Test Facility (Sandbox) Open Banking API Standards 3.1 Live -14th March 2019Stress Testing (Sandbox) Open Banking API Standards 3.1 -13th February 2019.
AIS - Open Banking API Standards 3.1 planned for - 14th September 2019.
Wide Usage – Underway –
Open Banking Functional Conformance Testing
TPP Testing
PRETA directory Maintenance and Validation services planned for - 14th September 2019.
SCA via 2- Factor authentication – Password (knowledge) and Token (possession) and consent Flow as outlined in OBIE Customer Experience Guidelines planned for - 14th September 2019.
Security Profile?
Security Profile Certification?
CIBA
N/A
Using Open Banking as your eIDAS Trust Framework?
No
Are you caching the Directory?
Yes - Preta
Transaction IDs
Option 2
ASPSPs provide a Unique, Immutable TransactionID from their core system
ASPSPs generate a Unique TransactionID from a set of Immutable fields
ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one
Panel
RTS
Which date are you planning on implementing the SCA reauthentication exemption?
Sept 2022
What is your approach to token management to enable application of the reauthentication exemption?(see link to FCA guidance)
Long lived refresh token. It would be for 999 days initially and will be replaced/refreshed with no further authentication from the customer.
Example approach: Issue a long-lived refresh token during one final SCA, with refresh token rotation implemented.
[Please use this space to provide more details on your approach]
Article 10A - Endpoints exempt of SCA-RTS
Accounts
Transactions (90days)
Balances
Standing orders
Direct debits
Beneficiaries
Products
Offers
Parties
Scheduled Payments
Statements
Article 10A - Endpoints not exempt of SCA-RTS
Transactions (more than 90days)
Standing orders
Direct debits
Beneficiaries
Products
Offers
Parties
Scheduled Payments
Statements
Article 10A - Maximum time period after authentication
Please specify the time period in minutes
SCA-RTS implementation status(updated by OBL PS team only)
Status
colour
Green
title
Implemented
Planned / In-progress / Implemented / TBC
Panel
titleColor
Black
borderStyle
dashed
title
Security Profile
Page Properties
id
ID-Production
-Which Security profile have you Implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
OB Security Profile (Legacy)
FAPI (ID2)
FAPI 1 Advanced
Other (Please define)
Security Profile - Next Planned Version Implementation Date
CIBA Profile - Implemented or planning to implement
(Lowest version = Current, Highest version = Planned)
None
CIBA
CIBA FAPI Profile
CIBA Profile - Next Planned Version Implementation Date
Security Profile Certification date?
Token Endpoint Authentication Methods Supported
client_secret_post
client_secret_basic
client_secret_jwt
tls_client_auth
Private_key_jwt
Planned date to Cease support for client id and client secret token endpoint authentication
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
eIDAS QWAC
eIDAS QSealC
OB legacy (obtransport, obsigning)
OBWAC
OBSeal
Other (Please define)
eIDAS QWAC and QSeal for EU TPPs
and
OBWAC and OBSeal for UK based TPPs
Panel
titleColor
Black
borderStyle
dashed
title
Customer Journey
Page Properties
id
TC-CJ
-What is your approach to Implementing OBL Customer Experience Guidelines
?
Yes
Implementing Bespoke User Journeys?
Yes
Implementing App to App?
Yes
App to App Implementation Date?
N/A
(CEG)?
(tick all that apply)
Already Implemented
Planning to implement or upgrade
Not planning to implement CEG
Which version have you implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
V3.1.2
V3.1.3
V3.1.4
V3.1.5
V3.1.6
V3.1.7
V3.1.8
V3.1.9
V3.1.10
V3.1.11
V4.0
Which date are you planning to implement your latest CEG version?
Redirection Model
App to App redirection
Decoupled authentication
Embedded Flow
Bespoke User Journeys
Options on 90 day re-authentication?
90 Day Re-Authentication for AISP
Support Embedded Flow?
No
Panel
titleColor
Black
borderStyle
dashed
title
PSD2
Page Properties
id
TC-PSD2
Dispute Management System?
No
FCA Adjustment Period - Maintaining Screen Scraping?
No
Seeking Fallback Exemption
-Which Directory are you using as your Trust Framework?
Yes. For the Direct access channels we will be using the 2FA Authentication which will include (password) Knowledge and (Token) Possession for both Account Information Services and Payment Initiation Services.
Authentication Method - Open Banking Channel (APP)?
N/A
Authentication Method Implementation Date (Open Banking Channel)?
Authentication Method Implementation Date (Private Channel)?
SCA Implementation Date?
SCA Scope? (will it inhibit non PSD2 accounts)
Our scope only includes PSD2 accounts. Non PSD2 accounts will not be inhibited.
Major Milestones
Test Facility (Sandbox) Open Banking API Standards 3.1 Live-14thMarch 2019
Stress Testing (Sandbox) Open Banking API Standards 3.1 -13th February 2019.
AIS - Open Banking API Standards 3.1 Live -14th September 2019.
PIS - Open Banking API Standards 3.1 Live -15thMay 2020
PRETA directory Maintenance and Validation services -14th September 2019.
SCA via 2- Factor authentication – Password (knowledge) and Token (possession) and consent Flow as outlined in OBIE Customer Experience Guidelines -14th September 2019.
