itb-au logo
Story image

Ping Identity empowers open banking adoption with additions to CDR sandbox

Ping Identity has released a new Consumer Data Right (CDR) sandbox environment to further enable open banking adoption in Australia.

Under CDR rules, financial institutions must provide customers with greater access and control of their data. The aim is to make it easier for consumers to switch between products and services, and to encourage more innovation and competition amongst service providers.

Announced in June, Ping Identity’s sandbox is a DevOps-driven environment that can be deployed in a short period of time. It now includes the major technical and user experience requirements of the latest CDR specifications, versions 1.3.1 and 1.4.

According to a statement from the company, this highlights Ping Identity’s focus to lead the Australian CDR landscape, implementing updated capabilities to meet new compliance requirements as quickly as possible for customers.

The new CDR versions establish the groundwork for concurrent consent, which enables a data holder to simultaneously have multiple data sharing arrangements with an individual customer.

Previously, consumers had one consent record which needed to be overwritten if another arrangement was made.

In addition, the Pushed Authorisation Request (PAR) draft standard to the specification enables data recipients to confidentially update an existing arrangement via an API call.

Version 1.4 of the CDR specification also adds the ability for data holders to display joint accounts during the authorisation step of the data sharing flow.

The previous version only showed accounts where the individual user had sole ownership, which could be confusing to the consumer, Ping Identity states.

More specifically, additional new features of the Ping Identity sandbox environment include: added support for PAR and PAR validation requirements; added support for the cdr_arrangement_id; updated OpenID Connect Metadata description; updated Introspection Endpoint to include the CDR Arrangement ID claim; added sample Kubernetes deployment; and enhanced Postman testing harness.

Ping Identity chief technology officer for APAC says, “As the CDR evolves, Ping Identity will continue to be at the forefront of the changing specification. We are delighted to be the first company to provide a sandbox aligned to the 1.4 specification.

"The magnitude of the changes to this version of the sandbox highlights the significant effort involved in staying abreast of updates to the CDR.”

For tier one banks and large financial institutions, CDR-compliant data sharing was previously required to be in place by July 1, 2020.

However, due to the pressures caused by the COVID-19 pandemic, tier two banks and smaller firms have been granted an extension until July 2021, Ping Identity states.