Versions Compared

Version Old Version 20 New Version 21
Changes made by

Alessandro Greco

Adam Pretlove (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
borderStyledashed
titleOB Standards


Page Properties
idStandards-Production


For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.
Implement Open Data v2.2September 2019
Implement Read/Write API Specification v3.1September 2019
Implement Customer Experience Guidelines v1.1

September 2019


Implement App-to-App RedirectionN/AN/A, as the mobile app is currently not in scope.
Implement OB Security Profile Implementer's Draft v1.1.2September 2019
Implement FAPI Profile Implementers Draft 2September 2019
Implement CIBA Profile Implementers Draft 1N/A
Implement Dynamic Client Registration v1.1 
Implement Dynamic Client Registration v3.1 
Decommission Read/Write API Specification v1.x/2.x
Decommission OB Security Profile Implementer's Draft v1.xArticle 10 SCA Exemption (for 90 days)

Please note: We do not display statements





Panel
borderStyledashed
titleMethod of Identification


Page Properties
idID-Production


Will be implemented in line with PSD2 deadline.​

Commence support for eIDAS QWAC certificates14 Sept 2019
Commence support for eIDAS QSEAL certificatesN/A

Commence support for OBIE QWAC-like certificates

14 Sept 2019
Commence support for OBIE QSEAL-like certificates14 Sept 2019
Cease support for OBIE non eIDAS-like certificates for transportN/APresently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Cease support for OBIE non eIDAS-like certificates for signingN/APresently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Support for MTLS token endpoint authentication 
Support for private_key_jwt token endpoint authentication 
Cease support for client id and client secret token endpoint authentication 



...

Panel
borderStyledashed
titleImplementation


Page Properties
idTC-IMP


Yes

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory

The Well Known Endpoint for our Sandbox is https://sandbox.caterallen.co.uk/.well-known/openid-configuration  it is also indicated in the support section together with other relevant info: https://sandbox.caterallen.co.uk/store/site/pages/faq.jag 


For Production Well Known Endpoint, we are presently starting our Managed Roll-out phase. Please contact us for further information.

API Standard Implemented?

Open Banking v3.1

Name of Account Holder Implementation Date?

TBC (see notes)This optional field has not been implemented yet but is planned for some time in the future.
Supported identification method?MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory

Major Milestones

Version 3.1 was implemented in June 2019 and no other version are planned before we go live in September 2019.(Inc Other Products, API Updates, API Deprecations, etc)
FAPI CompliantSecurity Profile?

Security Profile Certification?

CIBA

No
Using Open Banking as your eIDAS Trust Framework?Yes
Are you caching the Directory?No
Transaction IDsWe are supporting: ASPSPs provide a Unique, Immutable TransactionID from their core system



...

Panel
titleColorBlack
borderStyledashed
titlePSD2


Page Properties
idTC-PSD2


Dispute Management System?

YesSystem implementation in line with OBIE implementation dates.
FCA Adjustment Period - Maintaining Screen Scraping?

Seeking Fallback Exemption?

Yes

Adjusted or Fallback Interface?

N/A
Adjusted or Fallback URL?N/A
Contact Email or Phone Number?

07727855715 / alessandro.greco@santander.co.uk 


Dev Portal URL?https://sandbox.caterallen.co.uk/store/For Production URL, we are presently starting our Managed Roll-out phase. Please contact us for further information.

Test Facility Implementation Date?

 
Production Interface Implementation Date? 
Contingency Measures

Article 10 - Maximum time period after authentication?

Article 10 - Endpoints exempt of SCA

For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.

Please note: We do not display statements

Authentication Method - Open Banking Channel (Browser)?

Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.

Authentication Method - Open Banking Channel (APP)?

N/AN/A, as the mobile app is currently not in scope.

Authentication Method - Private Channel (Browser)?

Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.

Authentication Method - Private Channel (APP)?

N/AN/A, as the mobile app is currently not in scope.

Authentication Method Implementation Date (Open Banking Channel)?

14 Sept 2019

Authentication Method Implementation Date (Private Channel)?

14 Sept 2019

SCA Implementation Date?

 

SCA Scope? (will it inhibit non PSD2 accounts)

No (see notes)No.  All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed.



...