Frequently asked questions
Access, login & passwords
How do I login to PaymentStream AFT?
Visit www.valleyfirst.com/aft
Enter your own, unique User ID, your password and the code from your soft or hard security token (refer to 2-Step Security below).
What happens if I enter an incorrect password at login?
After seven consecutive, unsuccessful password login attempts, the user will be locked out for 30 minutes, even if the login attempts are made over several days.
What are the password requirements for PaymentStream AFT?
AFT Passwords MUST:
- be minimum of eight (8) characters in length
- contain at least one (1) opposite case character
- contain at least one (1) non-alphanumeric character
- contain at least one (1) number character
- not be the same password used as the last 24
Note: A user that has not accessed the system in 12-months will be automatically removed.
Security & authentication (Tokens)
What is 2-Step Security?
2-Step Security is a method of authenticating a user by confirming two factors of authentication: a username and password and a physical hard token or soft security token on a smart phone. The token is required to access the PaymentStream AFT application.
What are hard and soft security tokens and are they mandatory?
Security tokens are mandatory as all users are required to have 2-Step Security to access PaymentStream AFT. Users have the choice of either soft or hard security tokens.
- A soft token is installed on a user’s trusted device such as a smartphone, tablet or iPad. The device must have an authenticator app installed for the security process to work. We recommend the Google Authenticator app.
- A hard token is a physical device that is provided by Tru Cooperative Bank. The cost of hard token is $10.00 per token.
If I use the soft token on my smartphone will I be charged for data usage?
Google Authenticator is a free app for Android, iPhone, or BlackBerry and does not require Wi-Fi or data connectivity (i.e. in Airplane Mode). Data is only used during the initial download of the app to your device.
Can I share my security token?
No. Tokens are security devices and cannot be shared or reassigned.
We just had an employee leave and another employee start; can we assign the security token to the new employee?
No. Tokens are security devices and cannot be shared or reassigned. Please contact your Advisor and they will be happy to assist.
Do tokens expire?
No. However, hard security tokens have a non-replaceable battery that last approximately three years. Therefore, hard tokens have a suggested replacement date of three years from the time they are issued. Members are responsible for purchasing replacement tokens.
How do I purchase a replacement token?
Please contact your Advisor and they will be happy to assist.
Can someone have both a hard and soft security token?
It is possible to deactivate a token to switch to another type of token, however, users cannot have both tokens simultaneously.
What if someone starts using one type of security token and wants to switch to another type?
It is possible to switch to another type of token. However, the current token that they are using will be retired and can never be reused or re-assigned to another user. I have multiple different AFT accounts that I use for different purposes.
Is it possible to get a single security token assigned to all of them?
For security reasons, there is no option to assign a single security token to multiple accounts. If you have access to multiple Originators IDs with different User IDs, a soft security token is the best option as is the Google Authenticator app will store all your tokens for the various User IDs on your smartphone.
Can a user have different rights for different Originator IDs?
Yes, a user can have different rights set up for different Originator IDs.
I lost my security token, how do I get a new one?
Please contact your Advisor and they will be happy to assist.
Approvals, limits & notifications
What is mandatory forced approval?
Mandatory forced approval is when an organization has one or more Originator ID(s) and the monthly limit accumulatively exceeds a threshold in either debits or credits. All originator IDs for that organization will require approval. Mandatory forced approvals are automatically enforced within PaymentStream AFT.
Can I choose to have approvals on my originator ID(s)?
Yes, you can set-up users so that they require approval. Approvals are placed on unique user IDs, allowing you to either set-up all users or just specific users. If any user is set-up to require approval, then you will need to have another user set-up with approval permissions.
Can I get my limits increased temporarily?
Yes, please contact your Business Banking Advisor regarding any changes to your limits.
Will I get an email notification?
There are two types of email notifications: Confirmation emails for validation of files or transactions. The primary contact attached to the Originator ID will received confirmation emails for validation of files – the primary cannot opt out; however, additional users can opt out of them. Email notifications of action required. Users with approval rights will receive an email advising of tasks that require attention. Users cannot opt out of these email notifications.
Processing, releases & timing
How does processing work on non-business days work?
If the due date falls on a non-business day then the payment will be processed on the next business day. There is a business day only option available in the new system for credit records only. If selected, and a due date falls on a non-business day, the system will calculate the payment to be due on the business day before. This is mostly for payroll purposes and allows the user to leave it to the system to always ensure the payments are delivered on business days. For this feature to work, it must be selected in PaymentStream AFT.
Can I release individual records in PaymentStream AFT?
Yes, the system allows user to select all or individually select transactions for release.
Can I switch between various AFT types?
No, in order to subscribe to a different AFT type, your current Originator ID would need to be closed and a new application would need to be initiated for a different AFT type. This would be considered an additional Originator request and would be charged as such.
The system shows the option to release 3 days prior to the due date but the User Guide States you can submit up to 14 days in advance?
A file can be submitted up to 14 days prior to the due date. Check ‘Advanced’ and select 14 days.
System & device compatibility
Are there any specific system requirements to use PaymentStream AFT?
Windows 8.1 or higher and Internet Explorer 9 or higher is recommended. However, you can still use Windows 7, but you will need to use Chrome instead of Internet Explorer. All other browsers such as Firefox or Safari are also compatible.
Can I use the new application on a MAC computer?
Yes, PaymentStream AFT is MAC compatible.
Can I use the new application on an iPad?
Yes, provided you have Safari browser.
File uploads
Can I use third party software to upload a file to the AFT application?
Yes, you may use off the shelf commercial or proprietary account software to upload a transaction file, provided the file meets the CPA Standard 005. Please check with your current software provided to ensure it meets the standard file requirements.
Reporting & retention
What is the retention history for PaymentStream AFT reports?
Automated release and Manual Release
Report Name | Kept For |
Record Change Report | 18 months |
Activity Log Report | 3 months |
Originator ChangeReport | 12 months |
Release History Report | 18 months |
Transaction History Report | 18 months |
File Upload
Report Name | Kept For |
Activity Log | 3 months |
File History Report | 18 months |
Transaction History Report | 18 months |
Originator Change Report | 12 months |