- Created by Adam Pretlove (Unlicensed) , last modified on Dec 02, 2019
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 2 Next »
| Implement Open Data v2.2 | October 2019 | ||
|---|---|---|---|
| Implement Read/Write API Specification v3.1 | October 2019 | ||
| Implement Customer Experience Guidelines v1.1 | October 2019 | ||
| Implement App-to-App Redirection | N/A | ||
| Implement OB Security Profile Implementer's Draft v1.1.2 | N/A | - Our assumption is that the conformance side of security profile was replaced with the FAPI conformance. | |
| Implement FAPI Profile Implementers Draft 2 | October 2019 | ||
| Implement CIBA Profile Implementers Draft 1 | N/A | ||
| Implement Dynamic Client Registration v1.1 | October 2019 | ||
| Implement Dynamic Client Registration v3.1 | Due in 2020 | ||
| Decommission Read/Write API Specification v1.x/2.x | N/A | ||
| Decommission OB Security Profile Implementer's Draft v1.x | N/A |
| Commence support for eIDAS QWAC certificates | ||
|---|---|---|
| Commence support for eIDAS QSEAL certificates | ||
Commence support for OBIE QWAC-like certificates | ||
| Commence support for OBIE QSEAL-like certificates | ||
| Cease support for OBIE non eIDAS-like certificates for transport | ||
| Cease support for OBIE non eIDAS-like certificates for signing | ||
| Support for MTLS token endpoint authentication | ||
| Support for private_key_jwt token endpoint authentication | ||
| Cease support for client id and client secret token endpoint authentication |
Directory? | Open Banking | |
|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | OB directory/dev portal and OB DevZOne pages |
API Standard Implemented? | Open Banking | |
Name of Account Holder Implementation Date? | Live (See Notes) | We are already returning Account name as per the definition in 3.1.1 as that is what is being displayed in our own channels. |
| Supported identification method? | OBIE certificates eIDAS | Previously with OBIE certificates the identification method was tls_client_auth (i.e. the certificate was the identification). Now, with eIDAS certificates, during DCR we require the identification method is private_key_jwt (i.e. a TPP provides a JWT signed with a ‘seal’ certificate). |
Major Milestones | V1.1 deprecation | |
| Security Profile? | Open Banking | |
| Security Profile Certification? | No | We are conformant against the OB standards and the errors that are viewed in the logs are outside of the requirements |
CIBA | No | |
| Using Open Banking as your eIDAS Trust Framework? | Yes | |
| Are you caching the Directory? | No | Directory Caching will be delivered by 24 February 2020 as part of PSD2 onboarding |
| Transaction IDs | Yes - August 2019 | Transaction id's are provided against each booked transaction that are returned on the transactions endpoint |
Implementing Customer Experience Guidelines? | Yes | |
|---|---|---|
Implementing Bespoke User Journeys? | N/A for RBSI/NWI Corporate | |
| Yes | ||
| App to App Implementation Date? | N/A for RBSI/NWI Corporate | |
Options on 90 day re-authentication? | Yes | For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away. |
Support Embedded Flow? | No |
Dispute Management System? | Yes | As per manual implementation. System implementation in line with OBIE implementation dates |
|---|---|---|
| FCA Adjustment Period - Maintaining Screen Scraping? | FDATA Whitelisted | FDATA to 13 Match 2020 |
Seeking Fallback Exemption? | Yes | RBS will be applying for all Brands under CMA order and against additional franchises and brands including RBSI, UBROI |
Adjusted or Fallback Interface? | No | |
| Adjusted or Fallback URL? | N/A | |
| Contact Email or Phone Number? | ||
| Dev Portal URL? | https://www.bankofapis.com/ | |
Test Facility Implementation Date? | ||
| Production Interface Implementation Date? | ||
| Contingency Measures | ||
| Article 10 - Maximum time period after authentication? | N/A | RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10 |
| Article 10 - Endpoints exempt of SCA | N/A | RBSG are adopting Article 10 Exemption for 90 day reauthentication, no further restrictions are being applied under Article 10 |
Authentication Method - Open Banking Channel (Browser)? | Redirect | Customer Identification Number + Partial password + Partial pin |
Authentication Method - Open Banking Channel (APP)? | Redirect | App to App Facial or Fingerprint recognition |
Authentication Method - Private Channel (Browser)? | MTLS / private_key_jwt | |
Authentication Method - Private Channel (APP)? | TLS / private_key_jwt | |
Authentication Method Implementation Date (Open Banking Channel)? | Browser - App - See 'App to App Implementation Date?' | |
Authentication Method Implementation Date (Private Channel)? | ||
SCA Implementation Date? | See Calendar Page | |
SCA Scope? (will it inhibit non PSD2 accounts) | See Calendar Page |
Deliveries of these SCA solutions will continue across the rest of 2019 will some delivered in Q1 2020
| Customer Journey stage | Mobile (Direct Channel) | E-banking (Direct Channel) | Bankline (Direct Channel & Open Banking) | eQ (Direct Channel & Open Banking) | Open Banking Browser | Open Banking App to App |
|---|---|---|---|---|---|---|
| Logging in to identify themselves as a customer and gain access to in scope accounts | SCA @ Login Steps: Customers can use biometrics (as per the setup Device binding will run in the background during | SCA @ Login Steps: Customer ID Plus Partial PIN Password Plus Device Profiling | SCA @ Login Steps: | Customer & User IDs Plus Password in full AND two memorable random characters | SCA @ Login Steps: Customer IDs Plus Partial PIN Password AND Device Profiling | SCA @ Login Steps: Customers can use biometrics (as per the setup of their device/customer preference) or passcode Device binding will run in the background |
| Making a payment from in scope accounts | No further SCA required for payments to trusted beneficiaries. SCA via card and reader required for payments | SCA for payments to non-trusted beneficiaries | Further SCA required for Payments using Card and PIN for Challenge and Response | Payments using Card and PIN for Challenge and Response | Step up to One Time | No further SCA required for payment |
| LIVE | LIVE | Q1 2020 | LIVE | November 2020 | LIVE |
High Cost Credit | RBSI Corporate - HCC.xlsx |
|---|
Waiver 7 Implementation Date | TBC |
|---|
- No labels