Versions Compared

Old Version 3

changes.mady.by.user Matthew Bell

Saved on

compared with

New Version Current

changes.mady.by.user Sheri-Lee.Paulse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

This page provides a high level overview of the scope of changes that have been included in v2.1 of the Account Information and Payments Initiation API. This is not intended to be a full change log (these can be found on the respective specification pages), rather it is to be read as It provides a non-technical explainer of the changes made and included in this version of the standard.

Note that included in each respective page of the standardsthe the v2.1 specifications is a full change log that describes all technical changes made to the specification.

High level scope

This version of the standards is intended to include:

  • Credit card accounts in the Account Information API

  • Clearer definition of range BECS identifiable accounts in scope of Account Information API

  • Clarifications and errata fixes in Payments Initiation API

Description of standard

The v2.1 Standard originated just prior to the publication of the v2.0 Standard, when Standards Users, Community Contributors and industry stakeholders were consulted on what the market would like to see developed in the ‘pipeline’ of future standards.

...

There were no substantive or functional changes to either the NZ Banking Data API or the Payments Initiation API for this minor release.

Payments Initiation

No substantive or functional changes for this iteration of the standards, however there have been a number of updates to fix errata and provide clarifications to the specification.

Account Information

In scope accounts

The definition of in-scope accounts for v2.1 has been changed to provided greater clarity and surety for a Third Party looking to consume the Account Information API resources. Below is a table providing a comparison between v2.0 and the newly agreed scope of accounts to be included in v2.1. Importantly, this new scope allows for all existing Account Information API functions to accessed on a far broader range of accounts including Credit Card accounts.

Version 2.0.0

Version 2.1.0

In scope

In scope

The Account Information API provides the ability for Third Parties to access a Customer's account information for NZ Bank accounts. While this version of the API specification only allows access to NZ BECS identifiable accounts, the API specification is silent on what account types must be accessible.

The Account Information API provides the ability for Third Parties to access a Customer's account information for NZ bank accounts. This version of the API specification allows a Third Party to access NZ BECS identifiable accounts and credit card accounts:

  • If a Customer has access to these accounts in their online banking, then these accounts must be made available for access via the Account Information API.

  • An API Provider must define and publish what account types are available for access via the Account Information API in their developer portal.

The minimum API Provider NZ BECS identifiable and credit card account product types (covering both business and personal accounts) that are in scope of the Account Information API are:

  • Transactional accounts. This includes accounts that are sometimes are referred to as: current accounts; cheque accounts; debit card accounts; personal accounts; business accounts; call accounts; etc.

  • Credit card accounts

  • Savings accounts

  • Lending accounts. This includes accounts that are sometimes referred to as: personal loan accounts, fixed rate home loan accounts, floating home loan accounts; floating home loan accounts; business loan accounts; or mortgage offset transactional accounts; etc.

Out of scopeNo change to the out of scope areas between v2.0 to v2.1 of the Account Information API

This specification does not cater for:

  • Write operations (the ability to create) standing orders, direct debits and beneficiaries.

  • Progressive or changing consent - if the consent between the Third Party and Customer changes, then the existing account-access-consent object is deleted and a new account-access-consent is created with the new consent.

  • The ability for a Third Party to pre-specify the list of accounts that are linked with the account-access-consent.

  • Access that requires multiple authorisers.

  • Non-functional requirements and specification of caching and throttling.

Credit card number masking

The working groups expended significant effort to consider how the Standard can remain PCI DSS compliant when it adds in credit card account types. The approach taken with the Standard is to require API Providers to ensure PCI DSS compliant practices, and to require API Providers to display card identifiers in the same way as they currently do in their own online channels (i.e. instead of prescribing a card identifier approach and format).

...