MELBOURNE 10 JUNE 2020 — Ping Identity, the Intelligent Identity solution for the enterprise, today announced the release of its Australian Consumer Data Right (CDR) sandbox environment to allow banks and FinTech companies to jumpstart their CDR compliance efforts.
Under CDR rules, financial institutions must provide customers with greater access and control of their data. The aim is to make it easier for consumers to switch between products and services and to encourage more competition between service providers.
For tier one banks and large financial institutions, CDR-compliant data sharing needs to be in place by July 1. However, because of the pressures caused by the COVID-19 pandemic, tier two banks and smaller firms have been granted an extension until July 2021.
Ping Identity’s CDR sandbox environment builds on its previous successes worldwide in Open Banking, where the company became the provider of the first identity platform to pass all 70 technical security tests with zero warnings.
“This is a significant release for the Australian financial services market,” explains Mark Perry, APAC CTO, Ping Identity, and member of the Data Standards Body, the advisory committee for the CDR. “Our customers have been under a great deal of pressure to make technology purchasing decisions for CDR compliance.
“The CDR sandbox provides a pre-built development environment to get started quickly without the cost of custom development. It allows banks and FinTechs to focus on their core business — working with customer data via the CDR APIs — and leaves the complex InfoSec and user consent requirements to Ping Identity. The CDR continues to evolve, and Ping Identity will continue to update the sandbox accordingly. As an additional benefit, it is also a flexible platform for future digital transformation that can be used for other identity security projects across the enterprise.”
Sandboxed Testing Environment
Ping Identity’s sandbox is a DevOps-driven environment, built on Ping technology, that can be deployed in minutes and includes the major technical and user experience requirements of the CDR specification version 1.2:
- An implementation of the CDR InfoSec specification, which is based on the Financial-Grade API (FAPI) specification that Ping Identity has contributed to over many years
- A mock ACCC registry, supporting fintech registration and maintenance services
- An implementation of the CDR data sharing APIs, using Biza.io’s DeepThought CDR API implementation
- A sample Data Holder (bank) web application, demonstrating authentication, authorisation, token creation, and user consent
- A sample Data Recipient (fintech) web application, showing the end user experience in creating a data sharing arrangement with a Data Holder, and the display of transaction data based on CDR-compliant API calls to the Data Holder, on behalf of the end user.
CDR is a technical specification developed as a multi-industry open standard by Data61 and the ACCC with industry collaboration. It leverages FAPI, OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, CDR provides various advantages, enabling third-party applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings, without insecure sharing of the user’s banking credentials (screen-scraping).
In the future, the CDR will expand to cover other industries like energy with a similar security model and other industries are likely to follow.
To see the Ping Identity CDR Sandbox, visit https://www.pingidentity.com/en/lp/australian-open-banking.html.
About Ping Identity
Ping Identity is the Intelligent Identity solution for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalised, streamlined user experiences. The Ping Intelligent Identity™ platform provides customers, workforce, and partners with access to cloud, mobile, SaaS and on-premises applications across the hybrid enterprise. Over half of the Fortune 100 choose us for our identity expertise, open standards, and partnerships with companies including Microsoft and Amazon. We provide flexible identity solutions that accelerate digital business initiatives, delight customers, and secure the enterprise through multi-factor authentication, single sign-on, access management, intelligent API security, directory, and data governance capabilities. For more information, visit www.pingidentity.com.