Implement OB Security Profile Implementer's Draft v1.1.2
September 2019
Implement FAPI Profile Implementers Draft 2
September 2019
Implement CIBA Profile Implementers Draft 1
N/A
Implement Dynamic Client Registration v1.1
Implement Dynamic Client Registration v3.1
Decommission Read/Write API Specification v1.x/2.x
Decommission OB Security Profile Implementer's Draft v1.x
...
Panel
borderStyle
dashed
title
Customer Journey
Page Properties
id
TC-CJ
Implementing Customer Experience Guidelines?
Yes
Implementing Bespoke User Journeys?
Yes (see notes)
Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019.
Implementing App to App?
N/A
App to App Implementation Date?
N/A
Options on 90 day re-authentication?
90 Days
A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed.
Support Embedded Flow?
No
...
Panel
titleColor
Black
borderStyle
dashed
title
PSD2
Page Properties
id
TC-PSD2
Dispute Management System?
Yes
System implementation in line with OBIE implementation dates.
FCA Adjustment Period - Maintaining Screen Scraping?
For Production URL, we are presently starting our Managed Roll-out phase. Please contact us for further information.
Test Facility Implementation Date?
Production Interface Implementation Date?
05 Aug
- Currently Live Proving (Whitelisting in Place)
Contingency Measures
Subject to FCA exemption decision
Article 10 - Maximum time period after authentication?
N/A
No SCA applied on AISP
Article 10 - Endpoints exempt of SCA
N/A
For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.
Please note: We do not display statements
Authentication Method - Open Banking Channel (Browser)?
Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Open Banking Channel (APP)?
Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Private Channel (APP)?
N/A
N/A, as the mobile app is currently not in scope.
Authentication Method Implementation Date (Open Banking Channel)?
14 Sept 2019
Authentication Method Implementation Date (Private Channel)?
14 Sept 2019
SCA Implementation Date?
SCA Scope? (will it inhibit non PSD2 accounts)
No (see notes)
No. All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed.