Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 41 Next »

OB Standards
Implement Open Data v2.2
tbc
Implement Read/Write API Specification v3.1 Deployed 3.1.1 in August 2019
Implement Customer Experience Guidelines v1.109 Aug 2019 
Implement App-to-App Redirection

iOS - December 2019

Android - january 2020

App to App Redirection will be supported for iOS users from 8th December 2019.

Support for Android users is planned to follow in January 2020.
Implement OB Security Profile Implementer's Draft v1.1.209 Aug 2019 
Implement FAPI Profile Implementers Draft 2tbctbc
Implement CIBA Profile Implementers Draft 1n/an/a
Implement Dynamic Client Registration v1.1n/an/a
Implement Dynamic Client Registration v3.109 Aug 2019 v3.2 implemented April 2020
Decommission Read/Write API Specification v1.x/2.xn/an/a
Decommission OB Security Profile Implementer's Draft v1.xn/an/a
Method of Identification
Commence support for eIDAS QWAC certificatesLive
Commence support for eIDAS QSEAL certificates
 Live

Commence support for OBIE QWAC-like certificates

Live
Commence support for OBIE QSEAL-like certificatesLive
Cease support for OBIE non eIDAS-like certificates for transportNot currently planned
Cease support for OBIE non eIDAS-like certificates for signingNot currently planned
Support for MTLS token endpoint authenticationLive
Support for private_key_jwt token endpoint authenticationn/a
Cease support for client id and client secret token endpoint authenticationn/a
Post Brexit Certificate Implementation
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

Planned Implementation Date to Satisfy FCA's Post Transition

tbc


TPP PSU Migration Outcomes Supported

tbc

We are progressing with a managed migration from OB Legacy to OBWAC certifictes - this will mean that PSU consents will remain active.

Comms have been issued via OBSD, however any TPPs who have not seen this should contact apisupport@tescobank.com if they wish to take part in our managed migration. 

POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

READY


Implementation

Directory?

Open Banking

Location of Well Known Endpoints?

OB Technical Directory and OB Implementation Guide

API Standard Implemented?

Open Banking

Name of Account Holder Implementation Date?

Completed -  Name of account holder is returned via the party endpoint
Date of Current eIDAS Implementation?
MTLS
Current Certificates used for Identification?




Current Certificates used for Transport?OB Transport (non-eIDAS-like)

Current Certificates used for Signing?OB Signing (non-eIDAS-like)

Date of Future eIDAS Implementation?No future update currently planned.

Future Certificates used for Identification?No future update currently planned.

Future Certificates used for Transport?

No future update currently planned.



Future Certificates used for Signing?No future update currently planned.

Major Milestones

SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.

Production date for SCA in the Open Banking channel to be provided.


Brand(s)


Security Profile?Open Banking Security Profile - Implementer's Draft v1.1.2

Security Profile Certification?

Submitted for certification and awaiting response.



CIBA

No

Using Open Banking as your eIDAS Trust Framework?Yes

Are you caching the Directory?No

Transaction IDsNoNo transaction IDs provided in transaction response, consistent with online/mobile channels.
Customer Journey

Implementing Customer Experience Guidelines?

Yes
Current CEG Version?1.2
Next CEG Version?tbc
Next Version Implementation Datetbc

Implementing Bespoke User Journeys?

NoClosely aligned to CEG v1.2

Implementing App to App?

Yes
App to App Implementation Date?tbc

Options on 90 day re-authentication?

Yes

Re authentication will be required after 90 days.

Will also be required in scenarios that imply risk and therefore SCA is deemed appropriate by Tesco Bank.

Support Embedded Flow?

No
PSD2

Dispute Management System?

Yes


FCA Adjustment Period - Maintaining Screen Scraping?Yes
Seeking Fallback Exemption?Exemption Granted -  

Adjusted or Fallback Interface?

No
Adjusted or Fallback URL?N/A
Contact Email or Phone Number?apisupport@tescobank.com
Dev Portal URL?https://developer.tescobank.com/

Test Facility Implementation Date?

 
Production Interface Implementation Date? 
Contingency Measures
N/A as exemption obtained.
Article 10 - Maximum time period after authentication?

5 minutes for those endpoints NOT covered by an exemption (i.e. direct debits, beneficiaries etc.) and 90 days if exempt.


Article 10 - Endpoints exempt of SCAAccounts, Balances, Transactions (< 90 days)Resources covered (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements

Authentication Method - Open Banking Channel (Browser)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – n/a


Authentication Method - Open Banking Channel (APP)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – Fingerprint / Face Recognition

Authentication Method - Private Channel (Browser)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – n/a

Authentication Method - Private Channel (APP)?

Knowledge – Password & Security Number. Possession – Device or OTP. Inherence – Fingerprint / Face Recognition

Authentication Method Implementation Date (Open Banking Channel)?

09 Aug 2019 

Authentication Method Implementation Date (Private Channel)?


SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.

SCA Implementation Date?

SCA is already in place at log in for the existing Online and Mobile channels and was in place pre-PSD2.Production date for SCA in the Open Banking channel to be provided.

SCA Scope? (will it inhibit non PSD2 accounts)

Yes

Will impact ISAs, Fixed Rate Savers, Loans

Will not impact Mortgage and Insurance

Key Implementations

High Cost Credit

Tesco - HCC - Nov 19.xlsx

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

-We will support Option 1

 Functional Certificate (PIS): Tesco Personal Finance 2019
  • No labels