Changelog

Additions and improvements to Moov

Custom ACH statement descriptors

You can now set a customized ACH statement descriptor when creating a transfer. We’ve introduced two new optional fields you can use to adjust the default Nacha file entry:

  • achDetails.companyEntryDescription
  • achDetails.originatingCompanyName

This provides you the opportunity to add more context about what the payment was for, allowing recipients to more easily recognize the transaction.

Verification

We made some bug fixes for our verification flow and streamlined the process to account for a few edge cases. We also improved our manual review process by removing errors from client dashboards after a manual review is required.

Capabilities

We now automatically enable the wallet capability if you have the card-issuing capability. Note that our card issuing functionality is currently in a closed beta.

Failure reason codes

We shipped failure reason codes that explain why a card transfer was unsuccessful. You can now see a human-readable code for why the transfer failed in the Moov Dashboard. We’ve also implemented machine-readable failurecode, which you can view when you get a transfer in the API.

Disputes

We’ve shipped and documented dispute handling for card transfers. You can view dispute information on the transfer objectin the API and in the Dashboard via transfer status. Support for Mastercard is in progress.

Dashboard

  • You can now quickly find an account by pasting an account ID into the search field on the accounts list.
  • Have a transfer ID that you need to debug? Paste it into the new search bar on the transfers list.
  • You can now filter the transfer list by refunded state.
  • The Dashboard overview now includes your Moov wallet balance.

Cards

  • If you’re PCI level 1 and have been using the API to link cards directly, you can now use the base path of api.moov.io instead of cards.moov.io. The latter is now deprecated and will be removed in the future. This keeps consistency with all other Moov endpoints.

Improvements

  • We made it easier to identify and fix requirements that need attention.
  • We hardened our capabilities service by reprocessing failures if the account mode was missing.
  • We enhanced our verification service by streamlining manual reviews
  • We added an additional security and fraud prevention measure by running all card acquiring merchants through the Mastercard MATCH database.

Bug fixes

  • We addressed a few issues around account creation and updating:
    • We only require a phone number OR email address but not both.
    • Fixed our process for updating an SSN or ITIN.
  • We addressed an issue with our support contact section that required all of the fields or none of them.

Moov Drops

If you need to limit which card brands you accept, you can now toggle which brands you support using the allowCardBrands option in the Card link, payment methods, and onboarding Moov Drops.

Cards

  • To improve fraud detection and prevention, we integrated with Mastercard’s MATCH service.
  • transactionSource for transfers using a card is now supported on all card brands.

Improvements

  • Improvements and bug fixes relating to missing account requirements and locking down fields after verification.
  • For clarity, we renamed the “Profile” navigation link within an Account to “Settings”.
  • We now show all fields under your account’s Business details section.
  • Improved our tracking of when a customer has moved to production to prevent multiple employees from having to fill out the same form.

Bug fixes

  • We resolved an error where previous transfers in a transfer group wouldn’t show if they had been refunded.
  • We fixed an issue where some users weren’t able to advance past the initial loading screen.
  • We fixed an issue where the markup fee set on a transfer could be incorrectly calculated.

Onboarding

We rebuilt our entire sign-up and onboarding process to remove as much friction as possible before folks start building. Specifically, we: - Rebuilt our test environment and removed all of the hoops customers previously had to jump through before building. This includes filling out a test business profile, adding test business representatives, and even creating connected accounts and payment methods. All you have to do after signing up is generate test mode API keys and start building. More to come! - Streamlined how we collect required information about your business to get you to production. This historically cumbersome process of inputting data is now seamless. Ensuring that we have all of the necessary information to verify your business up front can shave days off the onboarding timeline.

Dashboard

We improved how we communicate with our clients through their Moov Dashboard by clarifying action items and statuses for your accounts. This includes showing when an account has been verified and therefore can no longer be updated, as well as communicating any verification issues with your accounts and what needs to be corrected to proceed.

API authentication

You can now use basic authentication to authenticate with the Moov API! It’s important that you only use this for server-to-server communication and not in a browser.

Once you’ve created an API key, within your server-side app set the Authorization header to Basic <credentials> where credentials is the Base64 encoding of public key and private key joined by a single colon :. When using this authentication method you don’t need to set scopes, but keep in mind that your API key will have read and write access to every Moov endpoint within your account.

OAuth 2.0 based authentication with scopes remains the most secure way to communicate with the Moov API from a browser and can still be used to create restricted access tokens for server-to-server communication.

Account capabilities

You no longer need to request the transfers capability after creating an account because it will automatically be requested and enabled as soon as the account is created. This change simplifies the process of creating accounts that will be charged or sent a payout that don’t require verification.