Revolut Ltd

OB Standards

Implement Open Data v2.2	N/A
Implement Read/Write API Specification v3.1	08 May 2019	Only account access/funds confirmation/domestic payments implemented
Implement Customer Experience Guidelines v1.1	08 May 2019	Journeys initiated by TPP are implemented. Consent management for Revolut users in both Revolut Mobile and Revolut Web apps is being implemented.
Implement Read/Write API Specification v3.1.1	10th May 2020	International Payments/Standing Orders/Scheduled Payments, Domestic Standing Orders//Scheduled Payments, File Payments (Revolut Business customers only), Account Access to Vaults implemented
Implement App-to-App Redirection	Yes, March 2020
Implement OB Security Profile Implementer's Draft v1.1.2	12 Mar 2019
Implement FAPI Profile Implementers Draft 2	12 Mar 2019
Implement CIBA Profile Implementers Draft 1	No
Implement Dynamic Client Registration v1.1	N/A
Implement Dynamic Client Registration v3.1	12 Mar 2019
Decommission Read/Write API Specification v1.x/2.x	N/A
Decommission OB Security Profile Implementer's Draft v1.x	N/A

Method of Identification

Commence support for eIDAS QWAC certificates	08 May 2019	We support listed eIDAS QTSPs: Bundesdruckerei, Buypass and CERTSIGN via Open Banking Directory
Commence support for eIDAS QSEAL certificates	08 May 2019	We support listed eIDAS QTSPs: Bundesdruckerei, Buypass and CERTSIGN via Open Banking Directory
Current State eIDAS certificates	June 2020	We support all eIDAS certificates
Commence support for OBIE QWAC-like certificates	08 May 2019
Commence support for OBIE QSEAL-like certificates	08 May 2019
Cease support for OBIE non eIDAS-like certificates for transport	12 Mar 2019
Cease support for OBIE non eIDAS-like certificates for signing	12 Mar 2019
Support for MTLS token endpoint authentication	12 Mar 2019
Support for private_key_jwt token endpoint authentication	12 Mar 2019
Cease support for client id and client secret token endpoint authentication	N/A

Post Brexit Certificate Implementation

PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Planned Implementation Date to Satisfy FCA's Post Transition
TPP PSU Migration Outcomes Supported
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)	READY	Ready - Accept eIDAS and OB Certs (OBWAC & OBSeal)

Implementation

Directory?	Open Banking
Location of Well Known Endpoints?	OB Technical Directory
API Standard Implemented?	Open Banking
Name of Account Holder Implementation Date?
Date of Current eIDAS Implementation?		MTLS Token
Current Certificates used for Identification?
Current Certificates used for Transport?
Current Certificates used for Signing?
Date of Future eIDAS Implementation?	No future update currently planned.
Future Certificates used for Identification?
Future Certificates used for Transport?
Future Certificates used for Signing?
Major Milestones		See below
Brand(s)
Security Profile?
Security Profile Certification?
CIBA	No
Using Open Banking as your eIDAS Trust Framework?	Yes
Are you caching the Directory?	No
Transaction IDs

Customer Journey

Implementing Customer Experience Guidelines?	Yes
Current CEG Version?
Next CEG Version?
Next Version Implementation Date
Implementing Bespoke User Journeys?	Authentication and consent creation journeys are implemented as it is described in Customer Experience Guidelines.
Implementing App to App?	Yes
App to App Implementation Date?	March 2020
Options on 90 day re-authentication?	We force re-authentication every 90 dyas
Support Embedded Flow?	Yes - currently all authentication is embedded in user's initiation environment (see below per moving to web-to-app)

PSD2

Dispute Management System?	Service Desk Available - openbanking-support@revolut.com
FCA Adjustment Period - Maintaining Screen Scraping?	Never supported
Seeking Fallback Exemption?	Yes
Adjusted or Fallback Interface?	N/A
Adjusted or Fallback URL?	N/A
Contact Email or Phone Number?	openbanking-support@revolut.com 020 3725 7583
Dev Portal URL?	https://developer.revolut.com/
Test Facility Implementation Date?	12 Mar 2019
Production Interface Implementation Date?
Contingency Measures	N/A exempted by FCA	Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable. This should be a URL to your dev portal or artefact that provides TPPs with the information they require
Article 10 - Maximum time period after authentication?		Please specify how long the AISP has from the time when they receive the access token (after PSU authentication). This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10. ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)
Article 10 - Endpoints exempt of SCA	No endpoints exempted of SCA	Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements
Authentication Method - Open Banking Channel (Browser)?	Browser Password and OTP via SMS
Authentication Method - Open Banking Channel (APP)?	App Login (Password, Biometrics)
Authentication Method - Private Channel (Browser)?	Browser Password and 2FA via email or business-app
Authentication Method - Open Banking Channel (APP)?	App Login (Password, Biometrics)
Authentication Method Implementation Date (Open Banking Channel)?
Authentication Method Implementation Date (Private Channel)?
SCA Implementation Date?	12 Mar 2019
SCA Scope? (will it inhibit non PSD2 accounts)	Account,Payment,Funds Confirmation

Key Implementations

High Cost Credit	TBC

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header	-16th June

Recent Milestones
App-to-app authentication	March 2020
Sandbox credentials generation	May 2020	TPPs can register for sandbox credentials through Revolut Developer Portal https://developer.revolut.com/portal/signup
Domestic Standing Orders//Scheduled Payments,	May 2020
File Payments (Revolut Business customers only)	May 2020
International Payments/Standing Orders/Scheduled Payments	May 2020
Vaults Release to Open Banking API - Web	May 2020
Waiver 007 Implementation End	16th June

Future Roadmap
Credit Cards Released to Open Banking API	Users will soon be able to grant access to Credit Cards to Open Banking API
Web-to-App Authentication	Revolut Business Users will soo be able to grant TPPs access on their App for requests initiated on Web

See below details for different certificates accepted against our Open Banking API for different time periods. Please note, Revolut maintains one API for both our EEA and UK based customers. Please see our public documentation for which certificates are accepted against user's from different entities here: https://developer.revolut.com/docs/build-banking-apps/#introduction-to-the-open-banking-api-global-customer-access-controls

PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)			POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)			POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
eIDAS (QWAC/QSealC)	OB legacy (obtransport, obsigning)	OB Certs (OBWAC/OBSeal)	eIDAS (QWAC/QSealC)	OB legacy (obtransport, obsigning)	OB Certs (OBWAC/OBSeal)	eIDAS (QWAC/QSealC)	OB legacy (obtransport, obsigning)	OB Certs (OBWAC/OBSeal)
Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes