Versions Compared

Version Old Version 27 New Version 28
Changes made by

Praveen Ponnumony

Praveen Ponnumony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


...


Method of Identification
Panel
titleColorBlack
borderStyledashed
titleOB Standards
borderStyledashed
title

This Section applies to ASPSPs that have impletemented OB Standards


Page Propertiesinfo
iconfalse
idStandards-Production
Implement Open Data v2.2N/AImplement Read/Write API Specification v3.1 Implement Customer Experience Guidelines v1.1 Implement App-to-App RedirectionN/AImplement OB Security Profile Implementer's Draft v1.1.2 Implement FAPI Profile Implementers Draft 2 Implement CIBA Profile Implementers Draft 1N/AImplement Dynamic Client Registration v1.1N/AImplement Dynamic Client Registration v3.1N/ADecommission Read/Write API Specification v1.x/2.xN/ADecommission OB Security Profile Implementer's Draft v1.xN/A
Panel


Have you Implemented OB Standards?
  •  Yes
  •  No

Open Data - Which version have you Implemented?
  •  None
  •  V2.2
  •  V2.3
  •  V2.4

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  V3.0
  •  V3.1
  •  V3.1.1
  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Read/Write API - Which date are you planning to implement your latest version?

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  None
  •  V3.1
  •  V3.2
  •  V3.3

DCR - Which date are you planning to implement your latest version?

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

PISP - Single Payment Limit£
PISP - Daily Payment Limit£
How many months of transaction do you provide?




Panel
titleColorBlack
borderStyledashed
titleSecurity Profile


Page Properties
idID-Production
Commence support for eIDAS QWAC certificatesFrom Q2 2020Commence support for eIDAS QSEAL certificates
 From Q2 2020

Commence support for OBIE QWAC-like certificates

From 14th SeptemberCommence support for OBIE QSEAL-like certificatesFrom 14th SeptemberCease support for OBIE non eIDAS-like certificates for transportNo PlansCease support for OBIE non eIDAS-like certificates for signingNo PlansSupport for MTLS token endpoint authenticationFrom 14th SeptemberSupport for private_key_jwt token endpoint authenticationFrom 14th September


Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  OB Security Profile (Legacy)
  •  FAPI
  •  Other (Please define) 

Security Profile - Next Planned Version Implementation Date

CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  None
  •  CIBA
  •  CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Date
 

Security Profile Certification date?
 

Token Endpoint Authentication Methods Supported
  •  
    client_secret_post
  •  
    client_secret_basic
  •  
    client_secret_jwt
  •  
    tls_client_auth
  •  Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authenticationNo PlansAlpha FX suggests TPPs to use Private Key JWT but won’t stop the support for client id and secret





titleColor
Panel
White
titleBGColor#6180c3
borderStyledashed
titlePost Brexit Certificate Implementation


PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
Page Properties
idStandards-Production


  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition



TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)



POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

Ready





No
Panel
borderStyledashed
titleImplementation
Page Properties
idTC-IMP

Directory?

Open Banking

Location of Well Known Endpoints?

Dev Portal

API Standard Implemented?

Open Banking v3.1

Name of Account Holder Implementation Date?

TBCDate of Current eIDAS Implementation?MTLS against OB Certificates, Investigating implementation of eIDAS certificates.Current Certificates used for Identification?Current Certificates used for Transport?Current Certificates used for Signing?Date of Future eIDAS Implementation?No future update currently planned.Future Certificates used for Identification?Future Certificates used for Transport?Future Certificates used for Signing?

Major Milestones

Releasing at Version 3.1, no plans for subsequent versions as of yet.(Inc Other Products, API Updates, API Deprecations, etc)Brand(s)Security Profile?Open BankingSecurity Profile Certification?Yes

CIBA

N/AUsing Open Banking as your eIDAS Trust Framework?YesAre you caching the Directory?NoTransaction IDsOption 1
Panel
titleColorBlack
borderStyledashed
titleCustomer Journey


No
Page Properties
idTC-CJ


What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?

YesCurrent CEG Version?Next CEG Version?

Next Version Implementation Date

Implementing Bespoke User Journeys?

No

Implementing App to App?

NoApp to App Implementation Date?

(tick all that apply)

  •  Already Implemented
  •  Planning to implement or upgrade
  •  Not planning to implement CEG

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Which date are you planning to implement your latest CEG version?

Redirection Model
  •  App to App redirection
  •  Decoupled authentication
  •  Embedded Flow
  •  Bespoke User Journeys

Options on 90 day re-authentication?

Same as our online journey. PSU needs to re-authenticate as per standard Open Banking AIS journey (TPP will redirect PSU to AlphaFX login screen, select account, re-authenticate, redirected back to app)

Support Embedded Flow?





Panel
titleColorBlack
borderStyledashed
titlePSD2


Page Properties
idTC-PSD2


Dispute Management System?

No (See notes)We have our own operational process in place
FCA Adjustment Period - Maintaining Screen Scraping?No

Seeking Fallback Exemption?

Exemption granted on  

Adjusted or Fallback Interface?

We are planning to scope the work required for a fallback interface should the exemption fail so that the interface fallback can be confirmed as possible within the required 2 month window. If exemption is achieved we’ll keep the implementation plan for the fallback in place for the possible revocation of the exemption.

Adjusted or Fallback URL?N/AContact Email or Phone Number?clientservices@alphafx.co.uk.Dev Portal URL?https://developer.alpha-fx.co.uk/

Test Facility Implementation Date?

 Production Interface Implementation Date? Contingency MeasuresAlpha FX are aligned to FCA adjustment period and supporting the phased migration of Screen Scraping by TPPs
Which Directory are you using as your Trust Framework?Open Banking
Are you caching the Directory?No
Transaction IDs SupportedOption 1

Are you enrolled to Dispute Management System?

  •  Yes
  •  No

Are you Seeking Fallback Exemption?

  •  Yes
  •  No


Article 10 - Maximum time period after authentication
?

Authentication Method - Open Banking Channel (APP)?

See Authentication Method - Open Banking Channel (Browser)? above

Authentication Method - Private Channel (Browser)?

See Authentication Method - Open Banking Channel (Browser)? above

Authentication Method - Private Channel (APP)?

See Authentication Method - Open Banking Channel (Browser)? above

Authentication Method Implementation Date (Open Banking Channel)?

TBC

Authentication Method Implementation Date (Private Channel)?

TBC

SCA Implementation Date?

 

SCA Scope? (will it inhibit non PSD2 accounts)

PSD2 Accounts only
No restrictions applied other than SCA at Auth and Re-Auth
Article 10 - Endpoints exempt of SCA

None

Authentication Method - Open Banking Channel (Browser)?

Login credentials (Username and password) + SMS OTP to begin with, then as we move to our SCA solution we will have:

Biometric + Trusted device

Password + Trusted Device

SMS OTP + Password (for clients without our mobile app)

Major MilestonesReleasing at Version 3.1, no plans for subsequent versions as of yet.
Brand(s)




     Functional Certificate (PIS): AlphaFX 2019
Panel
titleColorBlack
borderStyledashed
titleKey ImplementationsASPSP Dev Portal and Contact Details


Page Properties
idTC-HCC

High Cost Credit

TBC
View file
nameHCC.xlsx
height250

Page Properties
idTC-W7

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

-

CJ


Location of Well Known Endpoints

Dev Portal

Modified Customer Interface URL (if applicable)



Dev Portal URLhttps://developer.alpha-fx.co.uk/
Test Facility URL

ASPSP Support Desk Email or Phone Number

clientservices@alphafx.co.uk.