Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

OB Standards
Implement Open Data v2.2

Implement Read/Write API Specification v3.1Complete
Implement Customer Experience Guidelines v1.1

Implement App-to-App RedirectionComplete
Implement OB Security Profile Implementer's Draft v1.1.2Complete
Implement FAPI Profile Implementers Draft 2Complete
Implement CIBA Profile Implementers Draft 1

Implement Dynamic Client Registration v1.1

Implement Dynamic Client Registration v3.1Complete
Decommission Read/Write API Specification v1.x/2.x

Decommission OB Security Profile Implementer's Draft v1.x

Article 10 SCA Exemption (for 90 days)Accounts, Balances, Transactions (last 90 days), Pots (non-standard endpoint), Direct Debits (executed within the last 90 days), Standing Orders (executed within the last 90 days), Scheduled Payments
Method of Identification
Commence support for eIDAS QWAC certificates 
Commence support for eIDAS QSEAL certificates
 

Commence support for OBIE QWAC-like certificates

 
Commence support for OBIE QSEAL-like certificates 
Cease support for OBIE non eIDAS-like certificates for transport 
Cease support for OBIE non eIDAS-like certificates for signing 
Support for MTLS token endpoint authenticationYes
Support for private_key_jwt token endpoint authenticationNo
Cease support for client id and client secret token endpoint authenticationUnsupported
Post Brexit Certificate Implementation
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition

 


TPP PSU Migration Options Supported

Yes, any certificate on the software JWKS can be used interchangeably to authenticate any client for that software


POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)



Implementation

Directory?

Open Banking

Location of Well Known Endpoints?

Dev Portal (see Notes)

https://api.monzo.com/open-banking/.well-known/openid-configuration

https://docs.monzo.com/


API Standard Implemented?

Open Banking v3.1.2 AIS, PIS, CBPII

Name of Account Holder Implementation Date?

Legal and preferred names of authenticated user available through the Parties endpoint



Date of Current eIDAS Implementation?
Mutual TLS
Current Certificates used for Identification?




Current Certificates used for Transport?OB Transport

Current Certificates used for Signing?OB Signing

Date of Future eIDAS Implementation?No future update currently planned.

Future Certificates used for Identification?


Future Certificates used for Transport?




Future Certificates used for Signing?


Major Milestones

Version 3.1.2 AISP, PISP, CBPII



Brand(s)Monzo

Security Profile?
Yes (certification pending)
Security Profile Certification?


CIBA

TBC

Using Open Banking as your eIDAS Trust Framework?


Are you caching the Directory?Yes

Transaction IDsYes

Customer Journey

Implementing Customer Experience Guidelines?

Partial and Equivalent friction journeys due to Monzo customers having different authentication factors.


Current CEG Version?

Next CEG Version?

Next Version Implementation Date

Implementing Bespoke User Journeys?

Yes

Implementing App to App?

Yes
App to App Implementation Date? 

Options on 90 day re-authentication?

No

Support Embedded Flow?

No
PSD2

Dispute Management System?

TBC
FCA Adjustment Period - Maintaining Screen Scraping?Maintaining legacy AIS API (for existing AISPs) without SCA for the adjustment period. New AISPs will onboard directly onto the Monzo Open Banking API

Seeking Fallback Exemption?

Exemption Granted -  


Adjusted or Fallback Interface?

No
Adjusted or Fallback URL?N/A
Contact Email or Phone Number?

Email : openbanking@monzo.com

Website : https://docs.monzo.com


Dev Portal URL? https://docs.monzo.com

Test Facility Implementation Date?

 
Production Interface Implementation Date? 
Contingency Measures

Article 10 - Maximum time period after authentication?

Article 10 - Endpoints exempt of SCAAccounts, Balances and Transactions

Authentication Method - Open Banking Channel (Browser)?

Hybrid redirect with authentication happening on customers device.


Authentication Method - Open Banking Channel (APP)?

App to App available in Monzo v2.63


Authentication Method - Private Channel (Browser)?

None

Authentication Method - Private Channel (APP)?

None

Authentication Method Implementation Date (Open Banking Channel)?



Authentication Method Implementation Date (Private Channel)?



SCA Implementation Date?

 

SCA Scope? (will it inhibit non PSD2 accounts)



Key Implementations

High Cost Credit

TBC

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

TBC
  • No labels