IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Ping Identity launches new CDR sandbox for Aussie financial sector
Thu, 11th Jun 2020
FYI, this story is more than a year old

Ping Identity has released its Australian Consumer Data Right (CDR) sandbox environment, with the goal to fast track open banking adoption in the country, and allow banks and FinTech companies to accelerate their CDR compliance efforts.

Under CDR rules, financial institutions must provide customers with greater access and control of their data. The aim is to make it easier for consumers to switch between products and services and to encourage more competition between service providers.

For tier one banks and large financial institutions, CDR-compliant data sharing needs to be in place by July 1. However, because of the pressures caused by the COVID-19 pandemic, tier two banks and smaller firms have been granted an extension until July 2021.

The CDR sandbox provides a pre-built development environment to get started without the need for custom development. It allows banks and FinTechs to focus on their core business working with customer data via the CDR APIs and leaves the complex InfoSec and user consent requirements to Ping Identity.

It is a DevOps-driven environment, built on Ping technology, that includes the major technical and user experience requirements of the CDR specification version 1.2.

This includes an implementation of the CDR InfoSec specification, which is based on the Financial-Grade API (FAPI) specification that Ping Identity has contributed to; a mock ACCC registry, supporting fintech registration and maintenance services; and an implementation of the CDR data sharing APIs, using Biza.ios DeepThought CDR API implementation.

It also includes a sample Data Holder (bank) web application, demonstrating authentication, authorisation, token creation, and user consent; and a sample Data Recipient (fintech) web application, showing the end user experience in creating a data sharing arrangement with a Data Holder, and the display of transaction data based on CDR-compliant API calls to the Data Holder, on behalf of the end user.

The CDR continues to evolve, and Ping Identity will continue to update the sandbox accordingly, the company states. As an additional benefit, it is a flexible platform for future digital transformation that can be used for other identity security projects across the enterprise.

The latest offering builds on Ping Identity's previous successes worldwide in Open Banking, where the company became the provider of the first identity platform to pass all 70 technical security tests with zero warnings.

Ping Identity APAC CTO and member of the Data Standards Body, the advisory committee for the CDR, Mark Perry, says, “This is a significant release for the Australian financial services market. Our customers have been under a great deal of pressure to make technology purchasing decisions for CDR compliance.

CDR is a technical specification developed as a multi-industry open standard by Data61 and the ACCC with industry collaboration.

It leverages FAPI, OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security.

For banks specifically, CDR provides various advantages, enabling third-party applications to securely interact with financial accounts, while also enhancing the users ability to control security and privacy settings, without insecure sharing of the users banking credentials (screen-scraping).

In the future, the CDR will expand to cover other industries like energy with a similar security model and other industries are likely to follow, Ping Identity states.