Implement OB Security Profile Implementer's Draft v1.1.2
September 2019
Implement FAPI Profile Implementers Draft 2
September 2019
Implement CIBA Profile Implementers Draft 1
N/A
N/A, subject to confirmation of requirements on eIDAS.
Implement Dynamic Client Registration v1.1
Implement Dynamic Client Registration v3.1
Decommission Read/Write API Specification v1.x/2.x
Decommission OB Security Profile Implementer's Draft v1.x
Article 10 SCA Exemption (for 90 days)
For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.
Please note: We do not display statements
...
Panel
borderStyle
dashed
title
Implementation
Page Properties
id
TC-IMP
Directory?
Open Banking
Location of Well Known Endpoints?
OB Technical Directory
API Standard Implemented?
Open Banking v3.1
Name of Account Holder Implementation Date?
TBC (see notes)
This optional field has not been implemented yet but is planned for some time in the future.
Supported identification method?
MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory
Major Milestones
Version 3.1 was implemented in June 2019 and no other version are planned before we go live in September 2019.
(Inc Other Products, API Updates, API Deprecations, etc)
FAPI Compliant?
Yes
CIBA
No
Using Open Banking as your eIDAS Trust Framework?
Yes
Are you caching the Directory?
No
Transaction IDs
We are supporting: ASPSPs provide a Unique, Immutable TransactionID from their core system
Panel
borderStyle
dashed
title
Customer Journey
Page Properties
id
TC-CJ
Implementing Customer Experience Guidelines?
Yes
Implementing Bespoke User Journeys?
Yes (see notes)
Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019.
Implementing App to App?
N/A
App to App Implementation Date?
Options on 90 day re-authentication?
90 Days
A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed.