- Created by Adam Pretlove (Unlicensed) , last modified by Praveen Ponnumony on Nov 12, 2020
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 11 Next »
| Implement Open Data v2.2 | October 2019 | ||
|---|---|---|---|
| Implement Read/Write API Specification v3.1 | October 2019 | ||
| Implement Customer Experience Guidelines v1.1 | October 2019 | ||
| Implement App-to-App Redirection | N/A | ||
| Implement OB Security Profile Implementer's Draft v1.1.2 | N/A | - Our assumption is that the conformance side of security profile was replaced with the FAPI conformance. | |
| Implement FAPI Profile Implementers Draft 2 | October 2019 | ||
| Implement CIBA Profile Implementers Draft 1 | N/A | ||
| Implement Dynamic Client Registration v1.1 | October 2019 | ||
| Implement Dynamic Client Registration v3.1 | Due in 2020 | ||
| Decommission Read/Write API Specification v1.x/2.x | N/A | ||
| Decommission OB Security Profile Implementer's Draft v1.x | N/A |
| Commence support for eIDAS QWAC certificates | ||
|---|---|---|
| Commence support for eIDAS QSEAL certificates | ||
Commence support for OBIE QWAC-like certificates | ||
| Commence support for OBIE QSEAL-like certificates | ||
| Cease support for OBIE non eIDAS-like certificates for transport | ||
| Cease support for OBIE non eIDAS-like certificates for signing | ||
| Support for MTLS token endpoint authentication | ||
| Support for private_key_jwt token endpoint authentication | ||
| Cease support for client id and client secret token endpoint authentication |
| PRE-BREXIT - Certificates Accepted (until 31st Dec 2020) |
| |
|---|---|---|
| POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021) |
| |
| POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) |
| |
| Planned Implementation Date to Satisfy FCA's Post Transition | ||
| TPP PSU Migration Options Supported | ||
| POST-BREXIT Certificate Implementation Status (updated by OBIE IES team) |
Directory? | Open Banking | ||
|---|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | OB directory/dev portal and OB DevZOne pages | |
API Standard Implemented? | Open Banking | ||
Name of Account Holder Implementation Date? | Live (See Notes) | We are already returning Account name as per the definition in 3.1.1 as that is what is being displayed in our own channels. | |
| Date of Current eIDAS Implementation? | From 1 September 2019 Open Banking (OB) ETSI-Format certificates are supported in parallel with legacy OB certificates. | ||
| Current Certificates used for Identification? | OB Transport + ClientID + Secret | ||
| Current Certificates used for Transport? | OB Transport / OBWAC | ||
| Current Certificates used for Signing? | OB Signing / OBSEAL | ||
| Date of Future eIDAS Implementation? | From 14 March 2020, eIDAS certificates will be required for identification of new Third Party Providers with ‘certificate switching’ (i.e. use of OB ETSI-Format certificates) supported. Existing OB ecosystem Third Party Providers must hold a valid eIDAS certificate on the OB Directory. | ||
| Future Certificates used for Identification? | OB Transport + ClientID + Secret + OBSEAL/QSEAL | ||
| Future Certificates used for Transport? | OBWAC / QWAC | ||
| Future Certificates used for Signing? | OBSEAL / QSEAL | ||
Major Milestones | V1.1 deprecation SEPA MTS Bulk / Batch Payments - Q1 2020 Bulk / Batch Payments: SEPA MTS Q1 2020 Bulk / Batch Payments (All payment types) Q1 2020 P2 Two Way Notice of Revocation - Q1 2020 P8 SCA Exemptions - Q1 2020 API specification v3.1.4 & CEG v3.1.4 - Q1 2020 Uplift to PS256 encryption standard - Q2 2020 P15 Access Dashboards - TBC | ||
| Brand(s) | |||
| Security Profile? | Open Banking | ||
| Security Profile Certification? | No | We are conformant against the OB standards and the errors that are viewed in the logs are outside of the requirements | |
CIBA | No | ||
| Using Open Banking as your eIDAS Trust Framework? | Yes | ||
| Are you caching the Directory? | No | Directory Caching will be delivered by 24 February 2020 as part of PSD2 onboarding | |
| Transaction IDs | Yes - August 2019 | Transaction id's are provided against each booked transaction that are returned on the transactions endpoint |
Implementing Customer Experience Guidelines? | Yes | |
|---|---|---|
| Current CEG Version? | ||
| Next CEG Version? | ||
| Next Version Implementation Date | ||
Implementing Bespoke User Journeys? | N/A for RBSI/NWI Corporate | |
| Yes | ||
| App to App Implementation Date? | N/A for RBSI/NWI Corporate | |
Options on 90 day re-authentication? | Yes | For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away. |
Support Embedded Flow? | No |
Dispute Management System? | Yes | As per manual implementation. System implementation in line with OBIE implementation dates |
|---|---|---|
| FCA Adjustment Period - Maintaining Screen Scraping? | FDATA Whitelisted | FDATA to 13 Match 2020 |
Seeking Fallback Exemption? | Yes | RBS will be applying for all Brands under CMA order and against additional franchises and brands including RBSI, UBROI |
Adjusted or Fallback Interface? | No | |
| Adjusted or Fallback URL? | N/A | |
| Contact Email or Phone Number? | ||
| Dev Portal URL? | https://www.bankofapis.com/ | |
Test Facility Implementation Date? | ||
| Production Interface Implementation Date? | ||
| Contingency Measures | ||
| Article 10 - Maximum time period after authentication? | N/A | RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10 |
| Article 10 - Endpoints exempt of SCA | N/A | RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10 |
Authentication Method - Open Banking Channel (Browser)? | Redirect | Customer Identification Number + Partial password + Partial pin |
Authentication Method - Open Banking Channel (APP)? | Redirect | App to App Facial or Fingerprint recognition |
Authentication Method - Private Channel (Browser)? | MTLS / private_key_jwt | |
Authentication Method - Private Channel (APP)? | TLS / private_key_jwt | |
Authentication Method Implementation Date (Open Banking Channel)? | Browser - App - See 'App to App Implementation Date?' | |
Authentication Method Implementation Date (Private Channel)? | ||
SCA Implementation Date? | See Calendar Page | |
SCA Scope? (will it inhibit non PSD2 accounts) | See Calendar Page |
Deliveries of these SCA solutions will continue across the rest of 2019 will some delivered in Q1 2020
| Customer Journey stage | Mobile (Direct Channel) | E-banking (Direct Channel) | Bankline (Direct Channel & Open Banking) | eQ (Direct Channel & Open Banking) | Open Banking Browser | Open Banking App to App |
|---|---|---|---|---|---|---|
| Logging in to identify themselves as a customer and gain access to in scope accounts | SCA @ Login Steps: Customers can use biometrics (as per the setup Device binding will run in the background during | SCA @ Login Steps: Customer ID Plus Partial PIN Password Plus Device Profiling | SCA @ Login Steps: | Customer & User IDs Plus Password in full AND two memorable random characters | SCA @ Login Steps: Customer IDs Plus Partial PIN Password AND Device Profiling | SCA @ Login Steps: Customers can use biometrics (as per the setup of their device/customer preference) or passcode Device binding will run in the background |
| Making a payment from in scope accounts | No further SCA required for payments to trusted beneficiaries. SCA via card and reader required for payments | SCA for payments to non-trusted beneficiaries | Further SCA required for Payments using Card and PIN for Challenge and Response | Payments using Card and PIN for Challenge and Response | Step up to One Time | No further SCA required for payment |
| LIVE | LIVE | Q1 2020 | LIVE | November 2020 | LIVE |
High Cost Credit | RBSI Corporate - HCC.xlsx |
|---|
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header | TBC |
|---|
- No labels