Release v5.6.0

Release Namev5.6.0
Release Date15 Oct 2020
Release StatusCOMPLETED
CommentThis article has been migrated from a previous Knowledge management tool

Firstly, welcome to the new form release note for the Frankie Financial service. Instead of sending out a PDF file, we decided to move the release information closer to our customer support and service portal. We've also made some changes for developers too, read on for more...

Release Summary

This release updates the following modules:

  • Service Core: v5.6.0
  • Portal: v5.6.0
  • Smart UI v2.5.0

New Developer Hub

We're extremely pleased to announce the general availability of our new developer hub at:

https://docs.frankieone.com

This new service combines the OpenAPI definition along with the developer guides that used to be found here in our Zendesk portal into a single point of contact for our customers. It also has a Q&A forum where you can ask questions and leave feedback too. We hope you'll find it useful. Check in regularly too as we're always adding new content.

If you have any suggestions on further content you would like to see please let us know. 

Functional Changes

Service Core Changes

Support for verification via bank accounts

You can now supply a link to an entity's third-party bank account and we can use that to verify name and address details. This is especially useful for our lending customers.

You enable this by adding a new document with the type: BANK_ACCOUNT

You'll also supply access keys (which we delete after use) for us to contact your banking service to query the account holder details.

NOTE: We do NOT, under any circumstances query account transaction information, only the personal details to verify they match the details supplied or existing on file. Once we have verified this data, we securely delete the access keys and never store them in our service.

This feature is via the Basiq service - contact your account manager if you want to enable this.

Portal Changes

We've not made any major changes to the portal in this release, apart from some bug fixes (we've been working on some major new changes though, watch this space in upcoming releases).

Smart UI Changes

Full Onfido IDV Capture Support

The Smart UI now fully supports capturing Australian drivers licences and all country passports for document validation and facial matching. See the Smart UI documentation here for details on how to set this up.

Pending Screen

In the cases where KYC/AML checks fail such that you cannot progress without the intervention of customer service, there is a new configuration that allows you to customise text, calls to action and other features. See the Smart UI configuration documentation for more details.

"Lazy" ID Check

If you don't actually require an ID check, you can prevent the Smart UI from asking for an ID unless we're unable to get a KYC match on non-government ID sources.  See the Smart UI configuration documentation for more details.

Optional Address

If your service doesn't require an address check, you can switch off the address input section.
See the Smart UI configuration documentation for more details.

API Changes

We've updated the API to v1.5.0

There are no backwards compatibility issues.

New Document Type

We added the new BANK_ACCOUNT document type to support checking your name and address against a 3rd party bank account (see above) 

New KVP Types

We've added a new KVP type called "transient.string". You can use this new type to send us data that will only be available for the life of the API call. After that, it is deleted and never saved to the database.

Improved Documentation

We've also updated the documentation embedded in the specification as part of the move to our new developer hub.

Bugs / Issues Addressed

Password History

Under some circumstances, user password history was not being properly checked, allowing for repeat passwords. This has now been fixed.

Password Reset Limit

In order to prevent password reset spamming, we've limited the number of reset emails per hour to 5 per user.

Remove the Date of Birth edit lock

When we originally built the portal we would lock "known-good" details in the portal from editing. This was mainly a protection measure to stop people trying to modify details to force an entity to pass with mismatched credentials. 

However the service has long since dealt with this by simply invalidating any past check results when an entity's attributes are changed. We've removed this lock from the portal to give back control to our customers to be able to handle the occasional cases where date of birth mismatches have occured.

Service Impacts

  • There are no known negative performance impacts to the system as a result of this release.
  • There are no known security impacts to the service through the introduction of these changes, only security improvements.