Implementing Customer Experience Guidelines?
Are you going to implement the Open Banking Customer Experience Guidelines? Please response 'Yes' or 'No'
Current CEG Version?
Enter the current version of the CEG implemented in Production
Next CEG Version?
Enter the next version to be implemented
Next Version Implementation Date
When will the next version of the CEG be implemented
Implementing Bespoke User Journeys?
Are you going to implement bespoke customer journeys? Please respond 'Yes' or 'No'
Implementing App to App?
If you are implementing App to App for PSU authentication, please specify the implementation date, otherwise please respond 'N/A'
App to App Implementation Date?
If you are implementing App to App then please specify the implementation date otherwise please respond 'N/A'
Options on 90 day re-authentication?
Please specify the customer journey for refreshing AISP access
Support Embedded Flow?
Are you supporting embedded flow for authentication? Please respond 'Yes' or 'No'
Directory?
Please specify the Directory your organisation is employing (OBL, Preta, Other)
Location of Well Known Endpoints?
Please specify the location of your 'Well Known Endpoints'. These may be held on the Directory you are employing or or development portal. Please specific 'Directory', 'Dev Portal', 'Other' (specifying)
API Standard Implemented
Please specify the API Standards your organisation has implemented. You may have implemented OBL, Berlin Group, STET or your own bespoke standards. Please specify
Name of Account Holder Implementation Date
Please specify the implementation date for Name of Account Holder
Date of Current eIDAS Implementation?
Enter the date the current eIDAS implementation was deployed into production.
Current Certificates used for Identification?
Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)
Current Certificates used for Transport?
Please specify the certificates or combination of certificates that are required for Transport (OB Transport / OBWAC / QWAC)
Current Certificates used for Signing?
Please specify the certificates or combination of certificates that are required for Signing (OB Signing / OBSEAL / QSEAL)
Date of Future eIDAS Implementation?
Enter the date the future eIDAS implementation will be deployed into production (Q2 2020). If you have no future eIDAS implementation planned over and above your current implementation then please enter 'No future update currently planned'
Future Certificates used for Identification?
Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)
Future Certificates used for Transport?
Please specify the certificates or combination of certificates that are required for Transport (OB Transport / OBWAC / QWAC)
Future Certificates used for Signing?
Please specify the certificates or combination of certificates that are required for Signing (OB Signing / OBSEAL / QSEAL)
Major Milestones
Please specify an other major implementation milestones, version updates, version deprecation, new product releases, etc.
Brand(s)
Please enter the Brand(s) covered by this Transparency Calendar. If your calendar supports multiple brands then please enter a 'comma' separated list.
Security Profile?
Please specify whether you support the Open Banking Security Profile or OIDC. Please respond 'Open Banking', 'FAPI' or 'Other'.
Security Profile Certification?
Please specify whether you have achieved certification with the Security Profile authority. Please respond, 'Yes' or 'No'.
CIBA
Please specify whether you are implementing CIBA for authentication. Please respond 'Yes', 'No' or N/A
Using Open Banking as your eIDAS Trust Framework?
If you are using Open Banking to validate third parties regulator status (eIDAS certificates, PSD2 roles and Passports) on your behalf then please respond 'Yes'.
Are you caching the Directory?
Please specify whether you are caching the the Open Banking Directory. Please responds 'Yes' or 'No'
Transaction IDs
If you are supporting Transaction IDs then please specify 'Option 1', 'Option 2', 'Option 3', or 'Option 4'.
Transaction IDs are conditional in the OBL Read/Write Specification v3.x. There are 4 options for how an ASPSP can treat this field in the API response:
- ASPSPs provide a Unique, Immutable TransactionID from their core system
- ASPSPs generate a Unique TransactionID from a set of Immutable fields
- ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
- ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one
FCA Adjustment Period - Maintaining Screen Scraping?
Please specify whether you are supporting screen scraping during the FCA Adjustment Period. Please respond 'Yes' or 'No'
Seeking Fallback Exemption
Please specify whether you are a seeking exemption with National Competent Authority (NCA) from building a contingency mechanism / fall back. Please respond 'Yes' or 'No'
Adjusted or Fallback Interface
Please specify your plans for building the 'Adjusted Interface' or 'fallback interface' (approach to SCA, etc.). Answer N/A if you do not plan to build one.
Adjusted or Fallback URL?
Please specify your 'Adjusted Interface' or 'fallback interface' URL
Contact Email or Phone Number?
Please specify your organisations Open Banking contact email or phone number.
Dev Portal URL?
Please provide or Dev Portal URL.
Test Facility Implementation Date
Please specify the implementation date of your Test Facility.
Contingency Measures
Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable. This should be a URL to your dev portal or artefact that provides TPPs with the information they require.
Maximum time period after authentication? (Article 10)
Please specify how long the AISP has from the time when they receive the access token (after PSU authentication). This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10. ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)
Please specify the time period. (For example, 1 hour)
Endpoints exempt of SCA under Article 10
Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements
Authentication Method - Open Banking Channel (Browser)?
Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)
Authentication Method - Open Banking Channel (APP)?
Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)
Authentication Method - Private Channel (Browser)?
Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)
Authentication Method - Private Channel (APP)?
Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inheritance (e.g. fingerprint)
Authentication Method Implementation Date (Open Banking Channel)
Please specify the Authentication Method implementation date for the Open Banking Channel (if applicable). Please specify date or 'N/A'
Authentication Method Implementation Date (Private Channel)
Please specify the Authentication Method implementation date for the Private Channel (if applicable). Please specify date or 'N/A'
SCA Implementation Date ?
Please specify the SCA implementation date
SCA Scope?
Please specify the scope of SCA (will it inhibit non PSD2 accounts, such as savings- or mortgage accounts?)