Changelog
Back to All
improved

Release 31/10/2024

about 2 months ago by Alice Barrow

Version: v2024.10.31.1

Date: 31st October 2024

What's included?

  • Enable 'Category' BIN blocks for Wallets on Components
  • Payment Links improve validation of Reference field
  • Password Policy Updates for PCI Compliance
  • User Account Deactivation Enhancements for PCI Compliance
  • Mastercard network tokens payload encryption/decryption enhancements
  • Improved Validation on the country_code fields
  • Bug fixes:
    • Incorrect Order Summary Display in Checkout with PBB Payment Link
    • GET transactions - card object
    • Hosted Checkout is_recurring parameter
    • Changed messaging on IP Allowlist
    • Network Tokens MOTO update
    • Creating a mandate server_error response

Enable 'Category' BIN blocks for Wallets on Components

In this release, we have extended the ‘Category’ BIN blocks previously added to Components, so they now also apply to digital wallets such as Apple Pay and Google Pay. This functionality uses similar parameters to those of credit card blocks on the Checkout page. Acquired now supports BIN checks and blocks for BIN categories: Credit, Debit, Charge, Prepaid, and Deferred Debit. However, Apple Pay and Google Pay support only specific categories; Apple Pay supports Credit and Debit, while Google Pay supports Prepaid and Credit. This enhancement ensures that the relevant BIN categories are effectively enforced for transactions made using these digital wallets.

Payment Links improve validation of Reference field

In this release, we addressed an issue with the payment link creation process in the Hub. Previously, the validation on the Reference field did not consider the payment methods selected. Specifically, when "Pay by Bank" was not selected, the Reference field was still incorrectly marked as required. To resolve this, we applied the same logic used in the API, ensuring that the Reference field is not required if "Pay by Bank" is not selected. As a result, users can now create payment links without encountering the error message stating, "Payment reference required for Pay by Bank." This improvement streamlines the payment link creation process and enhances user experience.

Password Policy Updates for PCI Compliance

To enhance security and meet PCI compliance standards, we are updating our password policy. The minimum password length will be increased from 8 to 12 characters and will now require at least one special character (e.g., !, @, #, $, etc.), in addition to the existing requirements of at least one uppercase letter, one lowercase letter, and one number. This change will affect user registration, password resets, and updates across both the front-end and back-end systems.

User Account Deactivation Enhancements for PCI Compliance

To enhance security and comply with PCI v4 requirements, we have implemented logic to automatically mark users as inactive after 90 consecutive days of inactivity. As part of this process, users will receive an email notification after 80 days of inactivity, informing them that if they do not log in within the next 10 days, their account will be deactivated. Once a user is marked as inactive, they will no longer have access to the system, and an email will be sent to confirm the account's inactivation. To reactivate their account, users will need to contact customer support via the service desk.

Improved Validation on the country_code fields

We have improved the validation for the customer.billing.address.country_code and customer.shipping.address.country_code fields across multiple endpoints in the REST API. Previously, the system accepted invalid values that were not part of the ISO country code list, such as "UK" instead of the correct "GB." With this update, the API now only accepts valid ISO country codes, ensuring greater accuracy in billing and shipping address data. If an invalid code is provided, the system will return an appropriate error message, enhancing compliance with ISO standards and improving overall data integrity.

Bug fixes

  1. Incorrect Order Summary Display in Checkout with PBB Payment Link

We identified a bug affecting the order summary section when using the "Pay by Bank" (PBB) option in the Checkout process. When accessing a payment link that includes PBB and selecting a bank, the order summary was not displaying correctly. This has now been resolved.

  1. GET /transactions - card object

We have resolved a bug where we were sometimes returning the last 4 digits of the Network Token instead of the PAN.

  1. Hosted Checkout is_recurring parameter

We have resolved an issue where when the is_recurring parameter is set to true, the system was displaying the card form instead of the payment methods defined in the payment_methods array.

  1. Changed messaging on IP Allowlist:

We have updated the messaging on the IP allowlist page to remove the mentions of Card API and Banking Services as this was not up to date.

  1. Network Tokens MOTO update

In this release, we have made necessary updates to our handling of network tokens for MOTO transactions. We corrected the logic to ensure that network tokens are now created following a successful MOTO INIT transaction. Additionally, we maintained the existing rule that prevents network tokens from being processed for REBILL/REUSE transactions that are MOTO, while allowing network tokens to be processed for REBILL/REUSE transactions that are not MOTO, irrespective of how the INIT was processed.

  1. Creating a mandate server_error response

We have resolved a high priority issue whereby merchants were unable to create mandates.