This optional field has not been implemented yet but is planned for some time in the future.
Date of Current eIDAS Implementation?
MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory
Current Certificates used for Identification?
Current Certificates used for Transport?
Current Certificates used for Signing?
Date of Future eIDAS Implementation?
No future update currently planned.
Future Certificates used for Identification?
Future Certificates used for Transport?
Future Certificates used for Signing?
Major Milestones
Version 3.1 was implemented in June 2019 and Security Conformance SUITE certification was achieved on August 2019
(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)
Security Profile?
FAPI Open ID
Security Profile Certification?
Yes
CIBA
No
Using Open Banking as your eIDAS Trust Framework?
Yes
Are you caching the Directory?
No
Transaction IDs
We are supporting: ASPSPs provide a Unique, Immutable TransactionID from their core system
Customer Journey
Implementing Customer Experience Guidelines?
Yes
Implementing Bespoke User Journeys?
Yes (see notes)
Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019.
Implementing App to App?
N/A
App to App Implementation Date?
Options on 90 day re-authentication?
90 Days
A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed.
Support Embedded Flow?
No
PSD2
Dispute Management System?
Yes
System implementation in line with OBIE implementation dates.
FCA Adjustment Period - Maintaining Screen Scraping?
For Production URL, we are presently starting our Managed Roll-out phase. Please contact us for further information.
Test Facility Implementation Date?
Production Interface Implementation Date?
- Currently Live Proving (Whitelisting in Place)
Contingency Measures
Subject to FCA exemption decision
Article 10 - Maximum time period after authentication?
N/A
No SCA applied on AISP
Article 10 - Endpoints exempt of SCA
N/A
For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.
Please note: We do not display statements
Authentication Method - Open Banking Channel (Browser)?
Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Open Banking Channel (APP)?
Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Private Channel (APP)?
N/A
N/A, as the mobile app is currently not in scope.
Authentication Method Implementation Date (Open Banking Channel)?
14 Sept 2019
Authentication Method Implementation Date (Private Channel)?
14 Sept 2019
SCA Implementation Date?
SCA Scope? (will it inhibit non PSD2 accounts)
No (see notes)
No. All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed.