Versions Compared

Version Old Version 13 New Version 14
Changes made by

Praveen Ponnumony

Praveen Ponnumony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Method of Identification
Panel
titleColorBlack
borderStyledashed
titleOB Standards
borderStyledashed
titledetails

This Section applies to ASPSPs that have impletemented OB Standards


Info
iconfalse
idStandards-Production
Implement Open Data v2.2October 2019Implement Read/Write API Specification v3.1October 2019Implement Customer Experience Guidelines v1.1October 2019Implement App-to-App RedirectionN/AImplement OB Security Profile Implementer's Draft v1.1.2N/A - Our assumption is that the conformance side of security profile was replaced with the FAPI conformance.Implement FAPI Profile Implementers Draft 2October 2019Implement CIBA Profile Implementers Draft 1N/AImplement Dynamic Client Registration v1.1October 2019Implement Dynamic Client Registration v3.1Due in 2020Decommission Read/Write API Specification v1.x/2.x

N/A

Decommission OB Security Profile Implementer's Draft v1.xN/A
Panel


Have you Implemented OB Standards?
  •  Yes
  •  No

Open Data - Which version have you Implemented?
  •  None
  •  V2.2
  •  V2.3
  •  V2.4

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  V3.0
  •  V3.1
  •  V3.1.1
  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Read/Write API - Which date are you planning to implement your latest version?

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  None
  •  V3.1
  •  V3.2
  •  V3.3

DCR - Which date are you planning to implement your latest version?

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

PISP - Single Payment Limit£
PISP - Daily Payment Limit£
How many months of transaction do you provide?




Panel
titleColorBlack
borderStyledashed
titleSecurity Profile


Page Properties
idID-Production


Commence support for eIDAS QWAC certificatesCommence support for eIDAS QSEAL certificates
 

Commence support for OBIE QWAC-like certificates

Commence support for OBIE QSEAL-like certificatesCease support for OBIE non eIDAS-like certificates for transportCease support for OBIE non eIDAS-like certificates for signingSupport for MTLS token endpoint authenticationSupport for private_key_jwt token endpoint authentication

Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  OB Security Profile (Legacy)
  •  FAPI
  •  Other (Please define) 

Security Profile - Next Planned Version Implementation Date

CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  None
  •  CIBA
  •  CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Date

Security Profile Certification date?



Token Endpoint Authentication Methods Supported
  •  
    client_secret_post
  •  
    client_secret_basic
  •  
    client_secret_jwt
  •  
    tls_client_auth
  •  Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authentication







#6180c3
Panel
titleColorWhite
titleBGColor
borderStyledashed
titlePost Brexit Certificate Implementation


Page Properties
idStandards-Production


PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
eIDAS QWAC and QSEAL accepted from EU TPP’s only
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
eIDAS QWAC and QSEAL accepted from EU TPP’s only
Planned Implementation Date to Satisfy FCA's Post Transition

TBC

Don’t have an agreed date, we are working towards the advised dates as per FCA
TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)

Outcomes 4,5 & 8 are supported


POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

statusReadycolour





panel
Panel
Green
titleREADY
titleColorBlack
borderStyledashed
titleImplementationCustomer Journey


Page Properties
idTC-IMP

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory

OB directory/dev portal and OB DevZOne pages

API Standard Implemented?

Open Banking

Name of Account Holder Implementation Date?

Live (See Notes)

We are already returning Account name as per the definition in 3.1.1 as that is what is being displayed in our own channels.
We do not show the name of the party (ie customer) in our own channel so we are not mandated to return this information.

Date of Current eIDAS Implementation? From 1 September 2019 Open Banking (OB) ETSI-Format certificates are supported in parallel with legacy OB certificates.Current Certificates used for Identification?OB Transport + ClientID + SecretCurrent Certificates used for Transport?OB Transport / OBWACCurrent Certificates used for Signing?OB Signing / OBSEALDate of Future eIDAS Implementation? From 14 March 2020, eIDAS certificates will be required for identification of new Third Party Providers with ‘certificate switching’ (i.e. use of OB ETSI-Format certificates)
supported. Existing OB ecosystem Third Party Providers must hold a valid eIDAS certificate on the OB Directory.		Future Certificates used for Identification?OB Transport + ClientID + Secret + OBSEAL/QSEALFuture Certificates used for Transport?

OBWAC / QWAC

Future Certificates used for Signing?OBSEAL / QSEAL

Major Milestones

V1.1 deprecation  
V3.1 roadmap

SEPA MTS Bulk / Batch Payments - Q1 2020

Bulk / Batch Payments: SEPA MTS Q1 2020

Bulk / Batch Payments (All payment types) Q1 2020

P2 Two Way Notice of Revocation - Q1 2020

P8 SCA Exemptions - Q1 2020

API specification v3.1.4 & CEG v3.1.4 - Q1 2020

Uplift to PS256 encryption standard - Q2 2020

P15 Access Dashboards - TBC

Brand(s)Security Profile?Open BankingSecurity Profile Certification?NoWe are conformant against the OB standards and the errors that are viewed in the logs are outside of the requirements

CIBA

NoUsing Open Banking as your eIDAS Trust Framework?YesAre you caching the Directory?NoDirectory Caching will be delivered by 24 February 2020 as part of PSD2 onboardingTransaction IDsYes - August 2019Transaction id's are provided against each booked transaction that are returned on the transactions endpoint
Panel
borderStyledashed
titleCustomer Journey
N/A for RBSI/NWI Corporate
Page Properties
idTC-CJ

Implementing Customer Experience Guidelines?

YesCurrent CEG Version?Next CEG Version?Next Version Implementation Date

Implementing Bespoke User Journeys?

N/A for RBSI/NWI CorporateYesApp to App Implementation Date?
CJ


What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?

(tick all that apply)

  •  Already Implemented
  •  Planning to implement or upgrade
  •  Not planning to implement CEG

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8

Which date are you planning to implement your latest CEG version?TBC
Redirection Model
  •  App to App redirection
  •  Decoupled authentication
  •  Embedded Flow
  •  Bespoke User Journeys


Options on 90 day re-authentication?

Yes

For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.

Please note: We do not display statements

Support Embedded Flow?

No




Panel
titleColorBlack
borderStyledashed
titlePSD2


Page Properties
idTC-PSD2
rbs-sca
panel


Dispute Management System
Which Directory are you using as your Trust Framework?
YesAs per manual implementation. System implementation in line with OBIE implementation dates
FCA Adjustment Period - Maintaining Screen Scraping?FDATA WhitelistedFDATA to 13 Match 2020

Seeking Fallback Exemption?

YesRBS will be applying for all Brands under CMA order and against additional franchises and brands including RBSI, UBROI

Adjusted or Fallback Interface?

NoAdjusted or Fallback URL?N/AContact Email or Phone Number?
~APIServiceDesk@rbs.com
Dev Portal URL?https://www.bankofapis.com/

Test Facility Implementation Date?

 Production Interface Implementation Date? Contingency Measures
Open Banking
Are you caching the Directory?NoDirectory Caching will be delivered by 24 February2020 as part of PSD2 onboarding
Transaction IDs SupportedAugust 2019Transaction id's are provided against each booked transaction that are returned on the transactions endpoint

Are you enrolled to Dispute Management System?

  •  Yes
  •  No

Are you Seeking Fallback Exemption?

  •  Yes
  •  No


Article 10 - Maximum time period after authentication
?
N/ARBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10
Article 10 - Endpoints exempt of SCA

N/A

RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10

Authentication Method - Open Banking Channel (Browser)?

RedirectCustomer Identification Number + Partial password + Partial pin

Authentication Method - Open Banking Channel (APP)?

Redirect

App to App Facial or Fingerprint recognition
In the absence of the above being enabled on customers device.
Customer Identification Number + Partial password + Partial pin

Authentication Method - Private Channel (Browser)?

MTLS / private_key_jwt

Authentication Method - Private Channel (APP)?

TLS / private_key_jwt

Authentication Method Implementation Date (Open Banking Channel)?

Browser -  

App - See 'App to App Implementation Date?'

Authentication Method Implementation Date (Private Channel)?

 

SCA Implementation Date?

See Calendar Page

SCA Scope? (will it inhibit non PSD2 accounts)

See Calendar Page
Anchorrbs-sca
Major Milestones

V1.1 deprecation 

V3.1 roadmap

International Payments for Commercial Banking Customers - Q1 2020

SEPA MTS Bulk / Batch Payments - Q1 2020

P2 Two Way Notice of Revocation - Q1 2020

P8 SCA Exemptions - Q1 2020

API specification v3.1.4 & CEG v3.1.4 - Q1 2020

Uplift to PS256 encryption standard - Q2 2020

P15 Access Dashboards - Q2 2020


Brand(s)




SCA
Panel
titleColorBlack
borderStyledashed
title
ASPSP Dev Portal and Contact Details


SCA

SCA @ Login

Steps:

Customers can use biometrics (as per the setup
of their device/customer preference) or passcode

Device binding will run in the background during
authentication

Page Properties
idTC-
CJ


Deliveries of these SCA solutions will continue across the rest of 2019 will some delivered in Q1 2020

Customer Journey stage

Mobile (Direct Channel)

E-banking (Direct Channel)

 Bankline (Direct Channel & Open Banking)eQ (Direct Channel & Open Banking)Open Banking BrowserOpen Banking App to App
Logging in to identify themselves as a customer and gain access to in scope accounts

SCA @ Login

Steps:

Customer ID Plus Partial PIN Password Plus Device Profiling

SCA @ Login

Steps:
Customer and User IDs Plus Partial Password And using Card And PIN for Challenge and Response

Customer & User IDs Plus Password in full AND two memorable random characters

SCA @ Login

Steps:

Customer IDs Plus Partial PIN Password AND Device Profiling

SCA @ Login

 Steps:

Customers can use biometrics (as per the setup of their device/customer preference) or passcode

Device binding will run in the background
during authentication

Making a payment from in scope accounts

No further SCA required for payments to trusted beneficiaries.

SCA via card and reader required for payments
above low value payment limit to non trusted
beneficiaries.

SCA for payments to non-trusted beneficiaries

Further SCA required for Payments using Card and PIN for Challenge and ResponsePayments using Card and PIN for Challenge and Response

Step up to One Time
Passcode or Card & Reader
for payments

No further SCA required for payment

LIVELIVEQ1 2020LIVENovember 2020LIVE

Location of Well Known Endpoints

OB Technical DirectoryOB directory/dev portal and OB DevZOne pages

Modified Customer Interface URL (if applicable)



Dev Portal URLhttps://www.bankofapis.com/
Test Facility URL

ASPSP Support Desk Email or Phone Number

~APIServiceDesk@rbs.com




Panel
titleColorBlack
borderStyledashed
titleKey Implementations


TBC

Page Properties
idTC-HCC


High Cost Credit

RBSI Corporate - HCC.xlsx

View file
nameRBSI Corporate - HCC.xlsx
height250

Page Properties
idTC-W7

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header