Page Comparison

panel

Panel

titleColor	Black
borderStyle	dashed
title	OB Standards

This Section applies to ASPSPs that have impletemented OB Standards

Implement

Infodetails

icon	false
id	Standards-Production

Implement Open Data v2.2

tbc

Read/Write API Specification
Have you Implemented OB Standards?	Yes No
Open Data - Which version have you Implemented?	None V2.2 V2.3 V2.4

v3.1

09 Aug 2019

Deployed 3.1.1 in August 2019

Implement Customer Experience Guidelines v1.1

09 Aug 2019

Implement App-to-App Redirection

iOS - December 2019

Android - january 2020

App to App Redirection will be supported for iOS users from 8^th December 2019.

Support for Android users is planned to follow in January 2020.

Implement OB Security Profile Implementer's Draft v1.1.2

09 Aug 2019

Implement FAPI Profile Implementers Draft 2

tbc

Implement CIBA Profile Implementers Draft 1

n/a

Implement Dynamic Client Registration v1.1

n/a

Implement Dynamic Client Registration v3.1

09 Aug 2019

v3.2 implemented April 2020

Decommission Read/Write API Specification v1.x/2.x

n/a

Decommission OB Security Profile Implementer's Draft v1.x

n/a

Implemented or planning to implement (Lowest version = Current, Highest version = Planned)	V3.0 V3.1 V3.1.1 V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8
Read/Write API - Which date are you planning to implement your latest version?
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	None V3.1 V3.2 V3.3
DCR - Which date are you planning to implement your latest version?
Have you implemented Trusted beneficiaries, if not date planned to Implement?	Already Implemented Planning to implement Not planning to implement
Have you implemented Reverse Payments, if not date planned to Implement?	Already Implemented Planning to implement Not planning to implement
PISP - Single Payment Limit	£
PISP - Daily Payment Limit	£
How many months of transaction do you provide?

Panel

titleColor	Black
borderStyle	dashed
title	Method of IdentificationSecurity Profile

Page Properties

id	ID-Production

Commence support for eIDAS QWAC certificates

Live

Commence support for eIDAS QSEAL certificates

Live

Commence support for OBIE QWAC-like certificates

Live

Commence support for OBIE QSEAL-like certificates

Live

Cease support for OBIE non eIDAS-like certificates for transport

Not currently planned

Cease support for OBIE non eIDAS-like certificates for signing

Not currently planned

Support for MTLS token endpoint authentication

Live

Support for private_key_jwt token endpoint authentication

n/a

Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	OB Security Profile (Legacy) FAPI Other (Please define)
Security Profile - Next Planned Version Implementation Date
CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned)	None CIBA CIBA FAPI Profile
CIBA Profile - Next Planned Version Implementation Date
Security Profile Certification date?
Token Endpoint Authentication Methods Supported	client_secret_post client_secret_basic client_secret_jwt tls_client_auth Private_key_jwt
Planned date to Cease support for client id and client secret token endpoint authentication	n/a

Panel

titleColor	White
titleBGColor	#6180c3
borderStyle	dashed
title	Post Brexit Certificate Implementation

PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)

Page Properties

id	Standards-Production

eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)	POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Planned Implementation Date to Satisfy FCA's Post Transition	tbc
TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)	tbc	We are progressing with a managed migration from OB Legacy to OBWAC certifictes - this will mean that PSU consents will remain active. Comms have been issued via OBSD, however any TPPs who have not seen this should contact apisupport@tescobank.com if they wish to take part in our managed migration.
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)	statusReadycolour

Greentitle

Panel

titleColor

Black

READY

Panel

borderStyle	dashed
title	ImplementationCustomer Journey

Page Properties

id	TC-IMP

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory and OB Implementation Guide

API Standard Implemented?

Open Banking

Name of Account Holder Implementation Date?

Completed - 09 Aug 2019

Name of account holder is returned via the party endpoint

Date of Current eIDAS Implementation?

MTLS

Current Certificates used for Identification?

Current Certificates used for Transport?

OB Transport (non-eIDAS-like)

Current Certificates used for Signing?

OB Signing (non-eIDAS-like)

Date of Future eIDAS Implementation?

No future update currently planned.

Future Certificates used for Identification?

No future update currently planned.

Future Certificates used for Transport?

No future update currently planned.

Future Certificates used for Signing?

No future update currently planned.

Major Milestones

SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.

Production date for SCA in the Open Banking channel to be provided.

Brand(s)

Security Profile?

Open Banking Security Profile - Implementer's Draft v1.1.2

Security Profile Certification?

Submitted for certification and awaiting response.

CIBA

No

Using Open Banking as your eIDAS Trust Framework?

Yes

Are you caching the Directory?

No

Transaction IDs

No

No transaction IDs provided in transaction response, consistent with online/mobile channels.

Panel

borderStyle	dashed
title	Customer Journey

Page Properties

id	TC-CJ

Implementing Customer Experience Guidelines?

Yes

Current CEG Version?

1.2

Next CEG Version?

tbc

Next Version Implementation Date

tbc

Implementing Bespoke User Journeys?

No

Closely aligned to CEG v1.2

Implementing App to App?

Yes

App to App Implementation Date?

tbc

CJ

What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)? (tick all that apply)	Already Implemented Planning to implement or upgrade Not planning to implement CEG
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8
Which date are you planning to implement your latest CEG version?	TBC
Redirection Model	App to App redirection Decoupled authentication Embedded Flow Bespoke User Journeys
Options on 90 day re-authentication?	Yes	Re authentication will be required after 90 days. Will also be required in scenarios that imply risk and therefore SCA is deemed appropriate by Tesco Bank.

Support Embedded Flow?

No

SCA

Panel

titleColor	Black
borderStyle	dashed
title	PSD2

Page Properties

id	TC-PSD2

Dispute Management System

Which Directory are you using as your Trust Framework?

Yes

FCA Adjustment Period - Maintaining Screen Scraping?

Yes

Seeking Fallback Exemption?

Exemption Granted - 09 Oct 2019

Adjusted or Fallback Interface?

No

Adjusted or Fallback URL?

N/A

Contact Email or Phone Number?

apisupport@tescobank.com

Dev Portal URL?

https://developer.tescobank.com/

Test Facility Implementation Date?

14 Mar 2019

Production Interface Implementation Date?

09 Aug 2019

Contingency Measures

N/A as exemption obtained.

Article 10 - Maximum time period after authentication
Open Banking
Are you caching the Directory?	No
Transaction IDs Supported	No	No transaction IDs provided in transaction response, consistent with online/mobile channels.
Are you enrolled to Dispute Management System?	Yes No
Are you Seeking Fallback Exemption?	Yes No

?

	5 minutes for those endpoints NOT covered by an exemption (i.e. direct debits, beneficiaries etc.) and 90 days if exempt.
Article 10 - Endpoints exempt of SCA	Accounts, Balances, Transactions (< 90 days)	Resources covered (delete as appropriate): Accounts, Balances, Transactions

, ~~Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements~~

Authentication Method - Open Banking Channel (Browser)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – n/a

Authentication Method - Open Banking Channel (APP)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – Fingerprint / Face Recognition

Authentication Method - Private Channel (Browser)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – n/a

Authentication Method - Private Channel (APP)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – Fingerprint / Face Recognition

Authentication Method Implementation Date (Open Banking Channel)?

09 Aug 2019

Authentication Method Implementation Date (Private Channel)?

SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.

SCA Implementation Date?


Major Milestones	SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.	Production date for SCA in the Open Banking channel to be provided.

SCA Scope? (will it inhibit non PSD2 accounts)

Yes

Will impact ISAs, Fixed Rate Savers, Loans

Will not impact Mortgage and Insurance

Brand(s)

Version	Old Version 42	New Version 43
Changes made by	Debbie Chapman	Praveen Ponnumony
Saved on	Mar 31, 2021	May 07, 2021

Versions Compared

Key