12 posts tagged with "linked-accounts"

As mentioned in our previous update, we are introducing another way for your customers to link an account and fund their payment runs to cover instances when their bank is not supported via Open Banking. This initiative involves a number breaking change to the current AIS, PIS and Linked Account Declaration UI Components.

Effective:

• 11 February 2025 on Sandbox
• 04 March 2025 on Live

Open Banking Fallback - Link an Account​

Users with the Controller role can now manually link their bank accounts, depending on the jurisdiction, without relying on Open Banking.

1. Updated UI component to include the manual option​

To link an account manually, you can still load the current AIS UI Component, were the component has been updated to include a new URL, "Can't find your bank?" at the end of the UI Component as pictured below:

2. Entering the bank account details​

When the "Can't find your bank?" option is selected, the user will be directed to a new screen where they must enter their bank account details. The following key fields will be required:

• Business Account Name: The registered owner’s name of the account at the external bank or PSP. This should match the name on the external account to ensure successful linkage and compliance with verification steps.
• Bank Name: The name of the bank.
• Bank Country: The country in which the bank or financial institution holding the account is located. This is essential for regulatory and compliance purposes.
• Account Information: The IBAN or the combination of the Account Number and Sort Code of the account at the external bank or PSP. This uniquely identifies the account within the financial institution and is necessary for processing transactions.

3. Declaration of Ownership via SCA Challenge​

Ensuring that the registered linked account belongs to the Identity attempting to link it is crucial. As part of this process, declaration of ownership is conducted through a Strong Customer Authentication (SCA) challenge, which must be completed by a user with the Controller role.

Upon initiating the Linked Account registration, the Controller user must successfully complete the SCA challenge to confirm ownership.

4. Control Check through a test funding Transaction​

After successfully completing the SCA process, user must demonstrate control over the external account by performing a test funding transaction. The UI component will redirect the user to the final screen, displaying the following details:

• Amount to be sent
• Account number
• Sort Code
• Reference Code

Open Banking Fallback - Fund a Payment Run​

Your users with the Controller role will be able to use the newly created manual linked account to fund the payment run.

1. Updated UI component to allow funding using a manual linked account​

To use the manually linked account, the user can load the current PIS UI Component, were the component will have a new screen

Linked Account Declaration UI Component​

When adding a Linked Account via Open Banking a user with the Controller role. of the Identity must complete an Strong Customer Authentication (SCA) challenge to confirm ownership of the Linked Account.

Currently, the SCA declaration process is handled using the Linked Account Declaration UI component.

What's Changing?​

The SCA ownership declaration will now be managed through the new Linked Account UI component, formerly known as the AIS UI component.

This change offers a more streamlined and efficient solution for linking accounts.

When loading the new Linked Account UI component, you must provide the following parameters:

• callbackUrl
• state
• linkedAccountId

Breaking Change Updates​

To make the UI component more generic and to support the Open Banking fallback of the manual account linking and funding initiative, we have renamed the below UI Components:

• From weavrComponents.prompt.ais to weavrComponents.prompt.linkAccount
• From weavrComponents.prompt.pis to weavrComponents.prompt.paymentFund

You will also need to start handling the new PENDING_FUNDING state. This state will be sent to you via an event in the UI component and in the Linked Account Update webhook event.

Also, the SCA ownership declaration will now be managed through the new Linked Account UI component, formerly known as the AIS UI component.

When loading the new Linked Account UI component, you must provide the following parameters:

• callbackUrl
• state
• linkedAccountId

Action Required​

Rename the UI Components as follows:

• From AIS UI Component to Link Account UI Component
• From PIS UI Component to Payment Funding UI Component
• Start using the new Linked Account UI component to SCA a Linked Account.
  • Take note that to use this UI component you need to add the callbackUrl, state and linkedAccountId

If no action is taken​

Although this is a small change, if no action is taken, you application will not be able to load the AIS and PIS UI Components accordingly, resulting in your customers not being able to link an account or fund a payment run.

Also, your application will no longer support SCA declarations for Linked Accounts through Open Banking, potentially disrupting account link functionality.

Detailed instructions are available in our documentation on how to:

• Link an Account
• Fund a Payment Run
• Complete SCA for a Linked Account

We are deprecating the Linked Account Declaration UI component to streamline the loading process and simplify your integration with UI components.

Effective:

• 11 February 2025 on Sandbox
• 04 March 2025 on Live

Linked Account Declaration UI Component​

When adding a Linked Account via Open Banking a user with the Controller role of the Identity must complete an Strong Customer Authentication (SCA) challenge to confirm ownership of the Linked Account.

Currently, the SCA declaration process is handled using the Linked Account Declaration UI component.

What's Changing​

The SCA ownership declaration will now be managed through the new Linked Account UI component, formerly known as the AIS UI component. More information on this can be found here.

This change offers a more streamlined and efficient solution for linking accounts.

When loading the new Linked Account UI component, you must provide the following parameters:

• callbackUrl
• state
• linkedAccountId

Action Required​

Start using the weavrComponents.prompt.linkAccount instead of weavrComponents.prompt.linkedAccountDeclaration to perform SCA declarations for Linked Accounts. To load weavrComponents.prompt.linkAccount you must provide the following parameters:

• callbackUrl
• state
• linkedAccountId

If no action is taken​

If this change is not implemented, your application will no longer support SCA declarations for Linked Accounts through Open Banking, potentially disrupting account link functionality.

We are introducing another way for your customers to link an account and fund their payment runs to cover instances when their bank is not supported via Open Banking. This initiative involves a breaking change to the current AIS and PIS UI Components.

Effective:

• 11 February 2025 on Sandbox
• 04 March 2025 on Live

Open Banking Fallback - Link an Account​

Users with the Controller role can now manually link their bank accounts, depending on the jurisdiction, without relying on Open Banking.

1. Updated UI component to include the manual option​

To link an account manually, you can still load the current AIS UI Component, were the component has been updated to include a new URL, "Can't find your bank?" at the end of the UI Component as pictured below:

2. Entering the bank account details​

When the "Can't find your bank?" option is selected, the user will be directed to a new screen where they must enter their bank account details. The following key fields will be required:

• Business Account Name: The registered owner’s name of the account at the external bank or PSP. This should match the name on the external account to ensure successful linkage and compliance with verification steps.
• Bank Name
• Bank Country: The country in which the bank or financial institution holding the account is located. This is essential for regulatory and compliance purposes.
• Account Information: The IBAN or the combination of the Account Number and Sort Code of the account at the external bank or PSP. This uniquely identifies the account within the financial institution and is necessary for processing transactions.

3. Declaration of Ownership via SCA Challenge​

Ensuring that the registered linked account belongs to the Identity attempting to link it is crucial. As part of this process, declaration of ownership is conducted through a Strong Customer Authentication (SCA) challenge, which must be completed by a user with the Controller role.

Upon initiating the Linked Account registration, the Controller user must successfully complete the SCA challenge to confirm ownership.

4. Control Check through a test funding Transaction​

After successfully completing the SCA process, user must demonstrate control over the external account by performing a test funding transaction. The UI component will redirect the user to the final screen, displaying the following details:

• Amount to be sent
• Account number
• Sort Code
• Reference Code

Open Banking Fallback - Fund a Payment Run​

Your users with the Controller role will be able to use the newly created manual linked account to fund the payment run.

1. Updated UI component to allow funding using a manual linked account​

To use the manually linked account, the user can load the current PIS UI Component, were the component will have a new screen

Breaking Change Updates​

To make the UI component more generic and to support the Open Banking fallback of the manual account linking and funding initiative, we have renamed the below UI Components:

• From weavrComponents.prompt.ais to weavrComponents.prompt.linkAccount
• From weavrComponents.prompt.pis to weavrComponents.prompt.paymentFund

You will also need to start handling the new PENDING_FUNDING state. This state will be sent to you via an event in the UI component and in the Linked Account Update webhook event.

Action Required​

Rename the UI Components as follows:

• From AIS UI Component to Link Account UI Component
• From PIS UI Component to Payment Funding UI Component

If no action is taken​

Although this is a small change, if no action is taken, you application will not be able to load the AIS and PIS UI Components accordingly, resulting in your customers not being able to link an account or fund a payment run.

As mentioned in our previous update, we are implementing measures to combat Authorized Push Payment (APP) Fraud.

Effective:

• 28 October 2024 on Sandbox
• 29 October 2024 on Live

Changes in Buyer Onboarding​

To minimize risk, at this stage we will be limiting access to the product to only Enterprise Businesses. To differentiate between Enterprise and Micro Enterprise businesses, we are adding two additional steps to the current onboarding process:

1. New Terms & Conditions agreement onboarding screen​

Onboarding flows for Buyers will change to require an updated method of recording agreement to financial institution terms and conditions (FI T&Cs).

All Buyer Admin users will now be shown the following screen when onboarding:

This enables us to record the agreement of the End Customer to the FI T&Cs directly, as well as automatically update the version of T&Cs if they are revised in future. T&Cs updates will be communicated in advance in each case.

This FI T&Cs agreement screen will be added automatically to the KYB UI Component, prior to the Customer Due Diligence steps (e.g. identity verification and proof of address) in the rest of the process.

Documentation links:

• KYB Onboarding
• Buyer Due Dilligence

2. Updated/moved Micro-enterprise declaration in KYB onboarding​

As well as the above new T&Cs step for all onboarding flows, we will now require a clearer Micro-enterprise declaration, which we are adding into the KYB onboarding:

As shown, the Buyer's Admin User needs to answer the two additional questions and then agree to the declaration about whether the Buyer is or is not considered a Micro-enterprise.

Changes to the Linked Account Process​

We are strengthening the verification process for linking accounts by ensuring that the activation of a Linked Account requires the successful completion of two verification steps; a declaration of ownership via an SCA challenge and internal checks by Weavr:

1. Declaration of Ownership via SCA Challenge​

When adding a Linked Account via the Account Information Service (AIS) UI Component it is critical to confirm that the registered linked account belongs to the Identity attempting to link it. As a result, the state of the linked account will initially transition to PENDING_CHALLENGE rather than LINKED, A user with the Controller role of the Identity must then complete an Strong Customer Authentication (SCA) challenge to confirm ownership of the Linked Account.

More information about linked an account can be found in our documentation.

2. Internal Checks by Weavr​

A name verification check will be automatically triggered by the Weavr platform and, when necessary, flagged for review by the Weavr Compliance team. This ensures that the name of the Linked Account holder matches the Identity registered with Weavr. The internal checks are required as another layer in the verification process to verify that the Linked Account belongs to the same person of the Identity.

During this process, we have introduced a new state, PENDING_VERIFICATION, which will remain until the Compliance checks are completed. These checks will result in either a REJECTED or LINKED status.

Updates to the Linked Account webhooks and Get endpoints​

We have updated the Linked Account update webhook event and both the Get linked accounts and a linked account with the new states: PENDING_CHALLENGE, PENDING_VERIFICATION and REJECTED.

Updates to the Linked Account states on the Embedder Portal​

The linked accounts in the embedder portal have been updated to display the new states: PENDING_CHALLENGE, PENDING_VERIFICATION and REJECTED.

Action required​

Migrate your application to start handling the new updated states related to the Linked Account verification process:

• PENDING_CHALLENGE: The Linked Account is pending challenge.
• PENDING_VERIFICATION: The Linked Account is pending the completion of the required verification steps.
• REJECTED: The Linked Account did not pass one or more verification steps and is not eligible for use.

If no action is taken​

If no action is taken, your application will be unable to handle the updated responses when linking a new account, preventing your users from performing an SCA challenge. As a result, the linked account will remain in the PENDING_CHALLENGE state.

New Linked Account SCA Declaration Challenge UI Components

• Linked Account SCA Declaration Challenge.

Affected Webhook Events

• Linked Account Update

Affected API endpoints:

• GET/linked_accounts
• GET/linked_accounts/{linked_account_id}

In the UK, APP (Authorized Push Payment) Fraud is a growing type of scam, where fraudsters trick individuals into authorizing payments to accounts controlled by criminals. Unlike traditional fraud, where unauthorized transactions are made without the victim’s consent, APP fraud involves convincing the victim to willingly transfer money under false pretenses.

Weavr is committed to mitigating this type of fraud. To that end, we have enhanced our security measures for when your users add a linked account and we have refined the onboarding process.

Effective:

• 28 October 2024 on Sandbox
• 29 October 2024 on Live

Changes in Buyer Onboarding​

To minimize risk, at this stage we will be limiting access to the product to only Enterprise Businesses. To differentiate between Enterprise and Micro Enterprise businesses, we are adding two additional steps to the current onboarding process:

1. New Terms & Conditions agreement onboarding screen​

Onboarding flows for Buyers will change to require an updated method of recording agreement to financial institution terms and conditions (FI T&Cs).

All Buyer Admin users will now be shown the following screen when onboarding:

This enables us to record the agreement of the End Customer to the FI T&Cs directly, as well as automatically update the version of T&Cs if they are revised in future. T&Cs updates will be communicated in advance in each case.

This FI T&Cs agreement screen will be added automatically to the KYB UI Component, prior to the Customer Due Diligence steps (e.g. identity verification and proof of address) in the rest of the process.

Documentation links:

• KYB Onboarding
• Buyer Due Dilligence

2. Updated/moved Micro-enterprise declaration in KYB onboarding​

As well as the above new T&Cs step for all onboarding flows, we will now require a clearer Micro-enterprise declaration, which we are adding into the KYB onboarding:

As shown, the Buyer's Admin User needs to answer the two additional questions and then agree to the declaration about whether the Buyer is or is not considered a Micro-enterprise.

Changes to the Linked Account Process​

We are strengthening the verification process for linking accounts by ensuring that the activation of a Linked Account requires the successful completion of two verification steps; a declaration of ownership via an SCA challenge and internal checks by Weavr:

1. Declaration of Ownership via SCA Challenge​

When adding a Linked Account via the Account Information Service (AIS) UI Component it is critical to confirm that the registered linked account belongs to the Identity attempting to link it. As a result, the state of the linked account will initially transition to PENDING_CHALLENGE rather than LINKED, A user with the Controller role of the Identity must then complete an Strong Customer Authentication (SCA) challenge to confirm ownership of the Linked Account.

More information about linked an account can be found in our documentation.

2. Internal Checks by Weavr​

A name verification check will be automatically triggered by the Weavr platform and, when necessary, flagged for review by the Weavr Compliance team. This ensures that the name of the Linked Account holder matches the Identity registered with Weavr. The internal checks are required as another layer in the verification process to verify that the Linked Account belongs to the same person of the Identity.

During this process, we have introduced a new state, PENDING_VERIFICATION, which will remain until the Compliance checks are completed. These checks will result in either a REJECTED or LINKED status.

Updates to the Linked Account webhooks and Get endpoints​

We have updated the Linked Account update webhook event and both the Get linked accounts and a linked account with the new states: PENDING_CHALLENGE, PENDING_VERIFICATION and REJECTED.

Action required​

Migrate your application to start handling the new updated states related to the Linked Account verification process:

• PENDING_CHALLENGE: The Linked Account is pending challenge.
• PENDING_VERIFICATION: The Linked Account is pending the completion of the required verification steps.
• REJECTED: The Linked Account did not pass one or more verification steps and is not eligible for use.

If no action is taken​

If no action is taken, your application will be unable to handle the updated responses when linking a new account, preventing your users from performing an SCA challenge. As a result, the linked account will remain in the PENDING_CHALLENGE state.

New Linked Account SCA Declaration Challenge UI Components

• Linked Account SCA Declaration Challenge

Affected Webhook Events

• Linked Account Update

Affected API endpoints:

• GET/linked_accounts
• GET/linked_accounts/{linked_account_id}

We’ve introduced a new webhook that allows you to receive notifications when a linked account consent of a Buyer is set to expire within the next 10 days.

Effective:

• 01 October 2024 on Sandbox
• 01 October 2024 on Live

The webhook sends real-time notifications, helping you stay informed about upcoming buyer linked account consent expirations, this will reduce the risk of account disruptions due to expired consent.

You can subscribe to the webhook here.

Affected webhook event:

• Linked Account Expiring Soon

As previously communicated, we are removing the deprecated delete a linked account endpoint.

Effective:

• 12 August 2024 on Sandbox
• 20 August 2024 on Live

Action required​

Migrate your application to start using the new unlink an account endpoint and remove dependencies on the delete a linked account endpoint.

If no action is taken​

If no action is taken, you will receive an HTTP 404 error when calling the delete a linked account endpoint.

Affected API endpoints:

• DELETE/linked_accounts/{linked_account_id}

We have updated the linked accounts screen in the embedder portal to provide you with more information about your buyers linked accounts.

Effective:

• 01 July 2024 on Sandbox
• 09 July 2024 on Live

When logging in to you embedder portal, and you select a Buyer > Linked Bank Accounts you'll see two new columns displaying the 'Status' and the 'Consent expiries in'.

• The 'Status' will display the status of the linked bank account, Linked or Unlinked.
• The 'Consent expires in' will display the days left until the buyer is required to re-consent the linked account before it expires.

The consent information can be also retrieved from the get linked accounts or get linked account endpoints.

You can find more information about linked accounts and consents in our docs.

We are delighted to announce that Weavr is enabling EEA customers to make use of the Embedded Payment Run Solution. Apart from the UK, Embedded Payment Run is now available for end-customers in the European Economic Area. End-customers residing in the EEA can now onboard, fund and make domestic payments in Euros on the SEPA bank transfer rails.

Effective:

• 01 July 2024 on Sandbox
• 09 July 2024 on Live

EEA countries supported​

Weavr is now supporting buyers residing in the following countries:

Austria	Belgium	Cyprus	Denmark
Finland	France	Ireland	Italy
Estonia	Luxembourg	Latvia	Netherlands
Norway	Poland	Portugal	Slovakia
Slovenia	Spain	Sweden

Retrieve Open Banking Institutions​

To ensure that you can support your buyers to link an account and to fund a payment run we have created an endpoint that retrieves all the available institutions that use open banking.

We suggest that you enable your end-customers to verify that their current financial institutions are supported by Weavr before they onboard.

New API endpoints:

• Get Institutions

Account Information Service (AIS) Consent in the EEA​

In the EEA, the Account Information Service (AIS) consents can be granted up to 180 days. This means that your users are required to extend their consent to continue using the associated Linked Account every 180 days.

Retrieve the linked account consent expiry and status​

The Get Linked Accounts & Get a Linked Account endpoints have been updated to contain the consent information with the below fields:

• expiresAt
• expiresIn
• status

Note: If the consent, expired the:

• expiresAt will contain a value of '0'.
• expiresIn will contain the date in the past of the AIS consent expired.

You will also receive the AIS consent expiry and status (expiresAt, expiresIn & status) in the link account update event.

Extend the AIS consent​

To extend the consent in EEA you need to provide the linkedAccountId parameter of the linked account in the AIS UI Component.

• Extending an AIS consent before the 180 days pass​

  The consent can be initiated before 180 days elapse, this means that your user will be shown a consent renewal request screen for Weavr to continue accessing their bank account information. If the user clicks on 'I Consent' your user will be redirected to their Bank's portal to approve the consent request. In the Banking portal, the bank will ask them to authenticate and re-confirm the bank account to be shared.

• Extending an AIS consent after the 180 days pass​

  Initiating the AIS consent after 180 days, can still be extended, however your user will be shown an expired consent screen. To renew the consent, your user will be redirected to their Bank's portal to approve the consent request. In the Banking portal, the bank will ask them to authenticate and re-confirm the bank account to be shared.

Buyer endpoints updated to accept 'EUR'​

We have updated the buyer endpoints to accept the 'EUR' currency in the supportedCurrencies object:

• POST/buyers
• GET/buyers
• PATCH/buyers

Payment run endpoints updated to accept 'EUR'​

We have updated the payment run API and events endpoints to accept the 'EUR' currency in the currencies object:

• POST/payment_runs
• GET/payment_runs
• GET/payment_runs/{payment_run_id}
• GET/payment_runs/{payment_run_id}/fund

Events endpoints update:

• Payment Run Update
• Payment Update

Linked account endpoints updated to accept 'EUR'​

We have updated the linked account API and event endpoints to accept the 'EUR' currency in the currencies object:

• GET/linked_accounts
• GET/linked_accounts/{linked_account_id}
• POST/linked_accounts/{linked_account_id}/unlink

Updated Events endpoints

• Linked account update webhook

Embedder Portal settings​

When you open a sandbox account, upon the registration form you are required to choose the jurisdiction you are residing in. If you select "EEA" (European Economic Area) then by default, the EUR currency will be selected.

Effective:

• 05 June 2024 on Sandbox
• 26 June 2024 on Live

We have made improvements to our error messages within the Account Information Service (AIS) flow to ensure that users can only link one account at a time.

With this update, a specific error message, CANNOT_LINK_MULTIPLE_ACCOUNTS, will be generated if users try to link more than one account. This error message will only be received during the AIS UI Component phase.

Users with the controller role must now ensure they link only one account during the AIS flow. Attempting to add multiple accounts will trigger the linked account update webhook with the new CANNOT_LINK_MULTIPLE_ACCOUNTS error. This change aims to streamline the account linking process and reduce errors.

Affected Events

• Linked Account Update

Affected UI Components:

• AIS UI Component

Effective:

• 14 May 2024 on Sandbox
• 3 July 2024 on Live

The delete a linked account endpoint, currently deletes the linked account, and once a linked account is deleted it cannot be retrieved. This makes it difficult for your buyers to trace and reconcile which linked account was used to fund previous payment runs.

Therefore, we are marking the delete a linked account endpoint as deprecated following the release of the new unlink an account endpoint.

Action required​

Migrate your application to start using the new unlink an account endpoint and remove dependencies on the delete a linked account endpoint.

If no action is taken​

If no action is taken, you will receive an HTTP 404 error when calling the delete a linked account endpoint.

Affected API endpoints:

• DELETE/linked_accounts/{linked_account_id}

Effective:

• 14 May 2024 on Sandbox
• 17 May 2024 on Live

We have created a new endpoint to enable users with controller role to unlink bank accounts. Bank accounts should be unlinked if the buyer does not want to use them to fund payment runs anymore, thus removing the risk of using the wrong bank account in the future.

New POST unlink endpoint​

The new endpoint POST/linked_accounts/\{linked_account_id}/unlink will have the following parameters:

• Request: the linked_account_id to unlink
• Response: the updated linkedAccount object and the status will change from CONNECTED and DISCONNECTED to LINKED and UNLINKED.

If your buyers try to confirm and/or fund a payment run using an unlinked account, you will receive an HTTP 409 error code LINKED_ACCOUNT_INVALID_STATE.

Linked Account GET endpoint​

When calling the GET linked accounts or GET linked account endpoints, you will receive the unlinked account information with the status as UNLINKED and the consent of the account as EXPIRED.

Linked Account webhook event​

You will be notified when a buyer unlinks an account if you are subscribed to the linked account webhook event. The linked account webhook event will also be updated to receive the status as UNLINKED and the consent of the account as EXPIRED.

Affected Events

• Linked Account Update

Affected API endpoints:

• DELETE/linked_accounts/{linked_account_id}
• GET/linked_accounts
• GET/linked_accounts/{linked_account_id}
• GET/payment_runs/{payment_run_id}/fund
• POST/linked_accounts/{linked_account_id}/unlink