PaneltitleColor White Black titleBGColor #6180c3 borderStyle dashed title Post Brexit Certificate Implementation
details This Section applies to ASPSPs that have impletemented OB Standards
Infoicon false id Standards-Production
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020) eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Have you Implemented OB Standards? Other (PSD2/SCA-RTS compliant API) Open Data - Which version have you Implemented? Read/Write API Specification Implemented or planning to implement
(Lowest version = Current, Highest version = Planned)
V3.0 V3.1 V3.1.1 V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8 Read/Write API - Which date are you planning to implement your latest version? Dynamic Client Registration - Which version have you Implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
DCR - Which date are you planning to implement your latest version? Have you implemented Trusted beneficiaries, if not date planned to Implement?
Already Implemented Planning to implement Not planning to implement Have you implemented Reverse Payments, if not date planned to Implement?
Already Implemented Planning to implement Not planning to implement PISP - Single Payment Limit £ PISP - Daily Payment Limit £ How many months of transaction do you provide?
PaneltitleColor Black borderStyle dashed title Security Profile
Page Properties
Which Security profile have you Implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
OB Security Profile (Legacy) FAPI Other (Please define) Security Profile - Next Planned Version Implementation Date 13 Mar 2019 CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned)
None CIBA CIBA FAPI Profile CIBA Profile - Next Planned Version Implementation Date 05 Sep 2019
Security Profile Certification date? 05 Sep 2019
Token Endpoint Authentication Methods Supported client_secret_post
client_secret_basic
client_secret_jwt
tls_client_auth
Private_key_jwt Planned date to Cease support for client id and client secret token endpoint authentication 14 Sep 2019
PanelborderStyle dashed title Post Brexit Certificate Implementation
Page Properties
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021) eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define) POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define) Planned Implementation Date to Satisfy FCA's Post Transition TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook ) POST-BREXIT Certificate Implementation Status (updated by OBIE IES team ) Unknown
PaneltitleColor Black borderStyle dashed title Implementation Customer Journey
Page Properties Page PropertiesDirectory?
Open Banking Location of Well Known Endpoints?
Dev Portal:
https://developer.token.io/
https://www.unity.co.uk/psd2/ API Standard Implemented?
Other
(PSD2/SCA-RTS compliant API) Name of Account Holder Implementation Date?
Completed - 14 Sep 2019 Date of Current eIDAS Implementation? eIDAS QWAC Current Certificates used for Identification? Current Certificates used for Transport? Current Certificates used for Signing? Date of Future eIDAS Implementation? No future update currently planned. Future Certificates used for Identification? Future Certificates used for Transport? Future Certificates used for Signing?
What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?
(tick all that apply)
Already Implemented Planning to implement or upgrade Not planning to implement CEG Which version have you implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8 Which date are you planning to implement your latest CEG version? Redirection Model App to App redirection Decoupled authentication Embedded Flow Bespoke User Journeys Options on 90 day re-authentication?
Not supported. Max consent = 90 days
PaneltitleColor Black borderStyle dashed title PSD2
Page Properties
Which Directory are you using as your Trust Framework? Open Banking Are you caching the Directory? No Transaction IDs Supported Are you enrolled to Dispute Management System?
Are you Seeking Fallback Exemption?
Article 10 - Maximum time period after authentication Article 10 - Endpoints exempt of SCA
Major Milestones Test platform available via Token.io from 14 Jun 2019
Production platform available via Token.io from 19 Dec 2019
For more information, please visit www.unity.co.uk/PSD2
Brand(s) Unity Trust Bank
Security Profile?
Security Profile Certification? CIBA
N/A Using Open Banking as your eIDAS Trust Framework? Yes Are you caching the Directory? No Transaction IDs ASPSPs provide a Unique, Immutable TransactionID from their core system ASPSPs generate a Unique TransactionID from a set of Immutable fields ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one
PanelborderStyle dashed title Customer Journey
Page PropertiesImplementing Customer Experience Guidelines?
Yes
Current CEG Version? Next CEG Version? Next Version Implementation Date Implementing Bespoke User Journeys?
Yes Implementing App to App?
Yes App to App Implementation Date? 19 Dec 2019 Options on 90 day re-authentication? Not supported. Max consent = 90 days
Support Embedded Flow?
No PaneltitleColor Black borderStyle dashed title PSD2 ASPSP Dev Portal and Contact Details
Page PropertiesDispute Management System?
Yes FCA Adjustment Period - Maintaining Screen Scraping? No Seeking Fallback Exemption?
Granted exemption 19 Apr 2020 Adjusted or Fallback Interface?
No Adjusted or Fallback URL? N/A Contact Email or Phone Number? Us@unity.co.uk Dev Portal URL?
Implementation Date? 14 Jun 2019 Production Interface Implementation Date? 19 Dec 2019 Contingency Measures Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable. This should be a to your dev portal or artefact that provides TPPs with the information they require Article 10 - Maximum time period after authentication? Please specify how long the AISP has from the time when they receive the access token (after PSU authentication). This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10. ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)
Article 10 - Endpoints exempt of SCA Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements Authentication Method - Open Banking Channel (Browser)?
Decoupled Authentication Method - Open Banking Channel (APP)?
Decoupled Authentication Method - Private Channel (Browser)?
N/A
Authentication Method - Open Banking Channel (APP)?
N/A Authentication Method Implementation Date (Open Banking Channel)?
Authentication Method Implementation Date (Private Channel)?
N/A SCA Implementation Date?
SCA Scope? (will it inhibit non PSD2 accounts) SCA will be applied for all online accounts.
APIs will be exposed for PSD2 accounts only
PaneltitleColor Black borderStyle dashed title Key Implementations
Page Properties
Page PropertiesAfter Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header
TBC