Versions Compared

Old Version 45

changes.mady.by.user Praveen Ponnumony

Saved on

compared with

New Version 46

changes.mady.by.user Praveen Ponnumony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Method of Identification
Panel
titleColorBlack
borderStyledashed
titleOB Standards
borderStyledashed
titledetails

This Section applies to ASPSPs that have impletemented OB Standards


Implement
Info
iconfalse
idStandards-Production
Implement Open Data v2.2N/A


Have you Implemented OB Standards?
  •  Yes
  •  No

Open Data - Which version have you Implemented?
  •  None
  •  V2.2
  •  V2.3
  •  V2.4

Read/Write API Specification

v3.1
 Conformance certificates being explored.
Implement Customer Experience Guidelines v1.1 Conformance certificates being explored.
Implement App-to-App RedirectionN/ABrowser based redirection only.
Implement OB Security Profile Implementer's Draft v1.1.2 Implement FAPI Profile Implementers Draft 2 Implement CIBA Profile Implementers Draft 1N/AImplement Dynamic Client Registration v1.1N/A
Implement Dynamic Client Registration v3.1 Conformance certificates being explored.
Decommission Read/Write API Specification v1.x/2.xN/ADecommission OB Security Profile Implementer's Draft v1.xN/A
Panel

Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  V3.0
  •  V3.1
  •  V3.1.1
  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Read/Write API - Which date are you planning to implement your latest version?

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  None
  •  V3.1
  •  V3.2
  •  V3.3

DCR - Which date are you planning to implement your latest version?

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

PISP - Single Payment Limit£
PISP - Daily Payment Limit£
How many months of transaction do you provide?




Panel
titleColorBlack
borderStyledashed
titleSecurity Profile


Page Properties
idID-Production
Commence support for eIDAS QWAC certificatesCommence support for eIDAS QSEAL certificates

Commence support for OBIE QWAC-like certificates

Commence support for OBIE QSEAL-like certificates
Cease support for OBIE non eIDAS-like certificates for transportNo PlansWe will continue to accept the OB Certificate at the end of the adjustment period in March provided the TPP has identified itself to OBIE using an eIDAS certificate
Cease support for OBIE non eIDAS-like certificates for signingNo PlansWe will continue to accept the OB Certificate at the end of the adjustment period in March provided the TPP has identified itself to OBIE using an eIDAS certificate
Support for MTLS token endpoint authenticationN/AOnly supporting private_key_jwt
Support for private_key_jwt token endpoint authentication 


Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  OB Security Profile (Legacy)
  •  FAPI
  •  Other (Please define) 

Security Profile - Next Planned Version Implementation Date 
CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  None
  •  CIBA
  •  CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Date

Security Profile Certification date?
 

Token Endpoint Authentication Methods Supported
  •  
    client_secret_post
  •  
    client_secret_basic
  •  
    client_secret_jwt
  •  
    tls_client_auth
  •  Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authentication

N/A

Only supporting private_key_jwt





titleColor
Panel
White
titleBGColor#6180c3
borderStyledashed
titlePost Brexit Certificate Implementation


PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
Page Properties
idStandards-Production


  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
The capability to accept eIDAS certificates is under review and may come into scope at a later date.
Planned Implementation Date to Satisfy FCA's Post Transition

TBC

Scoping and planning in progress
TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)

TBC

Scoping and planning in progress
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

statusPlannedcolour





YellowPLANNED
Panel
titleColor
title
Black
Panel
borderStyledashed
titleImplementationCustomer Journey


Page Properties
idTC-IMP

Directory?

Open Banking

Location of Well Known Endpoints?

https://matls.rs.aspsp.api-hls.hl.co.uk/auth/oauth2/tpp/.well-known/openid-configuration

API Standard Implemented?

Open Banking v3.1No plans for future versions at this stage

Name of Account Holder Implementation Date?

TBCDate of Current eIDAS Implementation? Current Certificates used for Identification?

OB Transport + ClientID (Private Key JWT)

Current Certificates used for Transport?OB TransportCurrent Certificates used for Signing?OB SigningDate of Future eIDAS Implementation?Q2 2020Future Certificates used for Identification?QWAC + ClientID (Private Key JWT)Future Certificates used for Transport?

QWAC

Future Certificates used for Signing?QSEAL

Major Milestones

N/A

(Inc Other Products, API Updates, API Deprecations, etc)Brand(s)Security Profile?FAPISecurity Profile Certification?NoNew OpenID Foundation cert being explored.

CIBA

N/AUsing Open Banking as your eIDAS Trust Framework?YesAre you caching the Directory?NoTransaction IDsOption 1Unique identifier for the transaction used within HL assigned to every transaction
Panel
borderStyledashed
titleCustomer Journey
Page Properties
idTC-CJ

Implementing Customer Experience Guidelines?

YesCurrent CEG Version?Next CEG Version?Next Version Implementation Date

Implementing Bespoke User Journeys?

No

Implementing App to App?

NoApp to App Implementation Date?N/A
CJ


What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?

(tick all that apply)

  •  Already Implemented
  •  Planning to implement or upgrade
  •  Not planning to implement CEG

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Which date are you planning to implement your latest CEG version?

Redirection Model
  •  App to App redirection
  •  Decoupled authentication
  •  Embedded Flow
  •  Bespoke User Journeys

Options on 90 day re-authentication?

Re-authentication triggered as per the Customer experience guidelines

Support Embedded Flow?

No




SCA only offered for PSD2 Account and HLSL clients who are linked to SCA accounts.
Panel
titleColorBlack
borderStyledashed
titlePSD2


Page Properties
idTC-PSD2


Dispute Management System?

Being adopted
FCA Adjustment Period - Maintaining Screen Scraping?YesDuring FCA adjustment period

Seeking Fallback Exemption?

YesConfirmed

Adjusted or Fallback Interface?

NoAdjusted or Fallback URL?n/aContact Email or Phone Number?openbanking@hl.co.ukDev Portal URL?https://www.hl.co.uk/about-us/developer-tools

Test Facility Implementation Date?

  Production Interface Implementation Date?  Contingency MeasuresFollowing the FCA Adjustment Period announcement, SCA has not yet been applied on the bank’s primary online channel / customer interface, and access remains available via screen-scraping. As access is still available through the customer interface, no contingency mechanism is required.
Which Directory are you using as your Trust Framework?Open Banking
Are you caching the Directory?No
Transaction IDs SupportedOption 1Unique identifier for the transaction used within HL assigned to every transaction

Are you enrolled to Dispute Management System?

  •  Yes
  •  No
Being adopted

Are you Seeking Fallback Exemption?

  •  Yes
  •  No


Article 10 - Maximum time period after authentication
?
90 days
Article 10 - Endpoints exempt of SCA

Accounts, Balances, Transactions,  Products

Authentication Method - Open Banking Channel (Browser)?

When the PSU’s browser reaches the HL web page for authentication they undergo the same authentication process they would coming to HL page directly, namely two steps consisting of:

  • Identification of the client through validation of a client number and Date of Birth:
  • Authentication of the client through validation of a online password and secure number

When the RTS come in force in September this will be supplemented, in line with direct client log in, with the validation of a One Time Passcode (OTP) that would have been issued to a clients registered telephone number by SMS or Call Back.

Hybrid flow as described within the Security Implementer guide v1.1.2, with redirect via browser

Authentication Method - Open Banking Channel (APP)?

N/A

Authentication Method - Private Channel (Browser)?

When the PSU’s browser reaches the HL web page for authentication they undergo the same authentication process they would coming to HL page directly, namely two steps consisting of:

  • Identification of the client through validation of a client number and Date of Birth:
  • Authentication of the client through validation of a online password and secure number

When the RTS come in force in September this will be supplemented, in line with direct client log in, with the validation of a One Time Passcode (OTP) that would have been issued to a clients registered telephone number by SMS or Call Back.

Hybrid flow as described within the Security Implementer guide v1.1.2, with redirect via browser

Authentication Method - Private Channel (APP)?

TBC

Authentication Method Implementation Date (Open Banking Channel)?

Proposed

Authentication Method Implementation Date (Private Channel)?

Existing

SCA Implementation Date?

 Provisional date depending on developments during the FCA transition period. 

SCA Scope? (will it inhibit non PSD2 accounts)


Major Milestones

Brand(s)




Panel
titleColorBlack
borderStyledashed
titleASPSP Dev Portal and Contact Details


Page Properties
idTC-CJ


Location of Well Known Endpoints

https://matls.rs.aspsp.api-hls.hl.co.uk/auth/oauth2/tpp/.well-known/openid-configuration

Modified Customer Interface URL (if applicable)



Dev Portal URLhttps://www.hl.co.uk/about-us/developer-tools
Test Facility URL

ASPSP Support Desk Email or Phone Number

openbanking@hl.co.uk




Panel
titleColorBlack
borderStyledashed
titleKey Implementations


HL do not provide payment initiation services - hence waiver 7 does not apply.

Page Properties
idTC-HCC


High Cost Credit

Hargreaves - HCC.xlsx

View file
nameHargreaves - HCC.xlsx
height250

Page Properties
idTC-W7

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header