Ping Identity, the Intelligent Identity solution for the enterprise, today announced an industry-leading update to its Australian Consumer Data Right (CDR) sandbox environment enabling banks and fintech companies to further accelerate their CDR compliance efforts.
Under CDR rules, financial institutions must provide customers with greater access and control of their data. The aim is to make it easier for consumers to switch between products and services, and to encourage more innovation and competition amongst service providers.
Announced in June, Ping Identity’s sandbox is a DevOps-driven environment that can be deployed in minutes. It now includes the major technical and user experience requirements of the latest CDR specifications, versions 1.3.1 and 1.4, and highlights Ping Identity’s focus to lead the Australian CDR landscape, implementing updated capabilities to meet new compliance requirements as quickly as possible for customers.
The new CDR versions establish the groundwork for concurrent consent, which enables a data holder to simultaneously have multiple data-sharing arrangements with an individual customer. Previously, consumers had one consent record which needed to be overwritten if another arrangement was made.
Further, the addition of the Pushed Authorization Request (PAR) draft standard to the specification enables data recipients to confidentially update an existing arrangement via an API call.
Version 1.4 of the CDR specification also adds the ability for data holders to display joint accounts during the authorization step of the data sharing flow. The previous version only showed accounts where the individual user had sole ownership, which could be confusing to the consumer.
Additional new features of the Ping Identity sandbox environment include:
- Added support for PAR and PAR validation requirements
- Added support for the cdr_arrangement_id
- Updated OpenID Connect Metadata description
- Updated Introspection Endpoint to include the CDR Arrangement ID claim
- Added sample Kubernetes deployment
- Enhanced Postman testing harness
Mark Perry, APAC Chief Technology Officer, Ping Identity, said, “As the CDR evolves, Ping Identity will continue to be at the forefront of the changing specification. We are delighted to be the first company to provide a sandbox aligned to the 1.4 specifications. The magnitude of the changes to this version of the sandbox highlights the significant effort involved in staying abreast of updates to the CDR.“
For tier one banks and large financial institutions, CDR-compliant data sharing was previously required to be in place by July 1, 2020. However, due to the pressures caused by the COVID-19 pandemic, tier-two banks, and smaller firms have been granted an extension until July 2021.