Ping Identity launches Consumer Data Right integration kit to support banking and fintech compliance
Ping Identity, the intelligent identity solution for the enterprise, today announced the launch of a Consumer Data Right Integration Kit enabling Australian banks and fintech company data holders to rapidly align with CDR regulatory requirements while also simplifying data recipient functionality.
Under CDR rules, financial institutions must provide customers with greater access and control of their data. The aim is to make it easier for consumers to switch between products and services, and to encourage more innovation and competition amongst service providers.
For tier one banks, CDR compliance had to be met by July 1 this year. Owing to the pressures caused by the COVID-19 pandemic, Tier two banks and smaller firms have been granted an extension until July 2021.
The Ping Identity CDR Integration Kit, core to the company’s sandbox DevOps-driven environment, contains a set of components and configuration items that when deployed can configure a target environment designed to align to the current CDR specification. It also provides compliance to the specific FAPI CDR profile and is packaged to integrate with bank APIs. In addition, it targets the need for Data Recipients and Data Holders to fast-track their time to market for CDR compliance and reduces the need for dedicated in-house resources to configure a CDR solution for both use cases, now and into the future, as the CDR specification is updated. Since January 2020, the CDR specification has been updated five times.
The CDR Integration Kit adds both “Data Out” functionality to enable data holders to comply as well as “Data In” that enables data holders to perform as data recipients and participate in the CDR ecosystem. Both functions can be implemented independently or together on the same platform.
The CDR Integration Kit is separated and delivered alongside the core Ping Identity platform release cycle allowing for the kit to be maintained, updated and released in alignment to the rapidly evolving schedule set down by the ACCC.
“CDR is both a challenge and an opportunity for most organisations,” says Mark Perry, APAC Chief Technology Officer, Ping Identity. “As well as allowing the required data sharing to take place, the real value and competitive advantage will come from being able to use the underlying infrastructure in other areas of the business. Opportunities could include improving the way consumer identity is managed and enabling new services in which secure data sharing is essential.
“The Ping Identity CDR Integration Kit now fast tracks customers achieving CDR conformance as per ACCC specifications. Indeed, CDR-conformant organisations must have a consent model that not only captures and enforces consent in line with current requirements but also meets requirements for concurrent consent. Our kit now enables financial service organisations to have the security measures in place to make CDR possible.”
The CDR Integration Kit includes the following configuration items: Installation and Configuration Guide, CDR Authentication Policies, One Time Password module (supporting both Twillio and PingID MFA), CDR Consent Repository Schema and ACCC Registry MTLS Requirements.
In addition, it includes several key components, including pre-configured Holder of Keys creation and validation, CDR Revocation Endpoint, Secure Storage and retrieval of Data Holder Refresh Tokens and Abstracted token management APIs for Data Recipients.