Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 64 Next »

OB Standards
Implement Open Data v2.2September 2019
Implement Read/Write API Specification v3.1September 2019
Implement Customer Experience Guidelines v1.1

September 2019


Implement App-to-App RedirectionN/AN/A, as the mobile app is currently not in scope.
Implement OB Security Profile Implementer's Draft v1.1.2September 2019
Implement FAPI Profile Implementers Draft 2September 2019
Implement CIBA Profile Implementers Draft 1N/A
Implement Dynamic Client Registration v1.1 
Implement Dynamic Client Registration v3.1 
Decommission Read/Write API Specification v1.x/2.x
Decommission OB Security Profile Implementer's Draft v1.x
Method of Identification

Will be implemented in line with PSD2 deadline.​

Commence support for eIDAS QWAC certificates14 Sept 2019
Commence support for eIDAS QSEAL certificatesN/A

Commence support for OBIE QWAC-like certificates

14 Sept 2019
Commence support for OBIE QSEAL-like certificates14 Sept 2019
Cease support for OBIE non eIDAS-like certificates for transportN/APresently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Cease support for OBIE non eIDAS-like certificates for signingN/APresently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Support for MTLS token endpoint authentication 
Support for private_key_jwt token endpoint authentication 
Cease support for client id and client secret token endpoint authentication 
Post Brexit Certificate Implementation
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 
EIDAS certificates will be validated using the OBIE directory.
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition

This info will be provided shortly


TPP PSU Migration Outcomes Supported

Dynamic certificate authentication process.

Outcome 4: You can continue to use your OBseal for client authentication

Outcome 5: Continue using the key pair for client authentication

Outcome 8: Switch to a new OBseal to use with private-key-jwt

POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

READY

  • Ready – ASPSP accept eIDAS certs and OB Certs(OBWAC/OBSeal)
Implementation

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory

The Well Known Endpoint for our Sandbox is: https://sandbox.caterallen.co.uk/.well-known/openid-configuration 

It is also indicated in the support section together with other relevant info: https://sandbox.caterallen.co.uk/store/site/pages/faq.jag 


The Production Well Known Endpoint is:

https://developer.caterallen.co.uk/.well-known/openid-configuration

It is also indicated in the support section together with other relevant info: 

https://developer.caterallen.co.uk/store/site/pages/faq.jag 


API Standard Implemented?

Open Banking v3.1

Name of Account Holder Implementation Date?

TBC (see notes)This optional field has not been implemented yet but is planned for some time in the future.
Date of Current eIDAS Implementation?14/09/19

Current Certificates used for Identification?

MTLS available. eIDAS QWAC/QSEAL.

EIDAS certificates will be validated using the OBIE directory



Current Certificates used for Transport?

OB Transport

OBWAC

QWAC

EIDAS certificates will be validated using the OBIE directory
Current Certificates used for Signing?

OB Signing

OBSEAL

EIDAS certificates will be validated using the OBIE directory
Date of Future eIDAS Implementation?No future update currently planned.

Future Certificates used for Identification?


Future Certificates used for Transport?




Future Certificates used for Signing?


Major Milestones

Version 3.1 was implemented in June 2019 and Security Conformance SUITE certification was achieved on August 2019(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)


Security Profile?FAPI Open ID

Security Profile Certification?Yes

CIBA

No

Using Open Banking as your eIDAS Trust Framework?Yes

Are you caching the Directory?No

Transaction IDsYesThe TransactionID is retrieved from our core system
Customer Journey

Implementing Customer Experience Guidelines?

Yes
Current CEG Version?v. 3.1.3
Next CEG Version?v 3.1.6
Next Version Implementation DateTBC

Implementing Bespoke User Journeys?

Yes (see notes)Our payment journeys currently follow the exact journey as customer would get in their online banking.  The Customer Experience Guidelines says they payment journeys should be 2 step.  We will not be introducing the 2 step journeys until October 2019.

Implementing App to App?

N/A
App to App Implementation Date?N/A

Options on 90 day re-authentication?

90 Days

A TPP can re-authentication any time up until the expiry date.  The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed.

Support Embedded Flow?

No
PSD2

Dispute Management System?

YesSystem implementation in line with OBIE implementation dates.
FCA Adjustment Period - Maintaining Screen Scraping?

Seeking Fallback Exemption?

Yes

Adjusted or Fallback Interface?

N/A
Adjusted or Fallback URL?N/A
Contact Email or Phone Number?

07727855715 / caterallenopenbanking@santander.co.uk

alessandro.greco@santander.co.uk 


Dev Portal URL?

Sandbox: https://sandbox.caterallen.co.uk/store/

Prod: https://developer.caterallen.co.uk/store/  

For Production URL we are live with AIS, PIS and CBPII.

Full live proving has been provided for AIS and PIS. For CBPII endpoints we are in Managed Rollout phase testing. Please contact us for further information.

Test Facility Implementation Date?

 
Production Interface Implementation Date?

- Currently Live AIS, PIS and CBPII

AIS: our APIs are live.

PIS: APIs are live and presently in Managed Roll-out phase.

CBPII: APIs are live and presently in Managed Roll-out phase.


NOTE: 

“Cater Allen is pleased to inform that the final migration of customers to the new banking platform planned for this weekend has successfully completed.

As a consequence all customers will be able to use the OB services. Please contact us on caterallenopenbanking@santander.co.uk for further information”.

Contingency Measures
Subject to FCA exemption decision 
Article 10 - Maximum time period after authentication?N/ANo SCA applied on AISP
Article 10 - Endpoints exempt of SCAN/A

For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away.

Please note: We do not display statements

Authentication Method - Open Banking Channel (Browser)?

Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.

Authentication Method - Open Banking Channel (APP)?

N/AN/A, as the mobile app is currently not in scope.

Authentication Method - Private Channel (Browser)?

Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.

Authentication Method - Private Channel (APP)?

N/AN/A, as the mobile app is currently not in scope.

Authentication Method Implementation Date (Open Banking Channel)?

14 Sept 2019

Authentication Method Implementation Date (Private Channel)?

14 Sept 2019

SCA Implementation Date?

 

SCA Scope? (will it inhibit non PSD2 accounts)

No (see notes)No.  All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed.
Key Implementations

High Cost Credit

Cater Allen - HCC.xlsx

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

-
  • No labels