Support for POLi, PayID, bank transfer and AUD in casino platforms

Introduction

Australian players prefer local payment methods: instant bank transfers via POLi, PayID/Osko under NPP and a traditional transfer bank, all in AUD. It is important for the operator to ensure seamless integration, instant processing, compliance with regulations and a reliable architecture.

1. Overview of payment methods

1. POLi Payments

OAuth-user authorization through the bank interface, without cards and additionally SMS codes.

Instant deposit, suitable for deposits.

2. PayID/Osko (NPP)

Translation by identifier (email, phone), the NPP network standard provides calculation within seconds.

Requires integration with PSP supporting Australia's New Payments Platform.

3. Bank transfer (BPAY/direct transfer)

BPAY: generation of Biller Code and Customer Reference, payment is made by the user in the Internet bank; enrollment up to 24 hours.

Direct AUD-transfer: SWIFT/IBAN transfer, suitable for large amounts, processing time 1-3 working days.

4. AUD currency

All operations in AUD: correct display, storage in the database, rounding to cents ('DECIMAL (12.2)').

2. Integration architecture

mermaid
flowchart LR
Player -->|initiate deposit| API-Gateway
API-Gateway --> PaymentService
PaymentService -->|init POLi| POLi-API
PaymentService -->|init PayID| PSP-API
PaymentService -->|generate BPAY| BillingService
POLi-API -->|webhook| PaymentService
PSP-API -->|webhook| PaymentService
BillingService -->|polling / webhook| PaymentService
PaymentService --> TransactionService
TransactionService --> AuditDB

API-Gateway: validation, rate-limiting, routing to PaymentService.

PaymentService: unified point for all AUD methods, stores' paymentId ',' method ',' status', 'metadata'.

BillingService: module for BPAY accounts and polling status.

TransactionService: ACID transactions update the balance and log operations.

AuditDB: immutable store of request and response logs.

3. Implementation of POLi

1. Initiation:

http
POST /api/payments/poli/init
{
"amount": 100. 00,
"currency": "AUD",
"returnUrl": "https: //casino. com/poli/callback"
}

→ `{ paymentId, poliUrl }`

2. Player Redirection:

The player is redirected to 'poliUrl', logs in to the bank, confirms the payment.

3. Webhook processing:

http
POST /api/payments/poli/callback
Headers: X-Signature
Body: { paymentId, status, bankTransactionId }

Checking HMAC by'X-Signature '.

Update 'status': 'pending' → 'approved '/' declined'.

When'approved '- start'TransactionService. credit(playerId, amount)`.

4. PayID/Osko Implementation

1. Initiation:

http
POST /api/payments/payid/init
{
"payId": "user@example. com",
"amount": 250. 00,
"currency": "AUD",
"Description": "Casino deposit"
}

→ `{ paymentId, transactionRef }`

2. Webhook notification:

PSP шлёт `POST /api/payments/payid/callback { paymentId, status }`.

Similar signature verification.

Statuses: 'pending', 'settled', 'failed'.

5. Implementation of BPAY and bank transfer

1. BPAY account generation:

http
POST /api/payments/bpay/generate
{ "amount": 500. 00 }

→ `{ billerCode, customerRef, expiryDate }`

2. Polling statuses:

`GET /api/payments/bpay/status? billerCode = & customerRef = 'every 15 minutes.
При `PAID` — update `approved`, credit funds.

3. Direct Bank Transfer:

Mapping of account details (SWIFT, BSB, Account) in UI.
Transactions are reconciled manually or automatically by incoming bank statements via SFTP.

6. Localization and UX

Formatting:

js
new Intl. NumberFormat('en-AU', { style: 'currency', currency: 'AUD' }). format(1000)
// "A$1,000. 00"

UI:

Selection of the method in the deposit: POLi, PayID, BPAY, Bank Transfer icons.
Description of terms and commissions under each method.
Verification before the first input: KYC/AML.

7. Security and fault tolerance

TLS 1. 2 + for all APIs and Webhooks.

Circuit Breaker (Resilience4j) for PSP calls, disabling the method when error-rate is> 5%.

Retry-logic with exponential backoff in case of temporary failures.

Audit Trail: all webhook events and transactions are stored for at least 7 years according to regulations.

8. Testing

Sandbox modes:

POLi: `poli. sandbox. domain 'with fake' test _ user 'tokens.
PSP: test credits from PayID providers.
E2E tests (Cypress): scripts: initiate → emulate callback → check balance.
Load Testing (k6): simulation of 1000 concurrent deposits by POLi and PayID.

Conclusion

Integration of POLi, PayID/Osko and traditional bank transfers into AUD requires a single PaymentService, reliable webhook processing, format localization and fault-tolerant architecture with circuit breaker and retry mechanisms. This approach ensures fast deposits, high CR and Australian compliance.