cl-au logo
Story image

Ping Identity releases new offering to help Australian businesses with CDR

Ping Identity has launched a Consumer Data Right (CDR) Integration Kit, with the overall aim of supporting Australian organisations with banking and fintech compliance.

According to the company, the new offering enables Australian banks and fintech company data holders to rapidly align with CDR regulatory requirements while also simplifying data recipient functionality.

Under CDR rules, financial institutions must provide customers with greater access and control of their data.

The aim is to make it easier for consumers to switch between products and services, and to encourage more innovation and competition amongst service providers, Ping Identity states.

For tier one banks, CDR compliance had to be met by July 1 this year. Owing to the pressures caused by the COVID-19 pandemic, Tier two banks and smaller firms have been granted an extension until July 2021.

The Ping Identity CDR Integration Kit, core to the company's sandbox DevOps-driven environment, contains a set of components and configuration items that when deployed can configure a target environment designed to align to the current CDR specification.

It also provides compliance to the specific FAPI CDR profile and is packaged to integrate with bank APIs.

In addition, it targets the need for Data Recipients and Data Holders to fast-track their time to market for CDR compliance and reduces the need for dedicated in-house resources to configure a CDR solution for both use cases, now and into the future, as the CDR specification is updated, according to Ping Identity.

Since January 2020, the CDR specification has been updated five times. The CDR Integration Kit adds both Data Out functionality to enable data holders to comply as well as Data In that enables data holders to perform as data recipients and participate in the CDR ecosystem.

Both functions can be implemented independently or together on the same platform.

More specifically, the CDR Integration Kit includes the following configuration items: Installation and Configuration Guide, CDR Authentication Policies, One Time Password module (supporting both Twillio and PingID MFA), CDR Consent Repository Schema and ACCC Registry MTLS Requirements.

In addition, it includes several key components, including pre-configured Holder of Keys creation and validation, CDR Revocation Endpoint, Secure Storage and retrieval of Data Holder Refresh Tokens and Abstracted token management APIs for Data Recipients.

Ping Identity APAC chief technology officer Mark Perry says, “CDR is both a challenge and an opportunity for most organisations.

"As well as allowing the required data sharing to take place, the real value and competitive advantage will come from being able to use the underlying infrastructure in other areas of the business.

"Opportunities could include improving the way consumer identity is managed and enabling new services in which secure data sharing is essential.”

Perry says, “The Ping Identity CDR Integration Kit now fast tracks customers achieving CDR conformance as per ACCC specifications.

"Indeed, CDR-conformant organisations must have a consent model that not only captures and enforces consent in line with current requirements but also meets requirements for concurrent consent.

"Our kit now enables financial service organisations to have the security measures in place to make CDR possible.”

The CDR Integration Kit is separated and delivered alongside the core Ping Identity platform release cycle, allowing for the kit to be maintained, updated and released in alignment to the evolving schedule set down by the ACCC.

Story image
Increasing profit margins for your online business through better cost management
Organisations can scale operations and increase profitability with discipline and planning, to minimise or avoid disrupting their traditional business, writes Pitney Bowes head of shipping for A/NZ Ben Seal.More
Story image
Video: 10 Minute IT Jams - StorageCraft on the security challenges of 2020
Gerard Burgess discusses the technical and engineering challenges the company faced due to pandemic-related restrictions, the rise in security threats, and how partners and customers can best navigate the new year.More
Story image
Ivanti achieves Leader status in IDC's UEM vendor assessment
It follows Ivanti’s recent acquisition of MobileIron, a provider of mobile-centric UEM solutions. Ivanti senior director of product management Alan Braithwaite says the acquisition may have played a central role in being recognised by IDC.More
Story image
How to maximise business success with a digital supply chain post-COVID
Electronic data interchange (EDI) can play a significant role in retailers’ emergence from COVID-19 and their ability to compete effectively in the future.More
Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
Exabeam appoints sales & channel managers for APJ
Exabeam states that it is seeing ‘significant growth in demand’ for its SIEM solutions, with a total of four new regional hires in the region year to date.More