Curlec.
How does my customer terminate a mandate?
Your customers have to create a Curlec customer account in order to terminate their mandates. You cannot terminate the mandates on their behalf.
Can confirmation emails be routed through my company’s email server?
By default, email notifications will be sent to your customers from a do-not-reply email address with Curlec’s domain. This option can be customised for emails to be routed through your company’s email server/website domain.
Which banks can my customer use for Curlec services?
For Direct Debit, see the full list of supported banks from PayNet here.
For Instant Pay (FPX), see the full list of supported banks from PayNet here.
API Integration
What is an API?
Simply put, an application programming interface (API) provides a way for one or more applications to communicate and interact with each other.
How does Curlec’s API work?
Curlec’s API services allow integration with PayNet’s FPX service to securely perform transactions, both recurring and one-off, between participating banks.
How can I use Curlec’s API?
You can use your preferred language/HTTP client tool to access Curlec API services. Curlec’s API is not limited to any programming languages.
What are the main types of functionalities we can use Curlec’s API for?
You can use Curlec’s API services to set up mandates, collect one-off payments, check collection statuses, create payouts to your customers and so on.
Can I host the payment page on our website?
Yes. You can host the payment page on your application platform, while integrating with Curlec’s API services.
How to get access to the API documentation and a sandbox account?
Kindly reach out to us at support@wp.curlec.com to request for the API documentation and for us to set up a testing account for you.
How can I get technical support?
Please email us at support@wp.curlec.com if you encounter an issue you could not resolve. We will get back to you as soon as possible.
Direct Debit
Payments
Security
Direct Debit
What is a mandate?
A mandate is a form that you complete and authorise, allowing your merchant’s bank to collect recurring payments from your bank account directly. The form contains your personal details and collection terms. Without a mandate in place, your merchant will not be able to collect payments from your bank account.
How do I set up a mandate?
Your merchant will send you a link to an online mandate form via email or Whatsapp. You will need to authorise the mandate by logging into your online banking portal and complete a RM1 FPX transaction.
Why do I need to pay RM1 for authorisation?
The RM1 is paid to your merchant’s bank as a setup fee to ensure that your bank account is active and to inform your bank about the Direct Debit instruction. In some cases, your merchant might refund the RM1 to you.
How do I change the details on my mandate?
You need to contact your merchant to edit the details on your mandate. After that, they will ask you to confirm the updated details by re-authorising the mandate.
How do I monitor my payments?
You can sign up for a Curlec account to keep track of your Direct Debit/Instant Pay transaction history and monitor your mandates.
How do I terminate a mandate?
First, you need to sign up for a Curlec account. Once signed in, you would be able to view your active mandates and terminate them accordingly.
How do I restore a terminated mandate?
Once a mandate has been terminated, we are unable to restore it for you. If you accidentally terminate your mandate, you need to contact your merchant to send you a new mandate to be re-authorised.
Payments
Can I pay with a credit/debit card?
Yes. If your merchant accepts credit/debit cards for payments, we are able to process them via MasterCard/Visa processing networks.
How do I request for a refund for a payment charged?
If you were mistakenly charged or overcharged, you need to contact your merchant. Your merchant will investigate and issue a payment refund accordingly.
How do I make payment after it has failed?
Your merchant will contact you if the payment has failed due to insufficient funds. You can then top up funds into your account so that the payment can go through at the next collection attempt.
What email notifications will I receive?
You can expect the following email notifications:
Mandate authorisation request
Mandate setup confirmation
Payment collection reminder
Payment request
Mandate termination
How can I change my payment amount and date?
You need to contact your merchant if you wish to make adjustments to your payment plan that has been agreed upon earlier.
How can I change my email address?
To change the email address associated with your mandate, you need to inform your merchant. After that, they will ask you to confirm the updated email address by re-authorising the mandate.
How will Curlec payments appear on my bank statement?
Your merchant’s company name would appear as the payment reference on your bank statement.
Security
Is Direct Debit safe for me?
Absolutely. As an intermediary, funds are never credited into Curlec, settlement happens directly between the buyer and seller bank.
We are compliant with the Malaysian banking standards and our software is officially approved by Payments Network Malaysia (PayNet).
How does Curlec protect my data?
Curlec is a Personal Data Protection Act (PDPA) compliant company, policy found here. We also encrypt your credit card details before they are stored in Very Good Security's vault.
Curlec has been audited by a PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider (the most stringent level of certification available in the payments industry). We employ best-in-class security tools and practices to maintain a high level of security. Our PCI compliance is attested to annually by a PCI Qualified Security Assessor (QSA). Our most recent Attestation of Compliance (AOC) was issued by usd AG in October 2021. Click here to view our latest PCI certification.
Does Curlec or the merchant store my card details?
No. Neither Curlec or the merchant stores your card details, the information is securely held by Very Good Security Inc. Your card details are only tokenised for recurring collection purposes.
How do I report an issue?
Please email us at support@wp.curlec.com if you encounter an issue you could not resolve. Alternatively, leave us a message in the feedback section of the ‘Help’ button in your Curlec account. We will get back to you as soon as possible.