Why Weavr
Adding regulated financial features to your product is a build-or-buy decision. You can assemble the pieces yourself, becoming a regulated entity, contracting a card processor, procuring fraud monitoring, and standing up an onboarding operation, or you can embed them through us and ship.
Weavr is an embedded finance toolkit. We give you regulated accounts, cards, and payments as building blocks, so you can add financial features to your app without becoming a bank yourself. The point of this page is to make clear what that actually removes from your plate.
Build it yourself vs. build it with us
The table summarizes what an equivalent solution requires if you assemble it directly, and how we consolidate it.
| Capability | If you build it yourself | With Weavr |
|---|---|---|
| Regulatory permission | Hold your own license, or contract one, and carry the regulatory responsibility. | We hold the license; the regulatory responsibility sits with us. |
| Strong Customer Authentication | Build factor management and challenge orchestration, then pass an annual SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). audit and keep pace with PSD2 and PSD3 changes. | We run the SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). machinery end-to-end and keep it current. |
| Automated corporate payments | Establish a lawful basis to initiate payments without a present user. | We operate under an exemption that permits automated initiation on corporate accounts. |
| Onboarding (KYCKYC Know Your Customer - the identity verification process for consumer identities. This process allows you to seamlessly and securely verify your user's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers. and KYBKYB Know Your Business - the identity verification process for corporate identities. This process allows you to seamlessly and securely verify your business customer's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers.) | Run identity verification, screening, and a review operation, including chasing applicants for missing documents. | We run managed onboarding, including sourcing missing documents on your behalf. |
| Cards | Contract a processor separately, absorb per-card and per-transaction fees, and procure your own 3D Secure handling. | We provide a fully managed cardManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. programmeProgramme A programme represents your application within Weavr. Everything you create - Identities, Instruments, Transactions - sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production. with 3D Secure included. |
| Apple Pay and Google Pay | Fund and run lab testing, and manage Apple certification and the back-and-forth it requires. | We support you through certification, including lab coordination, to pass first time. |
| Fraud and transaction monitoring | Procure a monitoring system and staff a team to operate and review it. | We include fraud and transaction monitoring as a managed service. |
The rest of this page explains each row.
Managed authentication and compliance
PSD2 requires Strong Customer Authentication (SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics).) on most payments and account access. Building this yourself means factor management, challenge orchestration, and the cryptography that proves a token has been stepped up, and it does not end at launch. A generic provider expects your stack to stay PSD2-compliant, which typically means an annual SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). audit and keeping pace with new requirements as PSD3 comes into force.
We run the SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). machinery end-to-end. You don't build factor management, you don't orchestrate challenges, and you don't carry the audit cycle or the ongoing burden of tracking regulatory change. Our secure UI components also let your app display and capture sensitive card data without the raw values touching your systems, keeping you aligned with PSD2 and out of PCI scope.
For the detail of what PSD2 requires and what we handle, see the PSD2 compliance guide.
Automated payments on corporate accounts
Many corporate use cases, such as scheduled supplierSupplier A trusted business or individual that receives payments from Buyers through payment runs. Suppliers can be stored in a trusted supplier list, and when marked as trusted, may allow Buyers to skip Strong Customer Authentication when executing payment runs to those suppliers. payouts or bulk operationsBulk Operations The capability of grouping multiple individual API-based actions into a batch. Bulk operations allow you to execute hundreds or thousands of operations by making only one or two API calls, increasing throughput, accomplishing actions in a secure session, and reducing complexity in your application. triggered by your backend, need payments to run without a user present to complete an authentication challenge. Doing this lawfully depends on a regulatory exemption that most generic providers don't hold, which can block the use case entirely.
We hold the exemption that permits automated payment initiation on corporate accounts. Through delegation of authority, your backend can perform operations on behalf of identity users, such as automated card creation, scheduled transfers, or bulk operationsBulk Operations The capability of grouping multiple individual API-based actions into a batch. Bulk operations allow you to execute hundreds or thousands of operations by making only one or two API calls, increasing throughput, accomplishing actions in a secure session, and reducing complexity in your application., without a step-up challengeStep-up challenge A two-factor authentication challenge required to step-up a user's authentication token for Strong Customer Authentication (SCA) compliance. Users must complete a second authentication factor (such as OTP via SMS, push notification, or biometrics) to access sensitive information or initiate certain transactions as required by PSD2 regulations. on each one. You get an automated payment pipeline with the regulatory basis already in place, rather than building the exemption logic and carrying the compliance risk yourself.
Managed onboarding
Onboarding an identity is not a data-entry step, it triggers a due diligence process: document collection and validation, sanctions, PEP, and adverse-media screening, and ongoing monitoring once approved. We run this end-to-end through our KYC and KYB flows, and you embed it with a few lines of code.
What sets our onboarding apart is that it is managed, with a human in the loop. When an application is missing documentation, we proactively source it on your behalf rather than bouncing the request back to the applicant. That keeps friction off your end users and keeps the operational work, the review, the follow-up, the chasing, off your staff. You're buying an onboarding operation, not just a verification endpoint.
Card as a service
A managed cardManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. programmeProgramme A programme represents your application within Weavr. Everything you create - Identities, Instruments, Transactions - sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production. is not the same as a raw processor connection. Going direct to a processor means a separate commercial relationship and onboarding process alongside your provider, additional per-card and per-transaction fees for authorization and settlement, and procuring and managing your own 3D Secure handling. These costs sit outside the core contract and are easy to underestimate at the outset.
We consolidate all of this. You get a fully managed cardManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. programmeProgramme A programme represents your application within Weavr. Everything you create - Identities, Instruments, Transactions - sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production., with scheme connectivity, transaction processing, and 3D Secure included, under one relationship. That means lower implementation complexity and lower ongoing overhead than stitching a processor relationship into your stack yourself.
Apple Pay and Google Pay
Before you can launch an app that adds cards to Apple Pay, Apple must certify your integration, and certification is demanding. Lab testing is resource-intensive, and the approval process involves repeated, detailed back-and-forth with Apple and an affiliated test centre.
Our support team works with you throughout certification: mapping your product to the right certification path, providing the technical artifacts Apple requires, reviewing your app against the requirements before you submit, and coordinating the lab certificationLab certification The formal test pass run by an Apple-affiliated test centre that verifies an issuer app meets Apple Pay's functional, security, and brand requirements. The test exercises every Card Lifecycle Management operation, the in-app provisioning flow, and the Wallet Extension. A successful pass is required before launching Apple Pay on a card programme; most first-time integrations fail at least one item and need a remediation round. appointment. The aim is to help you pass first time rather than learn the process at your own expense. For the full picture, see adding cards to Apple Pay.
Fraud and transaction monitoring
Fraud and transaction monitoring is a regulatory requirement for any embedded finance offering. Building it yourself means procuring a monitoring system and staffing a team to operate and review it, a significant and unpredictable cost before you process a single payment.
We include fraud and transaction monitoring as a managed service. It runs as part of the platform, turning what would otherwise be a procurement project and an ongoing operational commitment into something you inherit by integrating with us.
What this means for your build
Taken together, we manage identity verification, card issuing, account infrastructure, scheme connectivity, regulatory compliance, fraud and transaction monitoring, and the supporting operations. You manage your app's experience, your user authentication, and how you surface financial data to your customers.
The value isn't only the API primitives, it's everything around them that you don't have to become a regulated financial institution to use.
Next steps
- How Weavr works, understand the core concepts before integrating
- 15-minute quickstart guide, get hands-on with the API
- PSD2 compliance guide, see what we handle on your behalf