Purpose
This page provides a high level overview of the scope of changes that have been included in v2.1 of the Account Information and Payments Initiation API. This is not intended to be a full change log (these can be found on the respective specification pages), rather it is to be read as It provides a non-technical explainer of the changes made and included in this version of the standard.
Note that included in each respective page of the standardsthe the v2.1 specifications is a full change log that describes all technical changes made to the specification.
High level scope
This version of the standards is intended to include:
Credit card accounts in the Account Information API
Clearer definition of range BECS identifiable accounts in scope of Account Information API
Clarifications and errata fixes in Payments Initiation API
Description of standard
The v2.1 Standard originated just prior to the publication of the v2.0 Standard, when Standards Users, Community Contributors and industry stakeholders were consulted on what the market would like to see developed in the ‘pipeline’ of future standards.
...
There were no substantive or functional changes to either the NZ Banking Data API or the Payments Initiation API for this minor release.
Payments Initiation
No substantive or functional changes for this iteration of the standards, however there have been a number of updates to fix errata and provide clarifications to the specification.
Account Information
In scope accounts
The definition of in-scope accounts for v2.1 has been changed to provided greater clarity and surety for a Third Party looking to consume the Account Information API resources. Below is a table providing a comparison between v2.0 and the newly agreed scope of accounts to be included in v2.1. Importantly, this new scope allows for all existing Account Information API functions to accessed on a far broader range of accounts including Credit Card accounts.
Version 2.0.0 | Version 2.1.0 |
In scope | In scope |
The Account Information API provides the ability for Third Parties to access a Customer's account information for NZ Bank accounts. While this version of the API specification only allows access to NZ BECS identifiable accounts, the API specification is silent on what account types must be accessible. | The Account Information API provides the ability for Third Parties to access a Customer's account information for NZ bank accounts. This version of the API specification allows a Third Party to access NZ BECS identifiable accounts and credit card accounts:
The minimum API Provider NZ BECS identifiable and credit card account product types (covering both business and personal accounts) that are in scope of the Account Information API are:
|
Out of scope – No change to the out of scope areas between v2.0 to v2.1 of the Account Information API | |
This specification does not cater for:
|
Credit card number masking
The working groups expended significant effort to consider how the Standard can remain PCI DSS compliant when it adds in credit card account types. The approach taken with the Standard is to require API Providers to ensure PCI DSS compliant practices, and to require API Providers to display card identifiers in the same way as they currently do in their own online channels (i.e. instead of prescribing a card identifier approach and format).
...