Glossary

A collection of terms and their definitions

3

3DS (3-D Secure): 3-D Secure - an additional security layer for online credit and debit card transactions. It adds an authentication step where the cardholder verifies their identity with the card issuer during the purchase, reducing fraud and providing liability protection for merchants.

A

Approov: A third-party mobile security SDK that protects APIs from abuse by verifying that requests come from genuine, unmodified versions of your mobile app. Approov uses app attestation to ensure API calls originate from trusted app instances, preventing automated attacks, credential stuffing, and API scraping.
Authorised Users: Individuals that have been invited by the root user to manage an identity's instruments and transactions. They are not the legal owners of the identity but can be granted access to perform operations on behalf of the identity. For corporates, card assignees are created as Authorised Users.
Authorized User: An individual that has been invited by the root user to manage an identity's instruments and transactions. They are not the legal owner of the identity but can be granted access to perform operations on behalf of the identity. For corporates, card assignees are created as Authorized Users. US-English variant of _Authorised User_.

B

Beneficiary: A trusted recipient for payments that includes both information about the business or individual as well as their bank account or instrument details. When using trusted beneficiaries, customers may be allowed to skip Strong Customer Authentication (SCA) when executing Outgoing Wire Transfer or Send transactions, reducing the number of approval steps required.
Bulk Operations: The capability of grouping multiple individual API-based actions into a batch. Bulk operations allow you to execute hundreds or thousands of operations by making only one or two API calls, increasing throughput, accomplishing actions in a secure session, and reducing complexity in your application.
Bulk Process: A task created when initiating a group of bulk operations. The Bulk Process has a consistent lifecycle (statuses) and management method, regardless of the type of operation being performed. It can be in states such as SUBMITTED, RUNNING, PAUSED, CANCELLED, or completed states.
Buyer: A business entity in the Payment Run solution that can be provided with financial services to perform embedded payment runs. Buyers are onboarded through a KYB process and can create payment runs to pay their suppliers. They have roles such as Admin, Controller, and Creator.

C

Card Assignee: The person that a card is assigned to and who will use the card. For consumers, the card owner and card assignee are the same person. For corporates, the card assignee and card owner are different entities - the corporate is the card owner and the person using the card is the card assignee. Card assignees must be created as Authorised Users.
Card Lifecycle Management (CLM): The set of in-app card operations Apple and Mastercard expect an issuer app to surface so cardholders can self-serve without leaving the app. Typical operations: view card number / CVV / PIN, lock and unlock, freeze and unfreeze, replace, report lost or stolen, view balance, and view transactions. Issuer apps that omit any of these are flagged at lab certification.
Card Owner: The individual or business entity that owns the cards and the funds available to be spent via card purchases. Before cards can be issued, the card owner must be onboarded on Weavr, including completing a KYB process for business card owners or a KYC process for individual card owners.
Card User: The person that a card is assigned to and who will use the card for purchases. Weavr does not support anonymous cards, and therefore all cards must be linked to a card user before a card can be used. For consumers, the card owner and the card user is typically the same person. For corporates, the card users are employees or individuals authorised to spend the corporate's funds.
Confirmation of Payee (CoP): A service that automatically verifies bank account details when creating payment runs or outgoing wire transfers. For GBP payments, CoP checks return results showing Exact Match, Close Match, or No Match, including reason codes and additional information to help verify the payee details are correct.
Consumers (Consumer): Individual persons who can be onboarded as identities on Weavr. Consumer identities represent individual customers and require Know Your Customer (KYC) verification. For consumers, the card owner and card assignee are typically the same person.
Corporates (Corporate Identity): Business entities that can be onboarded as identities on Weavr. Corporate identities represent companies and require Know Your Business (KYB) verification. They can have multiple authorised users and issue cards to card assignees.
CVV (Card Verification Value): Card Verification Value - the 3-digit security code printed on a payment card, used to authenticate card-not-present transactions. Weavr returns CVV in tokenized form on `GET /managed_cards/{id}` (with a stepped-up token); the value is only detokenized inside the SDK's secure CVV display component.
Related terms: Tokenize, PAN, PIN

D

Debit Mode: A card mode where the card does not have a balance of its own. Instead, debit cards are linked to a parent managed account and the system uses the linked account's balance to authorise and settle purchases registered on the card. Spend limits can be specified on the card via spend controls.
Delegated API client: An API client type used with [Delegation of Authority](/apis/authentication/delegation-overview/) that authenticates via mutual TLS instead of end-user credentials. It receives access tokens scoped to a specific identity user and can perform operations server-to-server without triggering Strong Customer Authentication step-up.
Related terms: Delegation of Authority
Delegation of Authority (DoA): A program option that lets your backend perform automated operations on behalf of identity users without the user being present or completing a step-up. The delegated API client authenticates over mutual TLS (mTLS) and obtains an access token scoped to a specific identity, removing the need for SCA on its calls. End users grant consent once during onboarding. See the [Delegation of Authority overview](/apis/authentication/delegation-overview/) for the full flow.
Related terms: SCA, Step-up challenge

E

Embedder (Embedded Finance Provider): A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers.
Embedder Portal: A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each.

F

Faster Payments: The UK domestic real-time payment scheme (run by Pay.UK) used to clear GBP wire transfers between UK bank accounts in seconds. GBP managed accounts settle incoming and outgoing wire transfers via Faster Payments, and our [Confirmation of Payee](/transactions/owt/cop/overview) checks run over this scheme.

I

IBAN (International Bank Account Number): International Bank Account Number - a standardized international bank account identifier. Managed accounts can be assigned an IBAN to enable wire transfers to and from bank accounts outside of Weavr. IBANs are required for EUR accounts and enable SEPA transfers.
Idempotency: A property of an API that guarantees calling it multiple times with the same inputs produces the same result, with no additional side effects beyond the first call. An idempotent endpoint can therefore be safely retried after network errors or timeouts without risking duplicate transactions or state changes.
Identity: The verified representation of one of your customers on Weavr. An Identity can be a Corporate (a registered business entity) or a Consumer (an individual person). Identities must pass due diligence (KYB or KYC) before they can own Instruments or move money.
IdP (Identity Provider): Identity Provider - your external authentication service (such as Okta, Microsoft Entra ID, or Google Workspace) that signs users in and, in combination with SCIM, can provision them into the Embedder Portal.
Related terms: SCIM, Embedder Portal
In-app provisioning: The flow that adds a card to a digital wallet (Apple Pay, Google Pay) from inside an issuer's mobile app, using the issuer's own authentication. In Weavr's stack, in-app provisioning is implemented via our Push Provisioning SDK on iOS or React Native.
Related terms: Push Provisioning
Instrument: A financial product owned by an Identity. There are two types: Managed Accounts (stored-value accounts that hold balances and can receive wire transfers) and Managed Cards (prepaid cards - virtual or physical - used for purchases).
Issuer app: Apple's term for the mobile app that authenticates a cardholder and provisions their card to Apple Wallet. Apple's certification, brand, and Card Lifecycle Management requirements apply specifically to this app. In a primary + companion architecture, your primary app remains the issuer app even if the provisioning step happens in a companion app.
IWT (Incoming Wire Transfer): Incoming Wire Transfer - a transaction that occurs when funds from a bank account held at a third-party financial institution are moved to a Weavr managed account. IWTs are initiated externally by the owner of the source bank account, and the managed account must have an assigned IBAN to receive funds.

K

KYB (Know Your Business): Know Your Business - the identity verification process for corporate identities. This process allows you to seamlessly and securely verify your business customer's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers.
Related terms: KYC
KYC (Know Your Customer): Know Your Customer - the identity verification process for consumer identities. This process allows you to seamlessly and securely verify your user's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers.
Related terms: KYB

L

Lab certification: The formal test pass run by an Apple-affiliated test centre that verifies an issuer app meets Apple Pay's functional, security, and brand requirements. The test exercises every Card Lifecycle Management operation, the in-app provisioning flow, and the Wallet Extension. A successful pass is required before launching Apple Pay on a card programme; most first-time integrations fail at least one item and need a remediation round.
Linked Account: An entity in the Weavr system that represents an external bank account or payment service provider (PSP) account which an Identity has verified they own and control. This feature enables users to perform transactions, such as outgoing and incoming wire transfers, between their Linked Accounts and their Managed Accounts as 'self-to-self' transfers.

M

Managed Account: An account held at a financial institution that can be created and managed through the Weavr platform. Each account has a balance where customers can hold funds. Optionally, an IBAN can be assigned to enable wire transfers to bank accounts outside of Weavr.
Managed Card: A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User.
Multi: Weavr Multi is an embedded finance solution that allows you to integrate financial services into your own application, providing a seamless experience for your customers. It enables you to offer managed accounts, managed cards, and transactions without requiring financial expertise.

O

Open Banking: A service that allows customers to securely share their bank account information and authorize payments directly from their bank account. In Payment Run,Open banking can be used to link accounts and fund payment runs, providing a seamless experience for buyers.
OWT (Outgoing Wire Transfer): Outgoing Wire Transfer - a transaction that moves funds from a Weavr managed account to a bank account held at a third-party financial institution. OWTs require the managed account to have an assigned IBAN and the user to complete Strong Customer Authentication.

P

PAN (Primary Account Number): Primary Account Number - the long card number (typically 16 digits) printed or embossed on a payment card and used to identify the card on the payment network. Weavr never returns the raw PAN to your client; `GET /managed_cards/{id}` returns the PAN in tokenized form as `cardNumber`, and the value is only detokenized inside a Secure UI card-number component (a sandboxed iframe on the web, a secure native view on mobile).
Related terms: Tokenize, CVV, PIN
Payment Run: A list of payments created by Buyers to settle their outstanding financial obligations with their suppliers. Payment runs are typically managed by the accounts payable function within a business on a periodic basis and go through stages of creation, authorisation, funding, and execution.
Phyre: The third-party push provisioning vendor whose SDK we wrap to add cards to Apple Pay and Google Pay from inside an issuer app. On iOS and React Native, integrators install the Phyre CocoaPods source as part of our Push Provisioning SDK setup; the integration is otherwise abstracted behind our SDK.
Related terms: Push Provisioning, In-app provisioning
Physical Card: A payment card that is printed or embedded in wearables and sent to customers directly. Physical cards are created by first creating a virtual card and then upgrading it to a physical card. They are sent in an inactive state and must be activated by the card assignee before first use.
PIN (Personal Identification Number): Personal Identification Number - the numeric code a cardholder enters to authorize chip-and-PIN purchases and ATM withdrawals. PIN is only present on physical managed cards. Weavr returns it tokenized on `GET /managed_cards/{id}` (with a stepped-up token), and the SDK detokenizes it inside a secure PIN display component.
Related terms: Tokenize, PAN, CVV, Physical Card
Prepaid Mode: A card mode where the card has its own balance and purchases are authorised based on this balance. Cards in prepaid mode can be topped up with funds and support transactions such as transfers and sends. If there are insufficient funds, purchases are declined until the card has sufficient funds.
Profile: A template defining the configuration for one type of object - corporate identity, consumer identity, managed account, managed card, transfer, or outgoing wire transfer. When you create one of these objects you reference its Profile ID, which tells Weavr which limits, currencies, supported countries, branding, and fees to apply. Your programme ships with one or more Profile IDs per supported object type.
Programme: A programme represents your application within Weavr. Everything you create - Identities, Instruments, Transactions - sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production.
PSA (Push Step-up Authentication): Push Step-up Authentication - the mechanism in our mobile SDKs that delivers a step-up challenge to an enrolled device as a push notification and verifies it with the user's device biometrics. PSA covers device enrollment, biometric login, and biometric verification of SCA challenges for sensitive operations such as outgoing wire transfers or accessing card details. Exposed as `UXComponents.psa` on iOS and Android and via `initializePSA` on React Native.
Related terms: Step-up challenge, Stepped-up token, SCA
PSP (Payment Service Provider): Payment Service Provider - a regulated financial institution (such as a bank or e-money institution) that provides payment services like holding accounts, issuing cards, or executing transfers. PSPs are referenced as the holders of external accounts in features such as Linked Accounts, Confirmation of Payee, and Verification of Payee.
Related terms: Linked Account, Confirmation of Payee, Verification of Payee
Push Provisioning: A method that allows cardholders to add their card to a digital wallet (such as Apple Pay or Google Pay) directly from your app. The card details are securely tokenized and sent to the wallet provider, streamlining the process and enhancing the user experience compared to manual provisioning. This feature is currently in beta.

R

Root user: The individual who creates the identity. For corporate identities, the root user needs to be a legal representative of the corporate such as a director or a representative who has the power of attorney over the company. For consumer identities, the root user is the owner of the identity. Every identity must always have one root user.

S

SCA (Strong Customer Authentication): Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics).
SCIM (System for Cross-domain Identity Management): System for Cross-domain Identity Management - an open standard your IdP uses to provision and de-provision Embedder Portal users automatically. SCIM is opt-in for a programme; talk to Weavr support to enable it, then configure it under Configuration > General > SCIM in the Embedder Portal.
Related terms: IdP, Embedder Portal
Self funded: A self-funded programme is appropriate when your end-customers only need to send and receive wire transfers to and from themselves. External accounts on self-funded programs must be linked before they can send incoming wire transfers (IWTs).
Send: A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary.
SEPA (Single Euro Payments Area): Single Euro Payments Area - the European scheme that standardises euro-denominated bank transfers across participating countries. EUR managed accounts settle incoming and outgoing wire transfers via SEPA Credit Transfer (SCT) or SEPA Instant; our [Verification of Payee](/transactions/owt/vop/overview) check runs against the IBAN registered with the beneficiary's bank or PSP before a SEPA payment executes.
Step-up challenge: A two-factor authentication challenge required to step-up a user's authentication token for Strong Customer Authentication (SCA) compliance. Users must complete a second authentication factor (such as OTP via SMS, push notification, or biometrics) to access sensitive information or initiate certain transactions as required by PSD2 regulations.
Stepped-up token: An access token that has been elevated to a higher authentication level by successfully completing a step-up challenge (typically an OTP via SMS or a biometric prompt). A stepped-up token is required to perform sensitive operations such as creating a user, managing authentication factors, or confirming high-value transactions. See the [step-up authentication guide](/apis/authentication/stepup/) for how to issue and complete a challenge.
Related terms: Step-up challenge, SCA
Strong cardholder authentication: Apple Pay's requirement that a cardholder authenticate with at least two factors - typically a knowledge factor (password) plus an inherence factor (biometrics on a trusted device) - before adding a card to Apple Wallet or accessing sensitive card details. The principle aligns with PSD2 SCA but applies specifically to issuer-app interactions Apple inspects during certification.
Related terms: SCA
Supplier: A trusted business or individual that receives payments from Buyers through payment runs. Suppliers can be stored in a trusted supplier list, and when marked as trusted, may allow Buyers to skip Strong Customer Authentication when executing payment runs to those suppliers.

T

Tokenize: Replace a card's primary account number (PAN) with a unique digital token that stands in for the real card during a transaction. When a cardholder adds a card to Apple Pay or Google Pay via push provisioning, the wallet provider stores a device-specific token rather than the underlying PAN, so the real card number isn't exposed on the device or shared with merchants.
Related terms: Push Provisioning, In-app provisioning
Transfer: A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations.

U

UI key: A public key that authorizes Weavr's Secure UI components - the inputs and displays in our Web, Android, iOS, and React Native SDKs that handle passwords, PINs, card details, and KYC/KYB flows. Unlike the API key, the UI key isn't an API credential; you don't call REST endpoints with it. It's safe to embed in client-side code, and Sandbox and Live each have their own UI key.

V

Verification of Payee: The EU equivalent of Confirmation of Payee (CoP). A service that validates the name of a payment beneficiary against the IBAN registered with their bank or Payment Service Provider (PSP) before a SEPA payment is executed.
Virtual Card: A payment card that is created instantly and can be used for e-commerce and online purchases. Virtual cards are issued through the Mastercard network and are automatically enrolled in the 3D Secure program for increased security and limited fraud risk. They can be created in prepaid or debit mode.

W

Wallet Extension: An iOS app extension that integrates an issuer app with Apple Wallet. The UI Wallet Extension provisions a card from the issuer app into Wallet (the in-app provisioning flow). The Non-UI Wallet Extension exposes the issuer's card-management actions (such as 'View card details') from inside Wallet itself. Apple requires both for a primary issuer-app integration.
Wire Transfer: A transaction that moves funds between accounts. An incoming wire transfer moves funds from a third-party bank account to a Weavr managed account, while an outgoing wire transfer moves funds from a Weavr managed account to a third-party bank account. Wire transfers require the managed account to have an assigned IBAN (for EUR) or sort code and account number (for GBP).

Z

ZBA (Zero Balance Account): Zero Balance Account - an account held at a financial institution that maintains a 0 balance. When a payment run is ready to be funded, the exact amount required is transferred into the account, and any residual funds are automatically swept back to the originating bank accounts daily. This reduces fraud risk and maintains greater control over corporate funds.