Versions Compared

Version Old Version 11 New Version 12
Changes made by

Praveen Ponnumony

Praveen Ponnumony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


details
Panel
titleColorWhitetitleBGColor#6180c3Black
borderStyledashed
titlePost Brexit Certificate Implementation
OB Standards

This Section applies to ASPSPs that have impletemented OB Standards


  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
Info
iconfalse
idStandards-Production
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)


Have you Implemented OB Standards?
  •  Yes
  •  No
Berlin Group Standards XS2A 1.3
Open Data - Which version have you Implemented?
  •  None
  •  V2.2
  •  V2.3
  •  V2.4

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  V3.0
  •  V3.1
  •  V3.1.1
  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Read/Write API - Which date are you planning to implement your latest version?

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  None
  •  V3.1
  •  V3.2
  •  V3.3

DCR - Which date are you planning to implement your latest version?

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

PISP - Single Payment Limit£
PISP - Daily Payment Limit£
How many months of transaction do you provide?




Panel
titleColorBlack
borderStyledashed
titleSecurity Profile


Page Properties
idID-Production


Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  OB Security Profile (Legacy)
  •  FAPI
  •  Other (Please define) 

Security Profile - Next Planned Version Implementation Date 
CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  None
  •  CIBA
  •  CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Date
 

Security Profile Certification date?
  

Token Endpoint Authentication Methods Supported
  •  
    client_secret_post
  •  
    client_secret_basic
  •  
    client_secret_jwt
  •  
    tls_client_auth
  •  Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authentication 





Panel
borderStyledashed
titlePost Brexit Certificate Implementation


Page Properties
idStandards-Production


POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition



TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)



POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)






Panel
titleColorBlack
borderStyledashed
titleImplementationCustomer Journey


No
Page Properties
idTC-IMP
Page Properties
idTC-IMP

Directory?

PretaPreta connection exists but currently the services are not activated.

Location of Well Known Endpoints?

Dev Portal

API Standard Implemented?

Berlin Group Standards XS2A 1.3

Name of Account Holder Implementation Date?

Completed -  Date of Current eIDAS Implementation?The dedicated interface has been designed for TPPs to connect where they have obtained a QWAC from QTSPCurrent Certificates used for Identification?

QWAC

QWACCurrent Certificates used for Transport?QWACCurrent Certificates used for Signing?Date of Future eIDAS Implementation?No future update currently planned.Future Certificates used for Identification?Future Certificates used for Transport?Future Certificates used for Signing?

Major Milestones

API Live  for wide usageBrand(s)

Security Profile?

Security Profile Certification?No

CIBA

NoUsing Open Banking as your eIDAS Trust Framework?
CJ


What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?

(tick all that apply)

  •  Already Implemented
  •  Planning to implement or upgrade
  •  Not planning to implement CEG
Based on Berlin Group Standards

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Which date are you planning to implement your latest CEG version?TBC
Redirection Model
  •  App to App redirection
  •  Decoupled authentication
  •  Embedded Flow
  •  Bespoke User Journeys
No. However, the National Bank of Belgium has requested this feature for Puilaetco Belgium, another affiliate of KBL group. Therefore, the functionality will be implemented for all group affiliates once further guidance from NBB will be provided.

Options on 90 day re-authentication?

At log in after 90 days the customer will have to re-authenticate.




Panel
titleColorBlack
borderStyledashed
titlePSD2


No
Page Properties
idTC-PSD2
Page Properties
idTC-CJ


Implementing Customer Experience Guidelines?

No

Based on Berlin Group Standards
Current CEG Version?Next CEG Version?Next Version Implementation Date

Implementing Bespoke User Journeys?

No

Implementing App to App?

No (See Note)No. However, the National Bank of Belgium has requested this feature for Puilaetco Belgium, another affiliate of KBL group. Therefore, the functionality will be implemented for all group affiliates once further guidance from NBB will be provided.
App to App Implementation Date?N/A
Options on 90 day re-authentication?90 Day Re-authenticationYes - Consent has a validity date which is maximum 90 days. Once it has been validated via the redirection mechanism, the AISP can use it until it expires for accessing the account data without having to initiate a SCA from the client.

Support Embedded Flow?

Which Directory are you using as your Trust Framework?Preta
Are you caching the Directory?No
Transaction IDs Supported

AISP - Option 4

PISP - Option 1

For AISP, no transaction ID available to TPP. For PISP, a unique transaction ID is generated by the bank.

  1. ASPSPs provide a Unique, Immutable TransactionID from their core system
  2. ASPSPs generate a Unique TransactionID from a set of Immutable fields
  3. ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
  4. ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one
Panel
borderStyledashed
titleCustomer Journey

Are you enrolled to Dispute Management System?

  •  Yes
  •  No

Are you Seeking Fallback Exemption?

  •  Yes
  •  No


Article 10 - Maximum time period after authentication

Article 10 - Endpoints exempt of SCA



Major MilestonesAPI Live  for wide usage
Brand(s)




Panel
titleColorBlack
borderStyledashed
titlePSD2ASPSP Dev Portal and Contact Details


Contact Email or Phone Number?Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable.  This should be a
Page Properties
idTC-PSD2

Dispute Management System?

NoFCA Adjustment Period - Maintaining Screen Scraping?Yes

Seeking Fallback Exemption?

Yes

Adjusted or Fallback Interface?

NoA fallback interface plan is currently under investigation, should the exemption be rejected. Fallback interface would be the PSU interface
Adjusted or Fallback URL?N/A
CJ


Location of Well Known Endpoints

Dev Portal

Modified Customer Interface URL (if applicable)



Dev Portal URL
?
https://developer.xs2a.brownshipley.com
Test Facility
Implementation Date?
 Production Interface Implementation Date? (re-direct browser to browser)Contingency Measures
URL
to your dev portal or artefact that provides TPPs with the information they requireArticle 10 - Maximum time period after authentication?

Please specify how long the AISP has from the time when they receive the access token (after PSU authentication).  This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10.  ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)

Article 10 - Endpoints exempt of SCAPlease specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements

Authentication Method - Open Banking Channel (Browser)?

Username, Pin code and OTP (generated from smartcard)

Authentication Method - Open Banking Channel (APP)?

N/A

Authentication Method - Private Channel (Browser)?

Username, Pin code and OTP (generated from smartcard)

Authentication Method - Open Banking Channel (APP)?

Username, Pin code and OTP (generated from smartcard) , face ID and fingerprint

Authentication Method Implementation Date (Open Banking Channel)?

 

Authentication Method Implementation Date (Private Channel)?

 

SCA Implementation Date?

 SCA Scope? (will it inhibit non PSD2 accounts)

PSD2 scope is limited to payment accounts available online (current account)



ASPSP Support Desk Email or Phone Number






Panel
titleColorBlack
borderStyledashed
titleKey Implementations


-

Page Properties
idTC-HCC


High Cost Credit

TBC

View file
nameHCC.xlsx
height250

Page Properties
idTC-W7

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header