Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks Got It Right
1. INTEGRATION SUMMIT 2019
Open Banking from the Trenches -
How European Banks Got It Right
Vidura Gamini Abhaya
Senior Director - Solutions Architecture
INTEGRATION
3. INTEGRATION SUMMIT 2019
Consumer Data Right (CDR)
● Legislative measure on empowering Australians to
choose to share their data with trusted parties
only for the purpose they have authorised for.
● Open Banking is the application of CDR in the Banking
Sector. It will be followed by Energy and Telco.
● Rolled out subsequently to other industry sectors
4. INTEGRATION SUMMIT 2019
● If you are a Bank
Very aggressive deadlines:
- Big 4 - Test Interface by Jul 2019, Completion by Feb 2020
- Others - Completion by Jul 2020
● If you are in the Energy business or a Telco
● If you work for any other industry
Why it matters to you?
13. INTEGRATION SUMMIT 2019
<Timeline>
● Original PSD2 Deadline Jan 2018
● OBUK V1.0 - June 2017
● Berlin 1.0 - February 2018
● OBUK V2.0 - March 2018
● OBUK V3.0 - September 2018
● OBUK V3.1 - November 2018
● Berlin 1.2 - August 2018
● Berlin 1.3 - November 2018
● External Testing Deadline March 2019
● Final Deadline Sep 2019
Evolution of PSD/2 within Europe
14. INTEGRATION SUMMIT 2019
First Open Banking Implementation
● Mid-sized bank in the UK
● Initial requirement - Compliance by Jan ‘18 deadline
● Compliance achieved with just 2 months of implementation effort
● Currently upgrading to the latest version of OB UK v3.1
15. INTEGRATION SUMMIT 2019
First Open Banking Implementation
● Started off with the minimum
deployment
● Vasco VACMAN controller
integration for SCA - 2nd
factor
● Uses WSO2 products to
integrate internal systems and
to supplement core banking
facilities
17. INTEGRATION SUMMIT 2019
● Working with a partner who’s
white-labelling the solution
● Fully integrated with partner’s
core banking system
● Uses the banks own Identity
Provider
● Uses the TRA module
Subsidiary of CMA9 Bank
18. INTEGRATION SUMMIT 2019
● WSO2 is a Strategic Partner
● Multiple Subsidiaries from different countries
● Each with unique requirements and architecture
● Certain requirements such as security governed globally
● Different spec’s implemented
● Various authentication providers used
● Some reused their existing components
● Smaller entities selected the minimum deployment option
● Larger entities went for deployments that suited their future needs
(i.e. API management beyond OB)
Societe Generale
2nd largest bank in France
19. INTEGRATION SUMMIT 2019
Societe Generale - Subsidiary in Bulgaria
● Started with a PoC using Berlin 1.2 spec - Accounts API with simple SCA
● Currently working on Sandbox compliance on Berlin spec v1.3 and on track to
achieve full compliance by June 2019
20. INTEGRATION SUMMIT 2019
● Integrated to work with
Gemalto for SCA (2nd Factor)
and Fraud Detection
● Reuse existing Integration
layer based on WSO2 EI
● Semi-distributed setup with
API gateways scaled out
● Custom integration flows to
support domestic payment
processing and secure foreign
payments
Societe Generale - Subsidiary in Bulgaria
21. INTEGRATION SUMMIT 2019
Societe Generale - Subsidiary in Germany
● Started with Berlin spec v1.2 mini sandbox implementation
● Have already achieved Sandbox compliance required for March ‘19
● Currently on schedule to complete implementation by August ‘19
22. INTEGRATION SUMMIT 2019
● Federated Authentication to
existing IdP for SCA (1st factor)
● SMS-OTP 2nd factor with WSO2
IAM coordinating SCA flow
● Does API Management beyond
Open Banking
● 2 Layered architecture where
outer layer handles OB APIs,
inner layer handles internal APIs.
● Outer layer communicates with
inner layer
Societe Generale - Subsidiary in Germany
24. INTEGRATION SUMMIT 2019
Key Learnings
will apply to
every industryCDR
DIY vs
Complete
Solution
Building vs Buying
Buy & get there faster
Do not buy just the
Technology (Pay for
the expertise)
BYO
Reuse existing
capabilities you have
Maximise your
existing investmentsComponents
Think
Beyond
Deadlines
Compliance beyond
deadlines
Capabilities not
limited to CDR
Wider use of your
investment
25. INTEGRATION SUMMIT 2019
Our involvement in CDR
● WSO2 is partnering with Data61 (the Technical Standards
Body of CDR) to implement the CDR reference
implementation and conformance test suite
● Reference implementation will first be for OB and then for
other industries
● The first verified reference implementation that you can
achieve compliance with, will be available by July 2019