Enhanced Webhook Logs Filters and PII Data Masking​

We previously released a view of Webhook Logs within the Embedder Portal. While it was possible to search and browse, users also asked to be able to filter the list view.

We have now added filters to the Webhook Logs page so Embedder Portal users can filter the list to view items by date, identity, instrument, event type, and status.

These filters can be combined, offering an easy and powerful way to locate and review webhook event history.

Please note we mask sensitive Personally Identifiable Information (PII) in Webhook Logs in the same way we do in API webhook responses. Data masked includes: name, surname, email, and payment beneficiary (except for friendly name on Managed Accounts and merchant name on purchases, which are not considered PII).

Showing KYC rejection reason for temporarily rejected consumers​

We would like to inform you about the upcoming enhancements to our consumer Know Your Customer (KYC) status information within our Embedder Portal.

We are providing you with additional information to understand why the KYC application has been rejected and what additional information the consumer needs to provide in order to continue the KYC process.

With this update, if the consumer KYC status is temporarily rejected the existing KYC state indicator tooltip will show further information.

These enhancements will be automatically presented on the Embedder Portal, and are designed to offer you greater visibility of your customers KYC progress, whilst enabling your teams to better guide and support your consumer customers.

Mobile Number Invalid Input API Response Refinement​

Previously if a mobile phone number sent via API call during user registration/enrolment was invalid according to the API specification, Weavr would only return a 500 (exception) error. This response has been refined to return 409 - Mobile_Number_Invalid.

Please note that Embedders are currently responsible for validating user input on telephone country codes (i.e. ITU-T standard international subscriber dialing (ISD) code). We are planning a future change to enforce validation on the Weavr API side. Further information on this future change will be provided in due course.

Affected APIs:

• POST multi/corporates
• POST multi/consumers

API Validation:

• Corporate
• Consumers

Changing of Mobile Verification and OTP SMS Sender ID​

UK regulatory authorities are taking measures to reduce the number of deceptive text messages that encourage individuals to share personal or financial information, click on malicious links, or download harmful software or applications.

Consequently, they are implementing restrictions on SMS Sender IDs (the sender's name displayed in the SMS) used within the United Kingdom (UK) containing specific characters. Sender IDs with common, generic names, such as AUTHCODE and AUTHSMS, will no longer be supported, and this change will come into effect by the end of this month.

In response to this regulation change, from Monday, 30th October 2023, we will update the SMS Sender ID of Mobile Verification and One Time Passcode (OTP) messages to reflect your programme’s name. We will contact you within the next few days to confirm the new Sender IDs. If you choose not to use your programme name, the default Sender ID will be WEAVR.

It is important to note that the current 3-D Secure (3DS) SMS Sender ID is WEAVR and we are actively working to align this SMS with those used for Mobile Verification and OTP purposes.

There is no required action for you to take in connection with this change; however, we do recommend sharing this information on the different SMS Sender ID with your customers ahead of the change taking place.

Webhook Logs Page Improvements​

We have recently significantly improved our Webhook Logs page in the Embedder Portal to enhance your user experience and provide you with more valuable insights regarding your webhooks.

You will notice that we included an additional column in the Webhook Logs table and refined the column headings. We improved the page by refining the structure in which the logs are presented. We included a new Event Type column that categorises different Operations, making it easier to identify and understand your logs.

These changes lay the groundwork for upcoming enhancements to our search capabilities. Soon, you will have the ability to filter logs by Event Type and more, making it effortless to find the exact information you need.

These enhancements are designed to streamline your experience, and you will automatically see these changes in the Embedder Portal.

Password Complexity Information​

We have made notable improvements to the Weavr Authentication page found within the Settings menu in the Embedder Portal.

If your application utilises our Password component, we have now added concise details regarding the configured password complexity level required for authentication. The Password Complexity information on this page offers specific guidelines on the complexity level.

This information dynamically adjusts based on your configured password complexity level and you will find it automatically visible in the Embedder Portal.

Data Insights Dashboards Enhancements​

We are continuously working on improving the functionality within Data Insights to allow you to analyse and understand your data better. As part of this release, we have worked on enhancing our dashboards by introducing the following details:

1. We have enhanced the Fees Details dashboard by introducing the Owner ID field within the details table. This field helps in outlining the owner to which the fee was charged. Additionally, it is also now possible to filter on the Owner ID via the filters accessible from this dashboard.

2. We have also updated the details table within the Managed Account Incoming Transfers dashboard by including a new IBAN(s) column, allowing you to view IBANs related to the pertaining managed account.

Improvement in identifying Beneficiaries​

We have implemented a fresh approach to identifying beneficiaries. You now have the flexibility to allocate your custom reference to a beneficiary, which can be later used to access beneficiary details, including the identifier, beneficiaryId, necessary for initiating payment instructions.

You can now access your custom reference, externalRefs in the following methods:

• POST multi/beneficiaries
• GET multi/beneficiaries
• GET /multi/beneficiaries/\{{beneficiary_id\}\}

Improvement to email address validation during Corporate onboarding​

In the past, Corporate Root Users who attempted to sign up for an account but didn't complete the process because their email address wasn't validated, would encounter an error if they tried again later. This error indicated that the email address was already in use, leaving the user with the option to either use a different email or abandon the sign up process altogether.

To enhance ease of use, we are now enabling users to proceed with a new registration even if their email address was previously awaiting validation from a prior attempt.

Recall that the Weavr Multi API will return error number 409 with the message:

• ROOT_EMAIL_NOT_UNIQUE, if the email the corporate root user attempted has already been validated or is waiting to be validated within the last 60 minutes
• VERIFICATION_CODE_INVALID, if the corporate root user attempts to validate the email address more than 60 minutes after it was sent

Physical Cards Overview Dashboard Enhancement​

As mentioned in our latest communication, physical cards can now be delivered in bulk either for yourself or your customers.

We have enhanced the details panel within the Data Insights section of the Physical Cards Overview dashboard to facilitate the display of bulk-delivered cards. This enhancement is designed to provide you with a more comprehensive view of all physically delivered cards that were dispatched in bulk.

Accepting apostrophes/single quotes in Email Addresses​

You can now start using apostrophes (‘) and single quotes (‘) when registering new email addresses. This enhancement guarantees a more accurate representation of your customer's email addresses during registration.

The affected Multi Product APIs are:

• POST/users
• PATCH/users
• POST/passwords/lost_password
• POST/login_with_password

Improvements to the downloadable PDF Statement for Accounts and Card transactions​

We have updated the downloadable PDF Statements to show the filtered date range, along with the starting and closing balances corresponding to that specific period. This enhancement ensures that the PDF statements are comprehensive and suitable for internal reconciliation, audits, and various other purposes.

Beyond Account transactions, you can now also download PDF statements for your card transactions.

Delivery of Cards in Bulk​

We are now offering the convenience of bulk card delivery, allowing you to receive up to 200 cards in a single package, either for yourself or your customers.

To initiate a bulk delivery request, simply set the bulkDelivery parameter to True and include the contactNumber field in your call. The deliveryAddress parameter must be exactly the same for all the cards marked for bulk delivery.

The delivery methods that support bulk delivery are COURIER with a maximum of 200 cards delivered at once, and REGISTERED_MAIL with a maximum of 90 cards delivered at once.

Physical Cards are dispatched from our supplier twice weekly at 08:00 GMT on Monday and Thursday mornings. Requests received in between these cut-offs (and marked as bulkDelivery) will be packaged into a single bulk delivery.

The affected Multi Product APIs are:

• POST/managed_cards
• PATCH/managed_cards/\{id\}
• POST/managed_cards/\{id\}/physical
• GET/managed_cards
• GET/managed_cards/\{id\}
• POST/managed_cards/\{id\}/physical/replace_damaged
• POST/managed_cards/\{id\}/physical/replace_lost_stolen

Processing deposits improvements​

To avoid confusion, and misunderstandings regarding the availability of funds for a deposit that is being processed, or held for review, we are simplifying the way that we notify you.

Currently, in the case where a deposit is received but held for further checks, or action is required from the end-customer in the form of a Source of Funds (SOF) declaration, we add the amount to the actualBalance of the account and show the transaction as PENDING in the activity statement on the portal. These two events will no longer occur. We will however continue to reach out to you if a SOF declaration is required, via the existing channels. Once any review has been completed successfully, the funds will show in the availableBalance on the account and in the activity statement (as happens today).

Deposits that are being processed, but held for review, can be seen in the deposits dashboard of Data Insights, with state UNDER_REVIEW.

Consumer registration retry with previously unvalidated email address​

Previously, if a Consumer End User (Root User Identity on Consumer Programme) initiated an account sign up but didn't complete the process due to the email address validation not being done, if that person came back later to try again, they would meet an error that the email address is already in use. They would either have to use a different email address, or might give up.

Now, to improve conversion and usability in such a case, we allow the user to continue at the time of the new registration, ignoring if that email address was previously stuck in a validation pending state from a previous registration attempt. Provided the user then completes the email validation (within a standard 60 minute time window), they can proceed successfully.

If the email attempted by the consumer root user is already validated, or waiting to be validated (within the last 60 minutes), Weavr will return an error: 409 "ROOT_EMAIL_NOT_UNIQUE”

If the user is too late trying to validate the email address (after 60 minutes) Weavr returns: 409 "VERIFICATION_CODE_INVALID"

Save custom fields with cards​

We are introducing a new option to save custom fields linked to cards, enabling more advanced data analysis.

You have complete authority and oversight over these fields. The information stored within these fields remains untouched in processing, but it is presented in reports and utilised for filtering, enhancing data manipulation and analysis capabilities.

You can start populating the new externalData object when using the create (POST/multi/managed_cards) or update (PATCH/multi/managed_cards/\{id\}) card APIs with up to 10 Name/Value fields. The exact same fields are returned in the get APIs (GET/multi/managed_cards and GET/multi/managed_cards).