Building the Bank Details Step: Modulus Checking on the Mandate Form
Building the Bank Details Step: Modulus Checking on the Mandate Form
Release v1.0.28
With v1.0.28 we've shipped Step 4 of the tenant-facing Direct Debit mandate form — the bank details entry step. This post covers what we built, why modulus checking matters, and how bank details are handled securely.
What the Tenant Sees
Step 4 presents three straightforward fields:
- Account Holder Name — the name on the bank account the tenant wishes to debit
- Sort Code — the 6-digit UK sort code for their bank branch
- Account Number — the 8-digit account number
These are the minimum fields required to submit a Direct Debit instruction via AUDDIS/BACS.
Why Modulus Checking?
Not every combination of sort code and account number is valid. Banks and payment schemes use a set of mathematical checks — defined by Vocalink (the company that operates the UK payments infrastructure) — to verify that a given sort code / account number pair is structurally correct before it is ever submitted to BACS.
Without modulus checking, a tenant who miskeys their account number (e.g. transposes two digits) would pass form validation, the mandate would be submitted, and the failure would only surface days later when the AUDDIS return came back from the bank. That's a bad experience for everyone — the tenant, the agent, and the service.
Modulus checking runs entirely client-side, using the Vocalink algorithm. This means:
- Instant feedback — the tenant is told immediately if their sort code / account number combination looks wrong, before they move to the next step.
- No server round-trip — validation doesn't depend on network latency or API availability.
- Reduced failed mandates — the most common source of mandate failures (data entry errors) is caught at the point of entry.
It's worth being clear about what modulus checking doesn't do: it confirms the combination is mathematically valid, but it cannot confirm the account belongs to the tenant, that the account is open, or that it has sufficient funds. Those checks happen downstream through BACS and the banks themselves.
Bank Name Lookup
Once a valid sort code is entered, the form resolves and displays the bank name associated with that sort code. This gives the tenant an immediate sanity check — if they entered Natwest's sort code but the form shows "Barclays", they know something is wrong before they proceed.
This is a small UX detail but an important one. Sort codes are not particularly memorable and are easily mistyped. Showing the bank name catches the class of errors that modulus checking cannot — valid combinations belonging to the wrong bank.
Secure Storage
Bank details are sensitive financial data. Once submitted, the account holder name, sort code, and account number are all encrypted at rest in the database. The mandate form collects this data on behalf of the letting agent and it must be handled accordingly — both to satisfy the DD scheme rules and to meet reasonable expectations of data security.
Where This Fits in the Mandate Form
The mandate form is a multi-step flow. Step 4 (bank details) sits here:
| Step | Description |
|---|---|
| 1 | Personal Information |
| 2 | DD Terms & Conditions |
| 3 | Payment Details |
| 4 | Bank Details ← this release |
| 5 | Video Verification |
| 6 | ID Verification |
| 7 | Right to Rent (property mandates only) |
| 8 | Confirmation |
The next steps to complete the form are video verification and ID verification.
Summary
- Step 4 of the mandate form is now live: account holder name, sort code, account number
- Client-side Vocalink modulus checking validates sort code / account number combinations before submission
- Bank name is derived from sort code and shown to the tenant for confirmation
- All bank details are encrypted at rest