/
Vanquis Bank

Vanquis Bank

OB Standards

This Section applies to ASPSPs that have implemented OB Standards

-Have you Implemented OB Standards?

  • Yes
  • No


Open Data - Which version have you Implemented?

  • None
  • V2.2
  • V2.3
  • V2.4


Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • V3.0
  • V3.1
  • V3.1.1
  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8
  • V3.1.9
  • V3.1.10
  • V3.1.11
  • V4.0
  • V4.0.1

AISP, CBPII & PISP - v3.1.10 (Also compatible with v3.1)

Read/Write API - Which date are you planning to implement your latest version?



Have you implemented v4.0 information flows, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 


Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • None
  • V3.1
  • V3.2
  • V3.3
  • V3.4


DCR - Which date are you planning to implement your latest version?



Have you implemented Trusted beneficiaries, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Not Applicable 

Have you implemented Reverse Payments, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Not Applicable 

Have you implemented Bulk/File Payments?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

[Please use this space to provide more details on bulk/file payments implementation]

(e.g. maximum value/volume of payments per file, maximum file size, requirement for payees to be existing trusted beneficiaries, etc)

Have you implemented VRP – Sweeping, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 


Have you implemented VRP non-Sweeping, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Contact: [enter contact details for the relevant person(s) at your organisation]

[You can use this space to provide implementation details relevant to VRP]

PISP - Single Payment Limit

£


PISP - Daily Payment Limit

£


How many months of transaction do you provide?

6 Months

Last 6 Months worth of transactions

Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement?



What is your approach to Implementing TRIs?

  • Accept payload with TRI fields – Process all fields
  • Accept payload with TRI fields – Ignore all fields
  • Reject payload with TRI fields – Error back to TPP
  • Accept payload with TRI fields – Process few fields (Provide list of accepted fields)  


SCA-RTS 90-day reauth Implementation

Which date are you planning on implementing the SCA reauthentication exemption?


We implemented this on 14/11/2022.

See the below for reference.

What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance)


  • As part of v3.1.10 Implementation, Vanquis will introduce a long lived refresh token of 60 years.

  • Consent will not be expire and if the consent is revoked then need to create new consent.

  • AIS consents created after implementation of v3.1.10 will no longer require re-authentication every 90 days. The new rules in place will ask for customer reconfirmation with the AISP not ASPSP.

  • Consents issued and authorised before v3.1.10 implementation will remain valid for 90 days.

  • There are no changes to Vanquis current implementation of Access Tokens. Third parties should continue to pass OAuth credentials in a Get Access Token call.  In response, the Vanquis authorisation server issues an access token, reuse the access token until it expires. When it expires, you can get a new token.

Article 10A - Endpoints exempt of SCA-RTS

  • Accounts
  • Transactions (90days)
  • Balances
  • Standing orders
  • Direct debits
  • Beneficiaries
  • Products
  • Offers
  • Parties
  • Scheduled Payments
  • Statements


Article 10A - Endpoints not exempt of SCA-RTS

  • Transactions (more than 90days)
  • Standing orders
  • Direct debits
  • Beneficiaries
  • Products
  • Offers
  • Parties
  • Scheduled Payments
  • Statements


Article 10A - Maximum time period after authentication


Please specify the time period in minutes

SCA-RTS implementation status (updated by OBL PS team only)

IMPLEMENTED


Security Profile

-Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • OB Security Profile (Legacy)
  • FAPI (ID2)
  • FAPI 1 Advanced
  • Other (Please define) 


Security Profile - Next Planned Version Implementation Date



CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • None
  • CIBA
  • CIBA FAPI Profile


CIBA Profile - Next Planned Version Implementation Date



Security Profile Certification date?

 05/12/2019

https://openid.net/certification/#FAPI_OPs

Token Endpoint Authentication Methods Supported

  • client_secret_post
  • client_secret_basic
  • client_secret_jwt
  • tls_client_auth
  • Private_key_jwt


Planned date to Cease support for client id and client secret token endpoint authentication

n/a


POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)

  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 


Customer Journey

-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)?

(tick all that apply)

  • Already Implemented
  • Planning to implement or upgrade
  • Not planning to implement CEG


Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8
  • V3.1.9
  • V3.1.10
  • V3.1.11
  • V4.0
  • V4.0.1


Which date are you planning to implement your latest CEG version?



Redirection Model

  • App to App redirection
  • Decoupled authentication
  • Embedded Flow
  • Bespoke User Journeys


PSD2

-Which Directory are you using as your Trust Framework?

Open Banking


Are you caching the Directory?

No


Transaction IDs Supported



Are you Seeking Fallback Exemption?

  • Yes
  • No

Exempted. 

Article 10 - Maximum time period after authentication

N/A


Article 10 - Endpoints exempt of SCA

Accounts, Balances, Transactions, Products, Offers, Statements


Major Milestones

Completed

  - Decommissioning of legacy web application 'eVanquis'

 - Migration to internally hosted Test Facility.

 - Implementation of eIDAS certificates.

  - SCA Implementation on Web Channel for Open Banking 

  - Payment Initiation APIs implemented (Money Transfer)

  - Payment Initiation APIs implemented (Balance Transfer)

  - Implemented Open Banking Version 3.1.10.


Brand(s)



ASPSP Dev Portal and Contact Details

Location of Well Known Endpoints

OB Technical Directory and OB ASPSP Implementation Guide

Implementation Guide: Vanquis Bank

Modified Customer Interface URL (if applicable)



Dev Portal URL

https://www.vanquis.co.uk/developer-portal


Test Facility URL



Brand Landing Pages URL


[You can use this space to explain your guidance on using Brand logos]

ASPSP Support Desk Email or Phone Number

(including queries about consent success rates) 

openbankingsupport@vanquisbank.co.uk


Key Implementations

High Cost Credit

Vanquis_Bank - HCC.xlsx


Vanquis_Bank - HCC.xlsx