- Created by Adam Pretlove (Unlicensed) , last modified by Alessandro Greco on Oct 05, 2020
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 51 Next »
| Implement Open Data v2.2 | September 2019 | |
|---|---|---|
| Implement Read/Write API Specification v3.1 | September 2019 | |
| Implement Customer Experience Guidelines v1.1 | September 2019 | |
| Implement App-to-App Redirection | N/A | N/A, as the mobile app is currently not in scope. |
| Implement OB Security Profile Implementer's Draft v1.1.2 | September 2019 | |
| Implement FAPI Profile Implementers Draft 2 | September 2019 | |
| Implement CIBA Profile Implementers Draft 1 | N/A | |
| Implement Dynamic Client Registration v1.1 | ||
| Implement Dynamic Client Registration v3.1 | ||
| Decommission Read/Write API Specification v1.x/2.x | ||
| Decommission OB Security Profile Implementer's Draft v1.x |
Will be implemented in line with PSD2 deadline.
| Commence support for eIDAS QWAC certificates | 14 Sept 2019 | |
|---|---|---|
| Commence support for eIDAS QSEAL certificates | N/A | |
Commence support for OBIE QWAC-like certificates | 14 Sept 2019 | |
| Commence support for OBIE QSEAL-like certificates | 14 Sept 2019 | |
| Cease support for OBIE non eIDAS-like certificates for transport | N/A | Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support |
| Cease support for OBIE non eIDAS-like certificates for signing | N/A | Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support |
| Support for MTLS token endpoint authentication | ||
| Support for private_key_jwt token endpoint authentication | ||
| Cease support for client id and client secret token endpoint authentication |
Directory? | Open Banking | ||
|---|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | The Well Known Endpoint for our Sandbox is: https://sandbox.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: https://sandbox.caterallen.co.uk/store/site/pages/faq.jag The Production Well Known Endpoint is: https://developer.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: | |
API Standard Implemented? | Open Banking v3.1 | ||
Name of Account Holder Implementation Date? | TBC (see notes) | This optional field has not been implemented yet but is planned for some time in the future. | |
| Date of Current eIDAS Implementation? | 14/09/19 | ||
| Current Certificates used for Identification? | MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory | ||
| Current Certificates used for Transport? | OB Transport OBWAC QWAC | EIDAS certificates will be validated using the OBIE directory | |
| Current Certificates used for Signing? | OB Signing OBSEAL | EIDAS certificates will be validated using the OBIE directory | |
| Date of Future eIDAS Implementation? | No future update currently planned. | ||
| Future Certificates used for Identification? | |||
| Future Certificates used for Transport? | |||
| Future Certificates used for Signing? | |||
Major Milestones | Version 3.1 was implemented in June 2019 and Security Conformance SUITE certification was achieved on August 2019 | (Inc Other Products, API Updates, API Deprecations, etc) | |
| Brand(s) | |||
| Security Profile? | FAPI Open ID | ||
| Security Profile Certification? | Yes | ||
CIBA | No | ||
| Using Open Banking as your eIDAS Trust Framework? | Yes | ||
| Are you caching the Directory? | No | ||
| Transaction IDs | Yes | The TransactionID is retrieved from our core system |
Implementing Customer Experience Guidelines? | Yes | |
|---|---|---|
| Current CEG Version? | v. 3.1.3 | |
| Next CEG Version? | v 3.1.6 | |
| Next Version Implementation Date | TBC | |
Implementing Bespoke User Journeys? | Yes (see notes) | Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019. |
Implementing App to App? | N/A | |
| App to App Implementation Date? | N/A | |
Options on 90 day re-authentication? | 90 Days | A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed. |
Support Embedded Flow? | No |
Dispute Management System? | Yes | System implementation in line with OBIE implementation dates. |
|---|---|---|
| FCA Adjustment Period - Maintaining Screen Scraping? | ||
Seeking Fallback Exemption? | Yes | |
Adjusted or Fallback Interface? | N/A | |
| Adjusted or Fallback URL? | N/A | |
| Contact Email or Phone Number? | 07727855715 / caterallenopenbanking@santander.co.uk | |
| Dev Portal URL? | For Production URL, we are live with AIS, finalizing Managed Rollout phase testing for PIS and are presently starting our CBPII Managed Roll-out phase. Please contact us for further information. | |
Test Facility Implementation Date? | ||
| Production Interface Implementation Date? | - Currently Live AIS, PIS and CBPII | AIS: our APIs are live. PIS: APIs are live and presently in Managed Roll-out phase. CBPII: APIs are live and presently in Managed Roll-out phase. NOTE: Cater Allen is undergoing a migration to a new banking platform. Only customers migrated to the new platform will be able to use the OB services. The final migration of customer will happen during the weekend 10-11 October 2020. Therefore all customers will be able to use the OB channels from 12 October 2020. Please contact us for further information. |
| Contingency Measures | Subject to FCA exemption decision | |
| Article 10 - Maximum time period after authentication? | N/A | No SCA applied on AISP |
| Article 10 - Endpoints exempt of SCA | N/A | For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away. Please note: We do not display statements |
Authentication Method - Open Banking Channel (Browser)? | Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile. | |
Authentication Method - Open Banking Channel (APP)? | N/A | N/A, as the mobile app is currently not in scope. |
Authentication Method - Private Channel (Browser)? | Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile. | |
Authentication Method - Private Channel (APP)? | N/A | N/A, as the mobile app is currently not in scope. |
Authentication Method Implementation Date (Open Banking Channel)? | 14 Sept 2019 | |
Authentication Method Implementation Date (Private Channel)? | 14 Sept 2019 | |
SCA Implementation Date? | ||
SCA Scope? (will it inhibit non PSD2 accounts) | No (see notes) | No. All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed. |
High Cost Credit | Cater Allen - HCC.xlsx |
|---|
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header | - |
|---|
- No labels