Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 45 Next »

OB Standards
Implement Open Data v2.2N/A
Implement Read/Write API Specification v3.1 Conformance certificates being explored.
Implement Customer Experience Guidelines v1.1 Conformance certificates being explored.
Implement App-to-App RedirectionN/ABrowser based redirection only.
Implement OB Security Profile Implementer's Draft v1.1.2 
Implement FAPI Profile Implementers Draft 2 
Implement CIBA Profile Implementers Draft 1N/A
Implement Dynamic Client Registration v1.1N/A
Implement Dynamic Client Registration v3.1 Conformance certificates being explored.
Decommission Read/Write API Specification v1.x/2.xN/A
Decommission OB Security Profile Implementer's Draft v1.xN/A
Method of Identification
Commence support for eIDAS QWAC certificates

Commence support for eIDAS QSEAL certificates

Commence support for OBIE QWAC-like certificates



Commence support for OBIE QSEAL-like certificates

Cease support for OBIE non eIDAS-like certificates for transportNo PlansWe will continue to accept the OB Certificate at the end of the adjustment period in March provided the TPP has identified itself to OBIE using an eIDAS certificate
Cease support for OBIE non eIDAS-like certificates for signingNo PlansWe will continue to accept the OB Certificate at the end of the adjustment period in March provided the TPP has identified itself to OBIE using an eIDAS certificate
Support for MTLS token endpoint authenticationN/AOnly supporting private_key_jwt
Support for private_key_jwt token endpoint authentication 
Cease support for client id and client secret token endpoint authenticationN/AOnly supporting private_key_jwt
Post Brexit Certificate Implementation
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 
The capability to accept eIDAS certificates is under review and may come into scope at a later date.
Planned Implementation Date to Satisfy FCA's Post Transition

TBC

Scoping and planning in progress
TPP PSU Migration Outcomes Supported

TBC

Scoping and planning in progress
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)

PLANNED


Implementation

Directory?

Open Banking

Location of Well Known Endpoints?

https://matls.rs.aspsp.api-hls.hl.co.uk/auth/oauth2/tpp/.well-known/openid-configuration

API Standard Implemented?

Open Banking v3.1No plans for future versions at this stage

Name of Account Holder Implementation Date?

TBC

Date of Current eIDAS Implementation? 



Current Certificates used for Identification?

OB Transport + ClientID (Private Key JWT)



Current Certificates used for Transport?OB Transport

Current Certificates used for Signing?OB Signing

Date of Future eIDAS Implementation?Q2 2020

Future Certificates used for Identification?QWAC + ClientID (Private Key JWT)

Future Certificates used for Transport?

QWAC



Future Certificates used for Signing?QSEAL

Major Milestones

N/A

(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)


Security Profile?FAPI

Security Profile Certification?NoNew OpenID Foundation cert being explored.

CIBA

N/A

Using Open Banking as your eIDAS Trust Framework?Yes

Are you caching the Directory?No

Transaction IDsOption 1Unique identifier for the transaction used within HL assigned to every transaction




Customer Journey

Implementing Customer Experience Guidelines?

Yes
Current CEG Version?

Next CEG Version?

Next Version Implementation Date

Implementing Bespoke User Journeys?

No

Implementing App to App?

No
App to App Implementation Date?N/A

Options on 90 day re-authentication?

Re-authentication triggered as per the Customer experience guidelines

Support Embedded Flow?

No
PSD2

Dispute Management System?

Being adopted
FCA Adjustment Period - Maintaining Screen Scraping?YesDuring FCA adjustment period

Seeking Fallback Exemption?

YesConfirmed

Adjusted or Fallback Interface?

No
Adjusted or Fallback URL?n/a
Contact Email or Phone Number?openbanking@hl.co.uk
Dev Portal URL?https://www.hl.co.uk/about-us/developer-tools

Test Facility Implementation Date?

  
Production Interface Implementation Date?  
Contingency Measures
Following the FCA Adjustment Period announcement, SCA has not yet been applied on the bank’s primary online channel / customer interface, and access remains available via screen-scraping. As access is still available through the customer interface, no contingency mechanism is required.
Article 10 - Maximum time period after authentication?90 days
Article 10 - Endpoints exempt of SCAAccounts, Balances, Transactions,  Products

Authentication Method - Open Banking Channel (Browser)?

When the PSU’s browser reaches the HL web page for authentication they undergo the same authentication process they would coming to HL page directly, namely two steps consisting of:

  • Identification of the client through validation of a client number and Date of Birth:
  • Authentication of the client through validation of a online password and secure number

When the RTS come in force in September this will be supplemented, in line with direct client log in, with the validation of a One Time Passcode (OTP) that would have been issued to a clients registered telephone number by SMS or Call Back.

Hybrid flow as described within the Security Implementer guide v1.1.2, with redirect via browser

Authentication Method - Open Banking Channel (APP)?

N/A

Authentication Method - Private Channel (Browser)?

When the PSU’s browser reaches the HL web page for authentication they undergo the same authentication process they would coming to HL page directly, namely two steps consisting of:

  • Identification of the client through validation of a client number and Date of Birth:
  • Authentication of the client through validation of a online password and secure number

When the RTS come in force in September this will be supplemented, in line with direct client log in, with the validation of a One Time Passcode (OTP) that would have been issued to a clients registered telephone number by SMS or Call Back.

Hybrid flow as described within the Security Implementer guide v1.1.2, with redirect via browser

Authentication Method - Private Channel (APP)?

TBC

Authentication Method Implementation Date (Open Banking Channel)?

Proposed

Authentication Method Implementation Date (Private Channel)?

Existing

SCA Implementation Date?

 Provisional date depending on developments during the FCA transition period. 

SCA Scope? (will it inhibit non PSD2 accounts)

SCA only offered for PSD2 Account and HLSL clients who are linked to SCA accounts.
Key Implementations

High Cost Credit

Hargreaves - HCC.xlsx

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header

HL do not provide payment initiation services - hence waiver 7 does not apply.


  • No labels