Nationwide Building Society

OB Standards

Implement Open Data v2.2	Live
Implement Read/Write API Specification v3.1	14 Jun 2019
Implement Customer Experience Guidelines v1.1	Mobile 14 Mar 2019 Browser 14 Jun 2019
Implement App-to-App Redirection	14 Mar 2019
Implement OB Security Profile Implementer's Draft v1.1.2	19 Feb 2019
Implement FAPI Profile Implementers Draft 2
Implement CIBA Profile Implementers Draft 1	N/A
Implement Dynamic Client Registration v1.1	Live
Implement Dynamic Client Registration v3.1	14 Jun 2019
Decommission Read/Write API Specification v1.x/2.x	AIS v1.1 October 2019	Planning to decommission v1 APIs in early October once TPPs have completed migration.
Decommission OB Security Profile Implementer's Draft v1.x	Complete
Article 10 SCA Exemption (for 90 days)		Resources covered (delete as appropriate): Transactions & Statements

Method of Identification

Commence support for eIDAS QWAC certificates		Planning to support from November 2019
Commence support for eIDAS QSEAL certificates		Planning to support from November 2019
Commence support for OBIE QWAC-like certificates	14 Sep 2019
Commence support for OBIE QSEAL-like certificates	14 Sep 2019
Cease support for OBIE non eIDAS-like certificates for transport
Cease support for OBIE non eIDAS-like certificates for signing
Support for MTLS token endpoint authentication		14 Sep 2019 TBC
Support for private_key_jwt token endpoint authentication		14 Sep 2019 TBC
Cease support for client id and client secret token endpoint authentication	14 Sep 2019

Implementation

Directory?	Open Banking
Location of Well Known Endpoints?	OB Technical Directory
API Standard Implemented?	Open Banking
Name of Account Holder Implementation Date?	14 June 2019 (single account holder) November 2019 (multiples account holders)
Supported identification method?	Current view is OBWAC/OBSEAL via agency arrangement Client Secret until Sep 2019, then MTLS as the token auth method
Major Milestones	V3.1 14 June 2019 Offers endpoint target date 14 Sep 2019	(Inc Other Products, API Updates, API Deprecations, etc)
FAPI Compliant?	No
CIBA	No
Using Open Banking as your eIDAS Trust Framework?	Yes
Are you caching the Directory?	Yes
Transaction IDs	March 2019 - Option 1 Supported	ASPSPs provide a Unique, Immutable TransactionID from their core system

Customer Journey

Implementing Customer Experience Guidelines?	Yes
Implementing Bespoke User Journeys?	No
Implementing App to App?	Yes
App to App Implementation Date?	End March 2019
Options on 90 day re-authentication?	OBIE Standard until 13 September, then in line with A10 SCA RTS.
Support Embedded Flow?	No

PSD2

Dispute Management System?	Yes
FCA Adjustment Period - Maintaining Screen Scraping?
Seeking Fallback Exemption?	12 Jul 2019 - Granted Exemption
Adjusted or Fallback Interface?	None at present
Adjusted or Fallback URL?
Contact Email or Phone Number?	NationwideOpenBanking@nationwide.co.uk
Dev Portal URL?	www.nationwidedeveloper.co.uk
Test Facility Implementation Date?	13 Mar 2019
Production Interface Implementation Date?	13 Mar 2019
Authentication Method - Open Banking Channel (Browser)?	Redirect auth using SCA method that aligns with digital channels.
Authentication Method - Open Banking Channel (APP)?	App to App auth using SCA method that aligns with digital channels.
Authentication Method - Private Channel (Browser)?	As they stand today with further auth methods that may be delivered in the future
Authentication Method - Private Channel (APP)?	As they stand today with further auth methods that may be delivered in the future
Authentication Method Implementation Date (Open Banking Channel)?	Methods detailed are currently live in production
Authentication Method Implementation Date (Private Channel)?	Methods detailed are currently live in production
SCA Implementation Date?	14 Sep 2019 TBC
SCA Scope? (will it inhibit non PSD2 accounts)	SCA will be delivered to cover the requirements of Reg 100 PSRs