Versions Compared

Version Old Version 11 New Version Current
Changes made by

Praveen Ponnumony

Praveen Ponnumony

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
titleColorBlack
borderStyledashed
titleOB Standards

This Section applies to ASPSPs that have implemented OB Standards


N/A
Page Properties
iconfalse
idTC-OB Standards-Production
Implement Open Data v2.2October 2019Implement Read/Write API Specification v3.1October 2019Implement Customer Experience Guidelines v1.1October 2019Implement App-to-App RedirectionN/AImplement OB Security Profile Implementer's Draft v1.1.2N/A - Our assumption is that the conformance side of security profile was replaced with the FAPI conformance.Implement FAPI Profile Implementers Draft 2October 2019Implement CIBA Profile Implementers Draft 1N/AImplement Dynamic Client Registration v1.1October 2019Implement Dynamic Client Registration v3.1Due in 2020Decommission Read/Write API Specification v1.x/2.x

N/A

Decommission OB Security Profile Implementer's Draft v1.x


-Have you Implemented OB Standards?
  •  Yes
  •  No

Open Data - Which version have you Implemented?
  •  None
  •  V2.2
  •  V2.3
  •  V2.4

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  V3.0
  •  V3.1
  •  V3.1.1
  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8
  •  V3.1.9
  •  V3.1.10
  •  V3.1.11
  •  V4.0

Highest Version – 3.1.10 (Dec 2022)

Read/Write API - Which date are you planning to implement your latest version?

3.1.10 Functional Conformance – Dec 2022

Have you implemented v4.0 information flows, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  None
  •  V3.1
  •  V3.2
  •  V3.3

BoA V3.3


Already implemented compliance with 3.3

DCR - Which date are you planning to implement your latest version?

Already implemented

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented ECA Standard?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

ECA Implementation details

n/a


Have you implemented Bulk/File Payments?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented VRP – Sweeping, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 

Have you implemented VRP non-Sweeping, if not date planned to Implement?

  •  Already Implemented
  •  Planning to implement
  •  Not planning to implement 


PISP - Single Payment Limit

Currently at £20k for Personal customers

(moved to £50k for Premier customers only in Jan 2023)

FAQs | Bank of APIs

PISP - Daily Payment LimitVariable (£5k - £20k ( dependent on customer) see BOAPI links for further information

FAQs | Bank of APIs

How many months of transaction do you provide?
  • Up to 7 years Personal
  • Up to 11 months Commercial
  • Currently 6m Credit Cards
Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement?YesTRIs implemented for RBSI in July 2023
What is your approach to Implementing TRIs?
  •  Accept payload with TRI fields – Process all fields
  •  Accept payload with TRI fields – Ignore all fields
  •  Reject payload with TRI fields – Error back to TPP
  •  Accept payload with TRI fields – Process few fields (Provide list of accepted fields)  
Payment Context code, Contract Present Indicator, Beneficiary Payment details pre-populated indicator, Payee Account Name, Beneficiary Account Type, Merchant Customer Identification , Delivery Address , Merchant Category Code, Payment Purpose Code




Panel
borderStyledashed
titleMethod of IdentificationSCA-RTS 90-day reauth Implementation


Page Properties
idID-Production
Commence support for eIDAS QWAC certificatesCommence support for eIDAS QSEAL certificates
 

Commence support for OBIE QWAC-like certificates

Commence support for OBIE QSEAL-like certificatesCease support for OBIE non eIDAS-like certificates for transportCease support for OBIE non eIDAS-like certificates for signingSupport for MTLS token endpoint authenticationSupport for private_key_jwt token endpoint authenticationCease support for client id and client secret token endpoint authentication
Panel
titleColorWhite
titleBGColor#6180c3
borderStyledashed
titlePost Brexit Certificate Implementation
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
Page Properties
idStandards-Production
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
SCA-RTS


Which date are you planning on implementing the SCA reauthentication exemption?



What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance)


Example approach:
Issue a long-lived refresh token during one final SCA, with refresh token rotation implemented.


Article 10A - Endpoints exempt of SCA-RTS
  •  

    Accounts

  •  

    Transactions (90days)

  •  

    Balances

  •  

    Standing orders

  •  

    Direct debits

  •  

    Beneficiaries

  •  

    Products

  •  

    Offers

  •  

    Parties

  •  

    Scheduled Payments

  •  

    Statements


Article 10A - Endpoints not exempt of SCA-RTS
  •  

    Transactions (more than 90days)

  •  

    Standing orders

  •  

    Direct debits

  •  

    Beneficiaries

  •  

    Products

  •  

    Offers

  •  

    Parties

  •  

    Scheduled Payments

  •  

    Statements


Article 10A - Maximum time period after authentication
Please specify the time period in minutes
SCA-RTS implementation status (updated by OBL PS team only)

Status
colourGreen
titleImplemented





Panel
titleColorBlack
borderStyledashed
titleSecurity Profile


Page Properties
idID-Production


-Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  OB Security Profile (Legacy)
  •  FAPI (ID2)
  •  FAPI 1 Advanced
  •  Other (Please define) 
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 

Security Profile - Next Planned Version Implementation Daten/a
CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  •  None
  •  CIBA
  •  CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Daten/a
Security Profile Certification date?


Originally Certified  - Oct 2020

Re-Certification -  31st Jan 2023
Token Endpoint Authentication Methods Supported
  •  
    client_secret_post
  •  
    client_secret_basic
  •  
    client_secret_jwt
  •  
    tls_client_auth
  •  Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authentication

n/a


POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  •  eIDAS QWAC
  •  eIDAS QSealC
  •  OB legacy (obtransport, obsigning)
  •  OBWAC
  •  OBSeal
  •  Other (Please define) 
Planned Implementation Date to Satisfy FCA's Post TransitionTPP PSU Migration Options SupportedPOST-BREXIT Certificate Implementation Status (updated by OBIE IES team)




Panel
Panel
titleColorBlack
borderStyledashed
titleImplementationCustomer Journey


Page Properties
idTC-IMP

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory

OB directory/dev portal and OB DevZOne pages

API Standard Implemented?

Open Banking

Name of Account Holder Implementation Date?

Live (See Notes)

We are already returning Account name as per the definition in 3.1.1 as that is what is being displayed in our own channels.
We do not show the name of the party (ie customer) in our own channel so we are not mandated to return this information.

Date of Current eIDAS Implementation? From 1 September 2019 Open Banking (OB) ETSI-Format certificates are supported in parallel with legacy OB certificates.Current Certificates used for Identification?OB Transport + ClientID + SecretCurrent Certificates used for Transport?OB Transport / OBWACCurrent Certificates used for Signing?OB Signing / OBSEALDate of Future eIDAS Implementation? From 14 March 2020, eIDAS certificates will be required for identification of new Third Party Providers with ‘certificate switching’ (i.e. use of OB ETSI-Format certificates)
supported. Existing OB ecosystem Third Party Providers must hold a valid eIDAS certificate on the OB Directory.		Future Certificates used for Identification?OB Transport + ClientID + Secret + OBSEAL/QSEALFuture Certificates used for Transport?

OBWAC / QWAC

Future Certificates used for Signing?OBSEAL / QSEAL

Major Milestones

V1.1 deprecation  
V3.1 roadmap

SEPA MTS Bulk / Batch Payments - Q1 2020

Bulk / Batch Payments: SEPA MTS Q1 2020

Bulk / Batch Payments (All payment types) Q1 2020

P2 Two Way Notice of Revocation - Q1 2020

P8 SCA Exemptions - Q1 2020

API specification v3.1.4 & CEG v3.1.4 - Q1 2020

Uplift to PS256 encryption standard - Q2 2020

P15 Access Dashboards - TBC

Brand(s)Security Profile?Open BankingSecurity Profile Certification?NoWe are conformant against the OB standards and the errors that are viewed in the logs are outside of the requirements

CIBA

NoUsing Open Banking as your eIDAS Trust Framework?YesAre you caching the Directory?NoDirectory Caching will be delivered by 24 February 2020 as part of PSD2 onboardingTransaction IDsYes - August 2019Transaction id's are provided against each booked transaction that are returned on the transactions endpoint
Panel
borderStyledashed
titleCustomer Journey
Page Properties
idTC-CJ

Implementing Customer Experience Guidelines?

YesCurrent CEG Version?Next CEG Version?Next Version Implementation Date

Implementing Bespoke User Journeys?

N/A for RBSI/NWI CorporateYesApp to App Implementation Date?

N/A for RBSI/NWI Corporate

Options on 90 day re-authentication?

Yes

For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.
Please note: We do not display statements

Support Embedded Flow?

No
CJ


-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)?

(tick all that apply)

  •  Already Implemented
  •  Planning to implement or upgrade
  •  Not planning to implement CEG

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  •  V3.1.2
  •  V3.1.3
  •  V3.1.4
  •  V3.1.5
  •  V3.1.6
  •  V3.1.7
  •  V3.1.8
  •  V3.1.9
  •  V3.1.10
  •  V3.1.11
  •  V4.0

Current - 3.1.10 (Sept 2022)

Which date are you planning to implement your latest CEG version?
Already implemented V3.1.10
Redirection Model
  •  App to App redirection
  •  Decoupled authentication
  •  Embedded Flow
  •  Bespoke User Journeys
  • App to App redirection
  • Browser Redirection




Panel
titleColorBlack
borderStyledashed
titlePSD2


Yes
Page Properties
idTC-PSD2

Dispute Management System?

rbs-sca
Contingency Measures
Panel


As per manual implementation. System implementation in line with OBIE implementation dates
FCA Adjustment Period - Maintaining Screen Scraping?FDATA WhitelistedFDATA to 13 Match 2020

Seeking Fallback Exemption?

YesRBS will be applying for all Brands under CMA order and against additional franchises and brands including RBSI, UBROI

Adjusted or Fallback Interface?

NoAdjusted or Fallback URL?N/AContact Email or Phone Number?
~APIServiceDesk@rbs.com
Dev Portal URL?https://www.bankofapis.com/

Test Facility Implementation Date?

 Production Interface Implementation Date? 
-Which Directory are you using as your Trust Framework?Open BankingThe Open Banking Directory
Are you caching the Directory?NoThe static data such as client IDs are cashed, but not certificates and keys
Transaction IDs SupportedAugust 2019

Transaction IDs are supported, please refer to:

3.1.6 Transaction Endpoint Documentation - Bank of APIs

Are you Seeking Fallback Exemption?

  •  Yes
  •  No

No, already received exemption

Article 10 - Maximum time period after authentication
?
N/A
RBSG are

RBSI is adopting Article 10 Exemption for 90-day reauthentication, no further restrictions are being applied under Article 10.

Article 10 - Endpoints exempt of SCA

N/A

RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10

Authentication Method - Open Banking Channel (Browser)?

RedirectCustomer Identification Number + Partial password + Partial pin

Authentication Method - Open Banking Channel (APP)?

Redirect

App to App Facial or Fingerprint recognition
In the absence of the above being enabled on customers device.
Customer Identification Number + Partial password + Partial pin

Authentication Method - Private Channel (Browser)?

MTLS / private_key_jwt

Authentication Method - Private Channel (APP)?

TLS / private_key_jwt

Authentication Method Implementation Date (Open Banking Channel)?

Browser -  

App - See 'App to App Implementation Date?'

Authentication Method Implementation Date (Private Channel)?

 

SCA Implementation Date?

See Calendar Page

SCA Scope? (will it inhibit non PSD2 accounts)

See Calendar Page
Anchorrbs-sca

Options to implement the FCA guidance on “exception circumstances” SCA are currently being evaluated.

Major Milestones



Brand(s)RBSI, NWI




SCA
Panel
titleColorBlack
borderStyledashed
title
ASPSP Dev Portal and Contact Details


SCA

SCA @ Login

Steps:

Customers can use biometrics (as per the setup
of their device/customer preference) or passcode

Device binding will run in the background during
authentication

Page Properties
idTC-
C


Deliveries of these SCA solutions will continue across the rest of 2019 will some delivered in Q1 2020

Customer Journey stage

Mobile (Direct Channel)

E-banking (Direct Channel)

 Bankline (Direct Channel & Open Banking)eQ (Direct Channel & Open Banking)Open Banking BrowserOpen Banking App to App
Logging in to identify themselves as a customer and gain access to in scope accounts

SCA @ Login

Steps:

Customer ID Plus Partial PIN Password Plus Device Profiling

SCA @ Login

Steps:
Customer and User IDs Plus Partial Password And using Card And PIN for Challenge and Response

Customer & User IDs Plus Password in full AND two memorable random characters

SCA @ Login

Steps:

Customer IDs Plus Partial PIN Password AND Device Profiling

SCA @ Login

 Steps:

Customers can use biometrics (as per the setup of their device/customer preference) or passcode

Device binding will run in the background
during authentication

Making a payment from in scope accounts

No further SCA required for payments to trusted beneficiaries.

SCA via card and reader required for payments
above low value payment limit to non trusted
beneficiaries.

SCA for payments to non-trusted beneficiaries

Further SCA required for Payments using Card and PIN for Challenge and ResponsePayments using Card and PIN for Challenge and Response

Step up to One Time
Passcode or Card & Reader
for payments

No further SCA required for payment

LIVELIVEQ1 2020LIVENovember 2020LIVE

Location of Well Known Endpoints

OB Technical DirectoryConsent Confirmation Support – Authorisation Servers Explained – Bank of APIs

Modified Customer Interface URL (if applicable)

n/a
Dev Portal URLhttps://www.bankofapis.com/
Test Facility URL

https://bankofapis.com/sandbox


Brand Landing Pages URL

Logos


NWI - Image Added


RBSI - Image Added

ASPSP Support Desk Email or Phone Number

(including queries about consent success rates) 

https://rbsgroupapiservicedesk.spectrumhosting.net/plugins/servlet/desk/portal/1Please visit help & updates page to raise a service desk ticket




Panel
titleColorBlack
borderStyledashed
titleKey Implementations


TBC

Page Properties
idTC-HCC


High Cost Credit

RBSI Corporate - HCC.xlsx

View file
nameRBSI Corporate - HCC.xlsx
height250

Page Properties
idTC-W7

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header