Implement OB Security Profile Implementer's Draft v1.1.2
Implement FAPI Profile Implementers Draft 2
Implement CIBA Profile Implementers Draft 1
N/A
Implement Dynamic Client Registration v1.1
N/A
Implement Dynamic Client Registration v3.1
N/A
Decommission Read/Write API Specification v1.x/2.x
N/A
Decommission OB Security Profile Implementer's Draft v1.x
N/A
Article 10 SCA Exemption (for 90 days)
Resources covered (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements
Method of Identification
Commence support for eIDAS QWAC certificates
Commence support for eIDAS QSEAL certificates
Commence support for OBIE QWAC-like certificates
Commence support for OBIE QSEAL-like certificates
Cease support for OBIE non eIDAS-like certificates for transport
Cease support for OBIE non eIDAS-like certificates for signing
Support for MTLS token endpoint authentication
Support for private_key_jwt token endpoint authentication
Cease support for client id and client secret token endpoint authentication
Implementation
Directory?
Open Banking
Location of Well Known Endpoints?
Open Banking Technical Directory
API Standard Implemented?
Open Banking
Name of Account Holder Implementation Date?
TBC
Supported identification method?
MTLS against OB Certificates, Investigating implementation of eIDAS certificates at present with a view towards implementation pre September.
Major Milestones
Releasing at Version 3.1, no plans for subsequent versions as of yet.
(Inc Other Products, API Updates, API Deprecations, etc)
FAPI Compliant?
Yes
CIBA
N/A
Using Open Banking as your eIDAS Trust Framework?
Yes
Are you caching the Directory?
No
Transaction IDs
Customer Journey
Implementing Customer Experience Guidelines?
Yes
Implementing Bespoke User Journeys?
No
Implementing App to App?
No
App to App Implementation Date?
No
Options on 90 day re-authentication?
Same as our online journey. PSU needs to re-authenticate as per standard Open Banking AIS journey (TPP will redirect PSU to AlphaFX login screen, select account, re-authenticate, redirected back to app)
Support Embedded Flow?
No
PSD2
Dispute Management System?
Yes (See notes)
We have our own operational process in place but are going to evaluate whether it would be better served utilising the DMS.
FCA Adjustment Period - Maintaining Screen Scraping?
Seeking Fallback Exemption?
Yes
Adjusted or Fallback Interface?
We are planning to scope the work required for a fallback interface should the exemption fail so that the interface fallback can be confirmed as possible within the required 2 month window. If exemption is achieved we’ll keep the implementation plan for the fallback in place for the possible revocation of the exemption.
Adjusted or Fallback URL?
Contact Email or Phone Number?
Dev Portal URL?
Test Facility Implementation Date?
Production Interface Implementation Date?
Authentication Method - Open Banking Channel (Browser)?
Login credentials (Username and password) + SMS OTP to begin with, then as we move to our SCA solution we will have:
Biometric + Trusted device
Password + Trusted Device
SMS OTP + Password (for clients without our mobile app)
Authentication Method - Open Banking Channel (APP)?
See Authentication Method - Open Banking Channel (Browser)? above