Sainsburys Bank PLC.
Adam Pretlove (Unlicensed)
Praveen Ponnumony
Tracey Hoskins (Unlicensed)
This Section applies to ASPSPs that have implemented OB Standards
| -Have you Implemented OB Standards? |
| |
|---|---|---|
| Open Data - Which version have you Implemented? |
| |
Read/Write API Specification Implemented or planning to implement (Lowest version = Current, Highest version = Planned) |
| |
| Read/Write API - Which date are you planning to implement your latest version? | ||
Have you implemented v4.0 information flows, if not date planned to Implement? |
| |
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| |
| DCR - Which date are you planning to implement your latest version? | ||
Have you implemented Trusted beneficiaries, if not date planned to Implement? |
| |
Have you implemented Reverse Payments, if not date planned to Implement? |
| |
Have you implemented ECA Standard? |
| |
ECA Implementation details | Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide your status with respect to the Standard] | |
Have you implemented Bulk/File Payments? |
| |
Have you implemented VRP – Sweeping, if not date planned to Implement? |
| |
Have you implemented VRP non-Sweeping, if not date planned to Implement? |
| Contact: [enter contact details for the relevant person(s) at your organisation] [You can use this space to provide implementation details relevant to VRP] |
| PISP - Single Payment Limit | £ | |
| PISP - Daily Payment Limit | £ | |
| How many months of transaction do you provide? | ||
| Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement? | ||
| What is your approach to Implementing TRIs? |
|
Which date are you planning on implementing the SCA reauthentication exemption? | 18th October 2022 | |
|---|---|---|
What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance) | We are setting the refresh token to never expire but we still need to rotate, as certs will only be issued for 2 years. This means that as long as TPP gets data from us at least every couple of years the customer will never be prompted for an SCA again. | Example approach: [Please use this space to provide more details on your approach] |
| Article 10A - Endpoints exempt of SCA-RTS |
| |
| Article 10A - Endpoints not exempt of SCA-RTS |
| |
| Article 10A - Maximum time period after authentication | Please specify the time period in minutes | |
| SCA-RTS implementation status (updated by OBL PS team only) | IMPLEMENTED | Planned / In-progress / Implemented / TBC |
-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| |
|---|---|---|
| Security Profile - Next Planned Version Implementation Date | ||
| CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned) |
| |
| CIBA Profile - Next Planned Version Implementation Date | ||
| Security Profile Certification date? | ||
| Token Endpoint Authentication Methods Supported |
| |
| Planned date to Cease support for client id and client secret token endpoint authentication | ||
| POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) |
|
-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)? (tick all that apply) |
| Sainsbury’s Bank (SB) will implement all Customer Experience Guidelines that apply to SB with one exception. Question #14 of the Customer Experience Guidelines Checklist (section 6 of https://www.openbanking.org.uk/wp-content/uploads/Customer-Experience-Guidelines-V1-2.pdf) asks:
All mandatory fields specified in API are returned. However, some fields – e.g. name, address – are not mandatory in API, and are not returned via API. Name and address are shown via statement channel, therefore "all account info made available” via the statement channel is NOT available via API. If Question #14 were reworded to specify only the mandatory API fields, then SB’s response would be “Yes”. Some other elements will not be implemented until |
|---|---|---|
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| |
| Which date are you planning to implement your latest CEG version? | TBC | |
| Redirection Model |
|
| -Which Directory are you using as your Trust Framework? | Open Banking | |
|---|---|---|
| Are you caching the Directory? | Yes | For one hour |
| Transaction IDs Supported | Sainsburys Bank provide a Unique, Immutable TransactionID from their core system | |
Are you Seeking Fallback Exemption? |
| |
| Article 10 - Maximum time period after authentication | 10 minutes | |
| Article 10 - Endpoints exempt of SCA | GET /Accounts GET /accounts/{AccountId} GET /accounts/{AccountId}/balances GET /accounts/{AccountId}/transactions Access to accounts endpoints allows retrieval of the AccountId to call balance and transaction endpoints | |
| Major Milestones | Live (non SCA) Live (including SCA) December 2019 | |
| Brand(s) |
Location of Well Known Endpoints | OBIE Sandbox Directory - Defined in the Auth Server, also defined in the Implementation guide OBIE Production Directory - Defined in the Auth Server, also defined in the Implementation guide | |
|---|---|---|
Modified Customer Interface URL (if applicable) | ||
| Dev Portal URL | developer.sainsburysbank.co.uk | |
| Test Facility URL | ||
| Brand Landing Pages URL | [You can use this space to explain your guidance on using Brand logos] | |
ASPSP Support Desk Email or Phone Number (including queries about consent success rates) | openbanking@sainsburysbank.co.uk |
High Cost Credit | N/A |
|---|