Recipient Invitations
Overview
Recipient Invitations let you ask recipients to provide their own bank account information through a secure, private link — instead of collecting it manually. This is useful when you need accurate banking details from vendors, employees, or other payees but don't want to handle the exchange over email or phone.
Recipient Invitations are available on Pro and Max plans.
How It Works
- You create an invitation for a recipient from the ACH Drafter.
- The recipient receives a secure link (by email or shared directly).
- The recipient verifies their identity, enters their bank details, and submits.
- The bank account information is encrypted and saved to your recipient list automatically.
You never need to see or type the recipient's full account number — they enter it themselves through a secure form.
Sending an Invitation
- Open ACH Drafter and go to the Recipients tab.
- Click the Invite button next to an existing recipient, or click Create Invitation to invite someone new.
- Fill in the invitation details:
- Recipient Name (required) — The person or company name, up to 22 characters. The recipient will need to confirm this name to access the form.
- Email Address (optional) — If provided, FiSTWorks sends the invitation link by email automatically. If left blank, you can copy the link and share it yourself.
- Expiration — Choose how long the link stays active: 7, 14, 30, 60, or 90 days. The default is 30 days.
- Click Send Invitation.
If you provided an email address, the recipient will receive an email with instructions and a secure link. If not, copy the link from the confirmation and share it with the recipient directly.
Managing Invitations
Your invitations are listed in the Recipients tab with a status badge for each:
| Status | Meaning |
|---|---|
| Pending | The recipient has not yet completed the form. |
| Completed | The recipient has submitted their bank details. |
| Expired | The link expired before the recipient completed it. |
| Revoked | You cancelled the invitation. |
| Locked | The recipient entered the wrong name too many times. |
Actions you can take:
- Edit a pending invitation to update the recipient name or email.
- Copy Link to get a fresh invitation link you can share.
- Revoke a pending invitation to cancel it immediately. The link will stop working.
- Resend an expired, revoked, or locked invitation to generate a new link and give the recipient another chance. This resets the expiration and failed attempts.
What the Recipient Sees
When a recipient opens the invitation link, they go through two steps:
Step 1: Verify Their Identity
The recipient is asked to enter their full name. This must match the name you provided when creating the invitation. This prevents unauthorized access to the form.
If the name is entered incorrectly 5 times, the invitation is locked for security. You can resend the invitation to unlock it.
Step 2: Enter Bank Details
After verifying their name, the recipient sees a secure form where they enter:
- Routing Number — Their bank's 9-digit routing number.
- Account Number — Entered twice for confirmation.
- Account Type — Checking or Savings.
The form clearly shows your organization name so the recipient knows who is requesting the information. A security notice reminds them that their data is encrypted and only accessible to authorized members of your organization.
Confirmation
After submitting, the recipient sees a confirmation page with a summary of the bank name, masked account number, and account type. No further action is needed — they can close the page.
What Happens After Submission
Once a recipient completes the invitation:
- Their bank account details are encrypted and saved to your recipient list in the ACH Drafter.
- If the invitation was linked to an existing recipient, that recipient's record is updated with the new bank information.
- If it was a new invitation, a new recipient is created automatically.
- The invitation status changes to Completed.
You can immediately use the recipient in your next ACH draft.
Invitation Limits
| Plan | Maximum Pending Invitations |
|---|---|
| Pro | 50 |
| Max | 200 |
This limit applies to pending invitations only. Completed, expired, and revoked invitations do not count toward the limit.
Security
- Invitation links use a unique, cryptographically generated token. The token is never stored in readable form — only a secure hash is kept in the database.
- Recipients must verify their name before accessing the bank details form.
- After 5 incorrect name attempts, the invitation is automatically locked.
- All bank account information submitted through invitations is encrypted at rest.
- Every invitation action (created, completed, revoked, locked) is recorded in your organization's audit trail.