Support for Transfer transactions in bulk​

We have enhanced the Transfer Transaction process to save you time and effort. You can now instruct multiple transfers in a single API call using our new /bulks/transfers endpoint. Previously, you could only trigger a single Transfer transaction as one API call which was found to be cumbersome when executing multiple Transfer transactions simultaneously.

This improvement is especially beneficial for embedders who need to execute multiple transfer transactions for an identity at the same time, such as when loading or topping up several Pre-Paid Mode cards.

Key points about how it works:​

• Bulk Transfers are available on Multi and Back-Office APIs.
• The source and destination instruments for each transfer must be owned by the same identity.
• Transfers can be made between Managed Accounts and Managed Cards, and across these two types of Instruments.
• The request requires the source and destination Instrument IDs, and the amount for each transfer.

Key API details:​

• Endpoint: POST/bulks/transfers
• Key parameters for each Transfer in the request:
• Source and destination instrument Ids (managed_accounts or managed_cards)
• Amount

Cards can be created without requiring the cardholder mobile number registered​

We've simplified the process of creating Managed Cards for users. Previously, you could only create and assign cards to users who had already registered their mobile phone number. Now, you can create and assign cards to users even if they haven't yet registered their mobile phone number. This enhancement addresses scenarios such as when your Corporate customer is onboarding a new employee and they’d like to have their card ready for their start date.

While a mobile number is no longer required during card creation, it remains necessary for certain card actions, such as 3DS authentication during e-commerce transactions and manual provisioning a card to a digital wallet.

Key points about how it works:​

• Endpoint: POST/managed_cards
• Removal of 409 error USER_MOBILE_NUMBER_DOES_NOT_EXIST
• Mobile number of the user must be updated if the card is required to be used for e-commerce transactions, or manually provisioned to a digital wallet.

As part of this update, we deprecated the threeDSecureAuthConfig.linkedUserId parameter in favour of userId.

Extended list of MCCs available on the simulator​

We are extending the list of the MCCs that will be recognised in the following simulators we offer on our embedder portal:

• card purchase using card id
• card purchase providing card details
• card merchant refund

If an MCC is used in the simulator that is not part of this list, the action will still complete successfully, but the transaction will show with a default generic code MC - 5399 “Miscellaneous General Merchandise Stores”

More information is available here.

Additional detail in cards data insights​

If a card transaction has been declined, Embedder staff can now find out more details to support the End Customer, within the Data Insights area of the Embedder Portal.

In the "Details" view of the "Authorisations" dashboard, a new "Transaction Code" column shows what kind of transaction was attempted e.g. goods and services, or ATM withdrawal. This view already includes "Decline Type".

Note: Authorisations, including declines, are already reported in real-time via the card authorisations webhook. The webhook includes the authorisation type, whether it failed due to spend controls and the reason why, and the decline reason. This new field in Data Insights can help you analyse the success rate more generally for different types of card actions.

Longer Authorised User names permitted​

We have increased the character limit for both name and surname fields within the Authorised User creation endpoint, to 50 characters each (from a previous limit of 20). This enhancement accommodates users with longer names.

Affected APIS:

• Create an Authorised User POST/users
• Update an Authorised User PATCH/users/{user_id}

Note: a card assignee name limit remains unchanged as there is a limit to the number of characters that can be printed on the card. If the user's real name is longer than the space available to print on a card, the first name(s) should be truncated to aim to keep the surname complete. (For name on card requirements see POST/managed_cards)

Option to deduct excess authorisation amounts from next card virtual budget cycle​

We have added a feature to cover edge cases in card spend controls where a card’s availableToSpend has gone into the negative, and this negative amount can be optionally applied to (deducted from) the spend limit in the next interval.

This feature can be configured by setting rolloverPolicy.rolloverNegative to TRUE when creating or updating a card’s spend rules:

POST /managed_cards/{id}/spend_rules PATCH /managed_cards/{id}/spend_rules For API documentation as well as general documentation on spend controls.

Please contact Weavr support to get help testing out this new spend controls feature.

Card spend controls now allow zero-value authorisation for Google Wallet​

We've improved how we handle verification requests when end customer card assignees add their card to Google Wallet, which is done by a zero-value authorisation request. Previously, these verification checks could be incorrectly declined by the spend rules.

Now, legitimate account verification requests will process smoothly, making it easier for end users to add their card to Google Wallet while maintaining security for other types of transactions.

Improved matching of incremental authorisations to settlement​

We've improved our system to automatically link payment authorisations to their corresponding settlements with greater accuracy. This enhancement makes it easier for corporate customers to track and reconcile transactions, streamlining the reconciliation process and reducing manual effort.

Ability to send a new SMS OTP for confirming a transaction​

When performing Strong Customer Authentication (SCA) on Account-to-account payments (OWTs and Sends) using POST /challenges/otp/sms , if the end-user does not receive the SMS, our system now allows for a second SMS with a new OTP to be sent (as long as 15 seconds have passed since the first request). This is the same as previously implemented on POST /stepup/challenges/otp/SMS

The end-user already has up to four attempts to input the correct OTP from the SMS (via POST /challenges/{scaChallengeId}/otp/{channel}/verify) before it returns CHALLENGE_LIMIT_EXCEEDED.

Details are available in the documentation here.

End Customer ID included in OWT webhook​

In the Managed Account update webhook we are now providing an additional owner field to show which End Customer the Managed Account belongs to. This may help by removing the need to perform an API call to determine this information.

Indication if a card is currently blocked in upcoming expiry webhook​

Weavr sends Card notification webhooks to inform you of events related to the upcoming renewal and expiry of a card, so that you can ensure that the desired action takes place upon renewal or expiry: Card expiry and renewal

This includes for cards that are blocked, since the customer may still wish the card to be unblocked and renewed.

The webhook that provides advance reminders of expiring cards now includes detail of the card’s current blocked status.

If a card that is currently blocked is expiring, the End Customer cardholder, via the Embedder, can choose to let the blocked card expire without renewal, or can choose to renew the card and keep it in blocked state until any future action to unblock it. The only exception to this is where the reason a card is blocked is because it is “Lost”, in which case it cannot be renewed: instead, a new card would have been created at the time it was reported lost.

Additional webhook update when tracking is added to dispatched card​

Weavr sends a Card notification webhook to inform you of events related to the upgrade of a virtual card to a physical card, including when a card has been dispatched: Card upgrade to physical details

Now, if a tracking code is received from our fulfilment centre after the original dispatched webhook, Weavr will send you an additional “Card upgrade to physical details” message with the manufacturingState still in DISPATCHED and containing the deliveryTrackingCode.

New bulk operations: Block/unblock/remove Card​

End-customer businesses (i.e. Corporates) often have to perform certain actions in bulk or batches. Weavr has inbuilt support for operations in bulk, currently available in Beta, that can be managed as part of a Bulk Process for (and authorised by) a specific Corporate Identity.

Weavr has added three new operations related to the management of Cards that can be performed in bulk:

POST /bulks/managed_cards/{id}/block

POST /bulks/managed_cards/{id}/unblock

POST /bulks/managed_cards/{id}/remove

New webhook notification when the state of a card changes​

Card webhook notifications inform you of events that happen in relation to payment cards of End Customers.

We have added a new webhook that is sent whenever one of the following events occurs:

• Activate a physical card
• Remove a managed card
• Report a physical card as lost
• Report a physical card as stolen
• Card has expired
• Block a managed card
• Unblock a managed card The API documentation on the /managed_cards/state_change/watch webhook is found here: https://weavr-webhooks-api.redoc.ly/#tag/Managed-Cards

Improvements to the Incoming Wire Transfer simulator​

Developers and QA engineers in your team can use our simulator features to test various payment actions, including Incoming Wire Transfers (IWTs). In the simulator area of the Embedder Portal (in Sandbox mode) we provide screens to simulate the receipt of an IWT - i.e. a wire transfer payment from an external source to an internal Managed Account. 2024.12.05 We have now enhanced the simulations to reflect more real-world details about how these transactions are processed in Weavr programmes, in particular to construct the details of a simulated IWT in the different available payment rails of SEPA, [UK] Faster Payments, and SWIFT.

As shown above, testers can simulate IWTs with specific sender information. (Which IWT methods are actually available in production depends on the scope of each embedded finance programme.)

Because IWTs are treated differently in UK programmes, we will also provide for simulating the following:

• IWTs to Linked Accounts (i.e. self-to-self account funding). The screening of IWTs on Card-Focused programmes where a GBP IWT will be accepted if its from a Linked Account but rejected if it is not from a Linked Account.
• Conditional acceptance of IWTs
• Linked Account test funding transaction

Simulate IWT by Account ID​

It is also possible to simulate an IWT using Account ID. This is a quick and easy way to put funds on a Managed Account, that you may need for testing elsewhere. This method skips some of the steps when processing IWTs.

Note: IWT simulation features are also available via our Simulator API. If your engineering/QA team need support with either the GUI or API-based Simulator, we will be happy to support you via the normal channels.