Release Notes

We are excited to announce that our Host-to-Host integration with Raiffeisen Bank International (RBI) now supports correct Trace ID in Credit (Purchase Return) transactions. This update is designed to significantly enhance data integrity, ensuring more accurate and reliable transaction processing.

We are expanding our Multi-Factor Authentication (MFA) support to include non-administrative roles, enhancing the security of Personally Identifiable Information (PII) under Gramm-Leach-Bliley Act (GLBA, United States federal law) requirements.
Key Highlights:

• Existing MFA setup: MFA is already enabled for admin roles (Administrator, Operator, Account Access).
• New MFA Support: Customers can now enable MFA for non-administrative roles (Accounting Global, Call Center, Call Center Restricted, Analysis) through a simple configuration setting.

How to configure:This feature is by default disabled (set to true) for non-administrative users in the user interface of our platform. To check and change, follow the path in the configuration: Administration > User Configuration > Disable 2FA for non-admin user roles (true/false).

This update provides an additional layer of security, ensuring comprehensive protection for all user roles.

We are streamlining the process for resetting or updating the Developer Portal configuration by ensuring that no new Bearer token is generated. This change reduces friction for customers using this structure for their tests.
Key Highlights:

• No New Bearer: When resetting or updating the developer portal configuration, the existing Bearer token remains unchanged.
• Simplified Process: To generate a new Bearer token, simply delete or move the OPP_Merchant structure. Any new reset or update will recreate the structure with a new Bearer.

This update enhances the user experience by maintaining consistency and reducing unnecessary steps.

In alignment with Visa and Mastercard's ambition to process every single digital payment transaction with a network token, we are excited to announce support for network tokens in one-time payments.
Main Features:

• Immediate Network Token Provisioning: Network token provisioning is attempted immediately for one-time payments.
• 3D Secure flow and Payment with Network Token: If the network token is active, 3D Secure checks and payment will be performed using the network token.
• Fraud Screening with Real PAN: Fraud screening will be conducted using the real PAN to benefit from consortium data.

How to configure: Enable this feature in the user interface of our platform, following the path in the configuration: Administration > Processing > Network Tokenization > Process one-time payments with network tokens (default: false).
This update ensures efficient and compliant transactions for one-time payments.

We have introduced a new feature that allows the creation of duplicate users within our platform. This enhancement addresses the need for merchants to manage users across different Payment Service Providers (PSPs) efficiently.
Key Highlights:

• Flexible User Management: Merchants can now create the same username (e-mail address) under different PSPs, simplifying user management.
• Seamless Integration: This update aligns with our backend support for duplicate users, ensuring a smooth experience.

Our integration with Worldpay now supports Dynamic Merchant Category Code (MCC) and Merchant Country of Origin. These new fields are optional and can be configured in your Merchant Account.

Dynamic Merchant Category Code (MCC): If you're a Payment Intermediary merchant, you might need to include the MCC of your sub-Merchant or retailer if it's different from your own. Be sure to check with your Worldpay Relationship Manager to understand when this is required or allowed. They'll also guide you on which MCCs can be used in these cases.
Merchant Country of Origin: Some Payment Intermediary merchants may need to add a new data element in their authorization messages and clearing file records. If your sub-merchant is 50% or more owned by a government, you must include the Country of Origin of the owning government. For example, the visa issuing department of the U.S. embassy in the UK will indicate the U.S. as the owning government in all card transaction messages. Here's a list of MCCs for which this is required:

• 9211 (Court costs including alimony and child support)
• 9222 (Fines)
• 9311 (Tax payments)
• 9399 (Government services - not elsewhere classified)
• 9402 (Postal services - government only)
• 9405 (Intra-government purchases - government only)
• 9406 (Government-owned lottery [global, excluding U.S. region])

We are excited to introduce a new feature that helps merchants track transaction statuses more accurately. This update allows merchants to include transaction status updates in their SFTP exports, ensuring that any late notifications from acquirers are captured in the reports.

What's New:
Intermediate and Final Statuses: In HOURLY reports, you might see an intermediate status (e.g., PENDING). The final status will appear in a future report, depending on the payment method or acquirer.
Configuration Setting: Enable the searchByRequestResultTime setting under Administration > Processing > Automatic Transaction Export (via SFTP) > Configure Automatic Transaction Export reporting.

We are excited to announce enhancements to our network tokenization process to ensure that cards are tokenized as early as possible in the payment workflow. This update streamlines the payment process, providing a more efficient and secure transaction experience, especially for customers transitioning to network tokens.

What's New:

• Early Tokenization: Cards are now network tokenized before 3DS or payment. We check if the network token is active and use it if available; otherwise, we fall back to the PAN.
• Optimized Workflow: This change allows us to benefit from network tokens sooner, assuming they are provisioned by the schemes and approved by the issuer.

On October 23, 2024, we released a significant improvement to our omni tokens management. We did not stop there and continued enhancing the system. Today, we are thrilled to announce that our omnichannel customers are enabled to leverage network tokenization for their omni tokens across channels. This enhancement currently supports server-to-server integration, with future support planned for COPYandPAY. It provides several benefits:

• Higher Authorization Rates: Benefit from higher acceptance rates with networks and issuers.
• Better Incentives: Gain better incentives when transacting due to adherence to network rules.
• Enhanced Visibility: All payments made with omni tokens are now visible in the Payment Orchestration Platform.
• Onboarding: Omni merchants are now required to first onboard with card networks before network tokens can be used in payments.

This update ensures that our omnichannel customers can maximize the advantages of network tokenization, leading to more efficient and successful transactions.

Providing our customers with compliant integrations is a top priority. We have updated our integration with Rapyd to meet MasterCard mandate AN 9425. With this update, refund authorization will be requested before submitting the clearing file. This ensures a more streamlined and efficient refund process, aligning with industry standards and simplifying transaction management.

Elavon has updated the requirements for processing transactions with MasterCard. We have seamlessly aligned our Elavon and EUROCONEX integrations to meet these new standards. Now, MasterCard transactions for both integrations will include the Universal Cardholder Authentication Field (UCAF) value for Electronic Commerce Indicator (ECI) values "02", "01", and "N2", ensuring compliance and smooth processing. The change targets the aim to enhance security and prevent fraud.

In our strive to keep on top of the security best practices, we are introducing a preparatory step for the secure storage of API Bearer tokens used in transaction requests. While these tokens are currently not hashed, we are taking steps to ensure they are securely stored from creation.

Key Points:

• Token Creation: An API Bearer token is generated and displayed in a pop-up when a merchant entity is created. Store it securely in your vault.
• Future Hashing: Tokens will be hashed before storage in future updates.
• Irrecoverable Tokens (Future): Once hashed, tokens cannot be recovered. New tokens will need to be generated if needed.

This step is crucial for enhancing transaction security and protecting your API Bearer tokens. Stay tuned for further updates!

We have enhanced our COPYandPAY onReady callback to support smooth Apple Pay integration. Now, you can add the Apple Pay button during asynchronous payment flows, ensuring it appears only after the Apple Pay JavaScript is fully loaded. This guarantees a seamless integration, with the callback triggered only after the button is successfully added.

We are committed to providing the best experience for our customers. Our updated integration with Apple Pay now fully supports the card type information provided by Apple Pay. Previously unused, this data is now seamlessly incorporated and processed by our system. For further details, see our API reference, chapter Apple Pay, and the Integration documentation.

In our commitment to continuously improve tokenization, we have refined the onBeforeSubmitOneClickCard callback. It now triggers only after successful form validation for the oneClick widget, ensuring a smoother and more reliable user experience.

We are excited to announce improvements to our Single Sign-On (SSO) system, including a new user consent feature for accessing private information. This is especially beneficial for customers integrating their applications with our SSO, ensuring clarity and consistency with their UI style.
Users will see a consent page detailing the specific data being accessed (e.g., name, preferred username), and the consent page will match the look and feel of the login UI.
This enhancement ensures transparency and user control over private information, making integration seamless for our customers.

We are committed to compliance and have aligned our system with the Mastercard Global Risk Investigation Program (GRIP) mandate. This update introduces new transaction data elements to improve interoperability and authorization approval rates.
The following fields are now required for all transactions processed with a sponsored Merchant Identification Number via Valitor/Rapyd API Version 1:

• Merchant Street
• Merchant State or Province
• Merchant Country Code
• Merchant URL Address
• Merchant Phone Number

We are excited to announce that Naver Pay, one of Korea's most popular digital wallets, is now available through direct integration with our platform.

Key Points:

• Seamless Integration: Easily integrates with Naver's ecosystem.
• Versatile Payment Options: Supports credit cards and bank transfers.
• Rewards Program: Users earn Naver Pay Points for discounts on future purchases.
• Multi-Device Access: Accessible across desktop and mobile devices for a consistent user experience.

To accommodate acquirers who prefer to handle decryption themselves, our platform now includes an option to pass encrypted Google Pay token data directly to the acquirer. This update ensures that the encrypted token can be seamlessly transferred for Google Pay transactions.

Worldpay has updated its method for recognizing recurring transactions, replacing the Merchant Identification Number (MID)-based system with a flag expected in the transaction request. As a result, all recurring Customer Initiated Transactions (CIT) and Merchant Initiated Transactions (MIT) will now be automatically flagged to Worldpay, regardless of the Merchant Identification Number (MID) used.

We are excited to announce that we have added support for Geographic Coordinates to our Host-to-Host integration with Raiffeisen Bank International (RBI). This enhancement allows for more precise location data, improving the accuracy and reliability of transactions.

We are pleased to announce that our integrations with eMerchantPay, TrustPay, Citibank, FDMS UK, and Paystrax now support payment authorization using network token transaction data for Visa and MasterCard networks. This enhancement ensures more secure and efficient payment processing across these platforms.

We acknowledged that the compulsory 3D Secure flow for our integration with Mastercard Payment Gateway Services (MPGS) is a limitation for some customers. Therefore, we have extended the list of values sent in the apiOperation parameter to MPGS. Previously, the apiOperation parameter was always used to initiate the 3D Secure flow on the acquirer side. Now, it can be used to either execute or bypass the 3D Secure flow on the acquirer side.

We are excited to announce the launch of our new Single Sign-On product, SSO2!
This upgrade brings significant improvements, leveraging the latest technology stack and security frameworks.

Key points to note:

• No impact on existing applications: our applications using Single Sign-On, such as BIP, Virtual Terminal, or Developer Portal, will continue to function as they do today. Users will experience no change in their login process.
• Enhanced integration for customers: SSO2 is designed for customers who wish to integrate their own applications with SSO, providing a more secure and streamlined experience.
• Interactive documentation: We now offer an interactive guide to help customers experience the integration process firsthand. See SSO.

Why SSO2 is important:

• Simplified access: One login for all applications, reducing the need to remember multiple passwords.
• Enhanced security: Centralized, secure authentication that mitigates the risk of breaches.
• Boosted efficiency: Faster, seamless access to all necessary tools and applications, enhancing productivity.

We are thrilled to announce significant improvements to our omni tokens management system, designed to boost security and efficiency. This new version currently supports server-to-server integration, with future support planned for COPYandPAY.

Key Highlights:

• New Merchant Tokens: Omni tokens are innovative merchant tokens, central to the Token Vault concept, and are used in both eCommerce and in-store transactions.
• Server-to-Server Integration: Ensures robust and secure token management with server-to-server integration.
• New Payment Types: Every omni token creation now uses paymentType=TK in the system. When performing a payment using the omni token as a merchant token, the omni token is detokenized from the Token Vault to retrieve the Full Primary Account Number (FPAN), and a new paymentType=DT is created. Fraud screening will continue with the FPAN.
• Enhanced Visibility: Omni tokens now have enhanced visibility in the system for both customers and internally (Support teams), covering billing requirements.
• UI Configuration: Enablement for the new version is done via UI configuration. Onboarding with the Token Vault is required before turning on the usage of new omni tokens.

This update provides a more secure and efficient way to manage omni tokens, ensuring seamless integration and enhanced fraud protection.

Following our commitment to enhance our reverse integration ConnectIn, we now allow control over both timeouts - connector timeout and cardholder timeout for the transaction. The fields Consumer Initiated Timeout (maximum value 1440 Minutes) and Acquirer Request Timeout (maximum value 44640 Minutes) in the Merchant Account Configuration allow defining the respective values.

We are thrilled to announce our integration with Vipps MobilePay - one of Europe's largest and most inclusive mobile wallets. This new API integration is designed to enhance your payment experience, providing seamless and secure transactions across the Nordic region (Denmark, Finnland, Norway). Dive in to discover how this enhancement can streamline your operations and elevate your business! For more information, please refer to the Payment Methods page.

Mastercard has introduced a fixed value for each processing acquirer and requires now each Gateway Service Provider to send the Merchant Payment Gateway (MPG) ID value for every transaction. We have updated our integration with First Data Compass, specifically covering South Africa, to include the MPG ID field when handling traffic from our Payment Platform. This update ensures that our processing remains compliant and up-to-date, providing seamless and secure transactions for our customers.

We have introduced a new function that activates before the OneClick card form is submitted: onBeforeSubmitOneClickCardPromise(). This function returns a Promise object, guiding the next steps based on the outcome of an asynchronous operation.

Mastercard has introduced a fixed value for each processing acquirer and requires now each Gateway Service Provider to send the Merchant Payment Gateway (MPG) ID value for every transaction. We have updated our integration with Nedbank, specifically covering South Africa, to include the MPG ID field when handling traffic from our Payment Platform. This update ensures that our processing remains compliant and up-to-date, providing seamless and secure transactions for our customers.

In our effort to facilitate a smooth integration for every customer, we have updated our integration with Worldpay. Now, you can send Payment Facilitator transactions. Customers running Payment Facilitator transactions with Worldpay can either configure the specific sub-merchant details in the Merchant Account, or send them in the dedicated API parameters.

As part of our ongoing commitment to ensure the highest standards of security and compliance, we keep our solution and our offering to you compliant with the Payment Card Industry Data Security Standard (PCI DSS) v4.0. Effective March 31, 2024, this latest version brings changes designed to enhance security, flexibility, and risk management. We have aligned technically, and created a new guide, for the following areas:

• Management of Payment Page Scripts for COPYandPAY;
• Detection and Response to Unauthorized Changes;
• Enhanced Administrator Compliance;
• Upcoming Hashing Requirements.

For more detailed information on how to reach compliance with these requirements using our products, please refer to our PCI DSS Guide.

The format of the Klarna Payments API credentials has been updated globally. Now, passwords can be up to 180 characters long, ensuring enhanced security. To keep up with this change, we updated the Klarna Payments integration, supporting the new password length when configured in your Merchant Account. This update is part of our commitment to providing you with the most secure and efficient payment solutions.

Embrace the future of payments with iOS 18 and COPYandPAY! With the release of iOS 18, you can use Apple Pay to pay online using third-party browsers on Mac, PC and other devices by scanning a code with your iPhone or iPad.
What’s New: Customers can now easily initiate Apple Pay from any computer and securely complete payment on their iPhone by scanning a code. When using a third-party browser on Mac or other computers, look for Apple Pay when you check out, then complete your purchase by scanning a code with your iPhone or iPad.
COPYandPAY Integration: In response to this significant update from Apple, we have optimized COPYandPAY to fully support these new capabilities. For a smooth integration, please follow the guidelines provided on our portal.

We are thrilled to announce our new Transaction Search service on the Business Intelligence Platform (BIP). This upgrade is set to revolutionize the experience with transaction searches. Here is what is new and improved:

• Fast Search Performance: our upgraded service slashes search times, ensuring most searches complete in a few seconds.e response in under 10 seconds.
• Extended Search Period: you can now search transactions from the past 36 months, perfect for validating older sales data and customer information.
• Lightning-Fast ID-Based Searches: these searches now cover the past 36 months and are nearly instantaneous, offering greater flexibility and speed.
• Improved User Experience: our service now provides a quick, intermediate view of the first 1,000 transactions within 10 seconds while processing the full search in the background.
• Resolved Time Range Limitation: the new service standardizes the search period to a maximum of six months across all entities, ensuring immediate results for up to 1,000 transactions. To avoid timeouts and improve efficiency, applying filters and minimizing the search period is recommended.
• Higher Transaction Export Limit: the default limit has now increased to 10,000 transactions, with the option to configure up to 100,000 transactions if needed. The export process is faster since the CSV or Excel file is now zipped.

We continuously strive to enhance the shopping experience for your customers while keeping the integration process easy for merchants. Now, our platform also supports subscriptions through Apple Pay! This update includes the extended Apple Pay COPYandPAY widget and the iOS mobile SDK, ensuring seamless integration for merchants. With this feature, merchants can efficiently utilize Apple-generated tokens for managing subscriptions initiated via Apple Pay.

We are thrilled to announce our new integration with PayPay Japan! Japan is a key market for us, and this integration significantly expands our coverage, as PayPay is one of the most popular wallets in the region. For more information, please refer to the Payment Methods page.

Our integration with Nets - one of the leading suppliers of payment card solutions in Northern Europe - now supports the Credential on File industry practice for reauthorization for the Dankort Card.

Our integration with Trust Payments now allows you to authorize payments using network token transaction data for Visa and MasterCard networks.

We are rebranding Wallet Hub to Wallets due to legal requirements. Please start using the new name immediately and avoid the old one.

We are looking at a tremendous growth of subscription business as we have updated our integration with Rede to support now Card on File transactions. Rede, known as Redecard, is a Brazilian multi-brand acquirer for credit, debit and benefit cards. Its activities include, to list a few, merchant acquiring, capturing, transmission, processing and settlement of credit and debit card transactions, prepayment of receivables to merchants and the capture and transmission of transactions using benefit-voucher, private-label cards and loyalty programs such as Multiplus. The company is the largest in its sector in Brazil. For further details, check our Payment Methods page or get in touch with your account manager.

Our integration with Processing.com, the unparalleled expert in provisioning via an extensive acquiring bank network, has received a small update that offers greater flexibility. Until now, passing the customer's first name and last name was only allowed in card.holder parameter (separated by space). We now offer the possibility to send the customer name using the parameters specifically provided for this information: customer.givenName and customer.surname.

We have enhanced our integration with Givex for Wendy's Gift Cards from The Wendy's Company. As an American holding company for the major fast-food chain Wendy’s, The Wendy’s Company encounters same-day cancellations of restaurant orders as a typical scenario. Now, you have the flexibility to tailor your business process by canceling a debit transaction - beyond just issuing a refund, you can also naturally reverse the transaction.

Trustly Azura, the intelligent data engine powering Trustly’s modern digital payments products, has been seamlessly added to our integration with Trustly. By enabling the option Use Azura flow in the Merchant Account Configuration, Trustly Azura becomes an integral part of the payment flow. This integration aims to enhance the user experience.

We have added the Merchant Advice Codes, provided by credit card issuers and payment service providers (PSPs), to our Host-to-Host integration with Raiffeisen Bank International (RBI). These codes guide the merchants in dealing declined payment transactions, including whether and when to resubmit a declined transaction.

We are thrilled to announce that our brand-new integration with the Worldpay Payment Gateway (WPG) is now available for all our customers! This addition complements our existing Worldpay Acquiring integration and offers extensive country coverage. It supports both card payments and alternative payment methods (APMs). Moreover, right from the start, it includes support for industry standards and features like Network Tokens, Mobile Wallets, and EMVCo 3DS. For further details, feel free to explore our new Payment Methods page or get in touch with your account manager.

To stay aligned with the latest trends, we have updated our integrations with CitiBank, Chase Stratus, Trustpay, and Worldpay to authorize payments using network token transaction data. This enhancement improves payment authorization rates, provides built-in account updater functionality, and minimizes fraud risks.

We launched an additional added-value service as part of the Fraud Management solution that allows country detection based on IPV4/IPV6 addresses. This enables proper BIN dispatching for payments, as well as the export of detected country values for transaction data.

Our REST integration with PayPal was updated to be aligned on the transaction actual status for ORDER_NOT_APPROVED transaction types at PayPal. This was achieved by changing the mapping of this transaction type from 800.100.152 to 000.200.000. Additionally, we added support for onCancelRedirect wpwlOption event option.

We optimized the timeouts for our Ideal 2.0 integration to reduce the creation of open-status Receipts (RCs). This adjustment aims to minimize potential fulfillment issues on the merchant side.

Our REST integration with PayPal now declines transactions with format error response (800.100.156) if the cart.items[0].description parameter exceeds 127 characters. To prevent declines due to lengthy descriptions, we have updated the integration to trim the value of cart.items[0].description to a maximum of 127 characters.

Our SIBS Card integration now supports Apple Pay and Google Pay, offering faster and more convenient checkout options for customers. For details, please refer to the Payment Methods page.

Mastercard has introduced a fixed value for each processing acquirer and requires now each Gateway Service Provider to send the Merchant Payment Gateway (MPG) ID value for every transaction. We have updated our integrations with Bank Frick, FD Merchant Solutions Australia (BWAMS), Citibank Australia, ECP (eMerchantPay), EMS ISO, First Data Merchant Solutions (UK), HSBC Global Payments, Lloyds, Paystrax, Trust Payments (Malta) Limited, and TrustPay to include the MPG ID field when handling traffic from our Payment Platform.

The industry is awaiting a big change by processing via scheme tokens. It makes purchases more secure, faster, and cheaper for merchants. We are at the forefront and upgraded our flagship reverse integration ConnectIn to allow processing via scheme tokens.

As part of our commitment to providing top-notch security in our integrations, we have introduced 3D Secure version 2.2 for the Bancontact (formerly known as Bancontact/Mister Cash) brand on our Message Passing Interface (MPI). Customers using this Belgian network scheme now benefit from the enhanced security of 3D Secure version 2 authentication, ensuring compliance with the PSD2 regulation. Please note that 3D Secure version 1 will be deprecated by mid-July 2024 and should no longer be used in your configuration.

To fully leverage tokenization and enhance the shopping experience, we have extended the One Click Checkout widget in COPYandPAY. This extension now includes an option to hide the ‘Show other payment methods’ button.

We have extended the BIP setting for "Enable Default Credential On File 2.0 Standing Instruction for COPYandPAY" to also support shopper-determined tokenization. Previously, this setting only worked with merchant-determined tokenization.

Looking at a tremendously growing subscription business. Our acquirer integration to Chase Paymentech Orbital is now ready to Card on File transactions for Diners and Discover, next to other standard schemes like Visa and MasterCard.

Raiffeisen Bank International (RBI), with its extensive market coverage in Central and Eastern Europe, is now integrated into our services. We are offering an integration with their latest API, which includes standard features such as scheme tokenization and Card on File. For more information, please refer to the Payment Methods page.

We have enhanced our Mastercard Payment Gateway Services (MPGS) integration to support the Malagasy ariary currency (MGA). For MGA transactions, it’s important to send the amount without minor units (or with a minor unit value of .00).

We have updated our integration with First Data Compass to comply with MasterCard mandate AN 5542. This update ensures accurate flagging of Card on File recurring scenarios. For merchants with Recurring Subscription use cases - where subsequent charges occur at the same time interval and with the same amount - it is essential to implement the additional API parameter standingInstruction.recurringType with the value SUBSCRIPTION. Without this update, Recurring use cases would be flagged to MasterCard by default as STANDING_ORDER, which is intended for recurring payments within the same time interval but with different amounts.

We have enabled Incremental Authorization for our integration with Nedbank via Postilion, specifically covering South Africa and payments in South African Rand (ZAR). This Incremental Authorization functionality is valid for Pre-Authorization, Incremental Authorization, Pre-Authorization partial reversal, and Pre-Authorization completion.

We have updated our integration with APACS Global Payments to the latest technical specifications for Card on File Indicators, 3D Secure version mapping, and Gateway identifier sent to the acquirer.

The setting previously known as “Enable Default Credential on File v2.0 Standing Instruction for COPYandPAY” has been renamed to “Auto-populate standingInstruction parameters in OPP request for CIT payments (COPYandPAY or mSDK integrations)” within BIP. The underlying technical functionality remains unchanged.

We are excited to announce our new integration with PayPlan by Royal Bank of Canada (RBC)! This integration covers Canada and enables payments in Canadian Dollar. With PayPlan, you can make larger purchases and pay for them over time, aligning with your monthly budget. For more information, please visit the Payment Methods page.