Wise

Overview

Wise (formerly TransferWise) is a regulated international money transfer and multi-currency account platform, authorized as an Electronic Money Institution by the UK Financial Conduct Authority (FCA) and regulated across multiple jurisdictions including the EU (under PSD2 via FCA passporting arrangements), the US (state-by-state money transmitter licenses), and others. On partner websites, financial aggregators, and marketplace platforms, Wise embeds payment widgets that enable users to initiate cross-border transfers, calculate exchange rates, and complete send-money flows without leaving the host site.

What This Script Does

Wise embeds load JavaScript from wise.com and associated CDN domains (cdn.transferwise.com, assets.wise.com) to render interactive payment widgets. The primary embed types are the currency converter calculator widget, the send-money flow widget, and the Wise account sign-up widget.

Cookies Set by Wise Embeds:

• twp_session — encrypted session cookie, session-scoped, set under wise.com; maintains the user's transaction state (selected currencies, amounts, recipient details) during the payment flow
• wise_device_id — persistent device identifier, typically 365 days; used for fraud detection and device fingerprinting to flag anomalous payment activity; set under wise.com first-party context
• WAUTHID — Wise authentication token cookie, persists for the authenticated session; detects whether the user is currently signed in to a Wise account and enables single-click transfer initiation for authenticated users
• csrf_token — CSRF protection token, session-scoped; included in all POST requests to Wise's API
• wise_marketing — marketing attribution cookie, 30 days; set only if the user arrived via a tracked affiliate link; captures referrer and affiliate parameters

Network Requests:

• REST API calls to wise.com/api/v1/rates for real-time exchange rate and fee data
• Transfer initiation requests to wise.com/api/v1/transfers (POST) after user completes the send-money flow
• Fraud detection signals sent to Wise's backend including device fingerprint data

Data Collected:

• Payment intent data: source and target currencies, transfer amount, recipient country
• Authenticated user identity (if signed in): Wise account ID, verified name, linked bank account metadata
• Device fingerprint signals for fraud prevention: user-agent, screen resolution, timezone, installed fonts, WebGL renderer (used server-side; not stored in cookies)

Wise operates as a regulated financial institution under the supervision of the UK FCA (reference 900507), FinCEN (US), and multiple EU national competent authorities. Data processing is governed by financial services regulations in addition to GDPR. Wise is GDPR-compliant with a full DPA available. Wise Inc. (US entity) participates in the EU-US Data Privacy Framework.

Consent & Compliance

Wise widgets are categorized as functional technology. Under GDPR and the ePrivacy Directive, cookies that maintain session state during a user-initiated financial transaction are strictly necessary for the requested service and are exempt from consent requirements under Recital 25 of the ePrivacy Directive. The fraud detection device identifier serves a security and anti-fraud purpose, which is also recognized as strictly necessary for financial service providers under regulatory guidance. The marketing attribution cookie (wise_marketing) is an exception — this requires consent if present. Under CCPA/CPRA, transaction data collected through the widget is processed for the purpose of providing a requested financial service and does not constitute a sale or sharing of personal information.

Should You Block This Without Consent?

No. Wise widgets are functional payment tools serving user-initiated financial transactions. Their core cookies maintain transaction state, authentication, and fraud detection — all strictly necessary for the requested financial service. Blocking would prevent users from completing money transfers.