Skip to main content

Multi API v3.37

· 3 min read
Dragos Tigoianu

Block mobile number change for 24 hours after account password change or email address change

As a measure to improve the security of information belonging to end-customers, we are introducing a new rule that will help securing user’s account.

If a user changes their password (via the reset password flow)

/passwords/lost_password/start /passwords/lost_password/resume

they will not be able to change the mobile number in the next 24 hours.

This guards against account-hijack risks by keeping the mobile number unchanged to receive security notifications, and preventing takeover of second-factor authentication.

Longer Requires_SCA validity for wire transfersWire Transfer A transaction that moves funds between accounts. An incoming wire transfer moves funds from a third-party bank account to a Weavr managed account, while an outgoing wire transfer moves funds from a Weavr managed account to a third-party bank account. Wire transfers require the managed account to have an assigned IBAN (for EUR) or sort code and account number (for GBP). and SendsSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary.

Until now, SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). authorisation for OWTOWT Outgoing Wire Transfer - a transaction that moves funds from a Weavr managed account to a bank account held at a third-party financial institution. OWTs require the managed account to have an assigned IBAN and the user to complete Strong Customer Authentication. and SendSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary. payments has allowed a pending/pending_challenge status for up to 30 minutes.

As more businesses use embedded payments within multiMulti Weavr Multi is an embedded finance solution that allows you to integrate financial services into your own application, providing a seamless experience for your customers. It enables you to offer managed accounts, managed cards, and transactions without requiring financial expertise.-party approval workflows, this may not be enough time for an approving person to complete the SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). step on a pending payment, especially where users are dealing with forward-dated or bulk payments (both features we are releasing soon). Accordingly we have increased the timeout to 7 days to accommodate these use cases.

Block list of commonly encountered spam or throwaway email domains

Working with accurate data and verifiable user-identities is essential to a well run embedded finance programme.

One problem that can face embeddersEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers., is end-users registering accounts with throwaway email domains. This could mean those users lose access to the email address, and is a common sign of invalid users, including potentially malicious sign ups.

Therefore we have implemented throughout our systems, a block list of commonly encountered temporary or spam email domains. We will validate all sign ups against this list and block any attempt to register with an email addresses from these domains.

Error 409 - "Email_Domain_Not_Allowed" - will be returned if an email domain on the list is used.

We review and maintain this block list regularly. However, contact us if you feel sign ups are being blocked incorrectly.

Bulk Transactions

There are often times that end customers want to work through a list or batch of payments, and doing this one by one can be rather slow and inefficient.We’re introducing a new Bulk Transactions feature which enables EmbeddersEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers. to present a new workflow to end customers where they can execute multiple payments under a single SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). approval. The individual payments will be automated and status of each, plus the overall Bulk Transaction, communicated via webhooks.Both OWTsOWT Outgoing Wire Transfer - a transaction that moves funds from a Weavr managed account to a bank account held at a third-party financial institution. OWTs require the managed account to have an assigned IBAN and the user to complete Strong Customer Authentication. and SendsSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary. can be used as the payment method in Bulk Transactions.

Bulk Transactions can also handle mixtures of GBP and EUR in the Payables, provided a Corporate has funding accounts in the right currencies.If all Payables in a Bulk Transaction list are to Payees previously registered in a Corporate Trusted Payees list then an SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). exemption can be applied, further reducing friction in business payments use cases.

Sender ID of SMS OTPs to Singaporean phone numbers (+65)

We have updated the Sender ID of the SMS OTP for card transactions of cardholders with a Singapore mobile number (+65). This will now show as being originated by “Thredd”, and will ensure the SMS message is not blocked due to an unregistered Sender ID. This is as a result of a regulatory change in Singapore coming into effect on 31st July that requires all SMS Sender IDs to be registered.