Integration Certification Checklist

Dated March 1, 2019.

WePay is excited to introduce Clear, a new set of APIs for platforms that want more control over the user experience. The Clear APIs complement our original Link APIs, which enable platforms to quickly add Chase Integrated Payments as an option for their customers.

WePay has enhanced its developer documentation to more clearly describe integration requirements for both Link and Clear. If you have questions, please email api@wepay.com or consult your WePay Solutions Engineer.

WePay will create a customized Integration Certification Checklist to guide your integration. Below is a summary of typical requirements. Be sure to refer to the most recent version of your Integration Certification Checklist and this page every time you modify your payments integration.

Requirements that apply to Link and Clear

  • WePay Terms of Service and Privacy Policy: You must obtain the electronic signature of each of your merchants on the WePay Terms of Service and Privacy Policy - either separately or linked in your own terms of service - and send WePay the required data elements. You must enable your merchants to view the WePay Terms of Service and Privacy Policy in the WePay Merchant Center, linked in your own terms of service, or elsewhere on your website.
  • Fees for payment processing: You must disclose to each user the fees that the user will pay before the user makes the decision to use the payment service. WePay supports variable (percentage) transaction fees, fixed transaction fees, payer fees, and chargeback fees. WePay also supports fees charged by a platform for use of the platform's own value-added services.
  • Risk API Integration: WePay will specify what information regarding your merchants, payers, and transactions your platform must provide to the WePay risk engine and risk team. WePay will use the information to expedite underwriting, increase authorization rate, better detect risk, and accelerate merchant settlements.
  • Webhook monitoring: Be sure to monitor webhooks to avoid disablement or deletion of merchant accounts and to ensure that settlements are timely.
  • PCI-DSS: You and WePay both must comply with the Payment Card Industry Data Security Standard (PCI-DSS) as it applies to the data that each of us collects and processes.
  • Canada and UK Merchants: If you support merchants in Canada or the UK, WePay will provide additional localization guidance.
  • Services provided by WePay: Regardless of your integration, WePay provides certain services as required by law, such as IRS and state reporting on Form 1099-K, escheatment of abandoned funds, responses to legal orders (such as liens and subpoenas directed to WePay), MATCH and OFAC reporting, and responses to General Data Protection Regulation and California Consumer Privacy Act requests. You and your users can contact WePay regarding these services at 1099@wepay.com, legal@wepay.com, or privacy@wepay.com, as appropriate. In addition, you and your users must report any actual or suspected security breach affecting the WePay Service to security@wepay.com.

Requirements that only apply to Link

  • Merchant email address: You must call /user/send_confirmation to issue the confirmation email to the user. This email contains the only secure link for the user to set their password, and change the state of a temporary access token to permanent.

Requirements that apply only to Clear

  • Merchant email address: You must provide WePay with the primary email associated with the user's account on your platform and set the legal_entities/controller/email_is_verified to true.
  • User Access Management: WePay will provide you with best practices for user authentication when providing financial services in an internet environment. WePay requires you to perform periodic network and application vulnerability scans and penetration testing covering your user authentication system.
  • Electronic communication: You are responsible for user communications regarding the WePay service. WePay will provide you with guidelines concerning required, recommended, and optional content. Be sure to send user communications when prompted by WePay and log this activity.
  • Merchant dashboard: You must enable your merchants to obtain transaction and balance reports, initiate refunds and partial refunds, update and correct identity and settlement information, upload identification documents securely, address chargebacks and reversals, and close the merchant's account upon the merchant's request.
  • Customer support: WePay's Customer Delight lead will certify your tooling and policies for providing support to end users.
  • Chargeback handling: WePay's Payments Operations lead will certify your process for handling chargebacks, ACH reversals, and disputes.