Nationwide Building Society
Adam Pretlove (Unlicensed)
Simon Massey
Victoria Lashmar (Deactivated)
This Section applies to ASPSPs that have implemented OB Standards
| -Have you Implemented OB Standards? |
| |
|---|---|---|
| Open Data - Which version have you Implemented? |
| |
Read/Write API Specification Implemented or planning to implement (Lowest version = Current, Highest version = Planned) |
| We are on 3.1.11 and currently working on uplifting to 4.0 |
| Read/Write API - Which date are you planning to implement your latest version? | ||
Have you implemented v4.0 information flows, if not date planned to Implement? |
| Currently targeting March 2025 |
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| |
| DCR - Which date are you planning to implement your latest version? | ||
Have you implemented Trusted beneficiaries, if not date planned to Implement? |
| |
Have you implemented Reverse Payments, if not date planned to Implement? |
| |
Have you implemented ECA Standard? |
| |
ECA Implementation details | ||
Have you implemented Bulk/File Payments? |
| |
Have you implemented VRP – Sweeping, if not date planned to Implement? |
| |
Have you implemented VRP non-Sweeping, if not date planned to Implement? |
| Reviewing potential to offer non-sweeping VRP Contact: nationwideopenbanking@nationwide.co.uk |
| PISP - Single Payment Limit | New Payee - £25,000 Existing Payee - £25,000 Established Payee - £100,000 Low Risk - £100,000 High Risk (i.e Crypto) - £5,000 | |
| PISP - Daily Payment Limit | New Payee - £25,000 Existing Payee - £100,000 Established Payee - £100,000 Low Risk - £100,000 High Risk (i.e Crypto) - £5,000 There is an aggregate payment limit of £100,000 per day from a single account | |
| How many months of transaction do you provide? | 15months at initial authorisation, after that it is 90 days with additional data available via our statements API | CC data is limited to 90 days. |
| Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement? | We have plans to but no date confirmed just yet | |
| What is your approach to Implementing TRIs? |
|
Which date are you planning on implementing the SCA reauthentication exemption? | 20th September 2022 | |
|---|---|---|
What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance) | AIS consents created after the implementation of the changes will remain valid until the Consent Expiry Date, if set. They will not normally need to be reauthenticated. Existing AIS consents will require a final reauthentication, at which point they will remain valid until the Consent Expiry Date, if set. No further reauthentication will normally be required. There are scenarios where a reauthentication may be necessary, including but not limited to:
| |
| Article 10A - Endpoints exempt of SCA-RTS |
| |
| Article 10A - Endpoints not exempt of SCA-RTS |
| |
| Article 10A - Maximum time period after authentication | Please specify the time period in minutes | |
| SCA-RTS implementation status (updated by OBL PS team only) | IMPLEMENTED |
-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| Current - FAPI (ID2) |
|---|---|---|
| Security Profile - Next Planned Version Implementation Date | Planning to implement FAPI 1.0 Final on 27th November 2024 | |
| CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned) |
| |
| CIBA Profile - Next Planned Version Implementation Date | Not planned | |
| Security Profile Certification date? | FAPI compliance achieved 23/04/24. Recertification is performed annually. | |
| Token Endpoint Authentication Methods Supported |
| |
| Planned date to Cease support for client id and client secret token endpoint authentication | Support for client_secret basic ceased on 26/5/2021. | |
| POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) |
| Note: Legacy certs will still be accepted for COP participants. |
-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)? (tick all that apply) |
| |
|---|---|---|
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned) |
| We are on 3.1.11 and currently working on uplifting to 4.0 |
| Which date are you planning to implement your latest CEG version? | We are targeting March 2025 to implement V4.0 | |
| Redirection Model |
|
| -Which Directory are you using as your Trust Framework? | Open Banking | |
|---|---|---|
| Are you caching the Directory? | Yes, 24hrs | |
| Transaction IDs Supported | March 2019 - Option 1 Supported | ASPSPs provide a Unique, Immutable TransactionID from their core system |
Are you Seeking Fallback Exemption? |
| |
| Article 10 - Maximum time period after authentication | 1 Hour | When Strong Customer Authentication (SCA) is completed, you will be able to access all account information the customer has agreed they can access during the initial session (1 hour duration). For subsequent requests we will support requests for accounts, balances and for up to 90 days history of transactions data for 90 days following the authentication (provided the customer has allowed access for this period to the TPP) |
| Article 10 - Endpoints exempt of SCA | 14th September 2019
|
|
| Major Milestones | ||
| Brand(s) |
Location of Well Known Endpoints | obonline.developer.nationwide.co.uk | |
|---|---|---|
Modified Customer Interface URL (if applicable) | ||
| Dev Portal URL | https://developer.nationwide.co.uk/ | |
| Test Facility URL | obapi.developer.nationwide.co.uk | |
| Brand Landing Pages URL | https://nationwide.frontify.com | [You can use this space to explain your guidance on using Brand logos] |
ASPSP Support Desk Email or Phone Number (including queries about consent success rates) | NationwideOpenBanking@nationwide.co.uk |
High Cost Credit | Nationwide - HCC.xlsx |
|---|
Known issue |
|---|