Financial services ecosystem takes giant leap towards interoperability and standardization of consumer data sharing with release of new standards and first steps toward a comprehensive conformance and certification program.
RESTON, Va., Dec. 8, 2020 /PRNewswire/ — The Financial Data Exchange (FDX) announced its Fall release this morning which includes a myriad of technical standards and updates to the existing specification that have now been launched into the financial services marketplace, thereby cementing FDX’s position as one of the most comprehensive Open Finance data models in the world today.
“FDX’s Fall release is another milestone and proof point of how FDX continues to deliver on its promise to unify the financial industry around secure, common, interoperable and royalty-free standards for user-permissioned data sharing and Open Finance,” said FDX Managing Director Don Cardinal.
The FDX release includes Version 4.5 of the FDX API, User Experience Guidelines 1.0, FDX’s first user-permissioned data sharing Use Case (Personal Financial Management – PFM), Foundational Requirements for Certification, an industry Taxonomy of Permissioned Data Sharing, Control Considerations, and adoption of Version 3.2 of the FDX Financial-Grade API Security Specification.
“While this release represents many technical components of consumer data sharing and Open Finance, the end result is a more robust, secure and transparent way forward for consumers to understand, leverage, and benefit from their own financial data and improve their financial lives,” added Cardinal.
The components of the FDX Fall release include:
- FDX API v4.5 – This latest version of FDX API includes new features that improve account number security via an optional use of tokenized data for payments and improves the data quality for use cases such as lending via expanded account holder information fields.
- User Experience (UX) Guidelines v1.0 – This first iteration of the FDX UX Guidelines provide implementers of the FDX API with clear direction for designing permissioning processes for end-users to grant consent to access their financial data. Based in extensive user research and drawing on the collective expertise of our members, the documentation describes the concepts of financial data sharing, data flow, and data clusters, followed by specific guidelines to ensure that the data sharing user experience will increasingly be a consistent, familiar, and friction-free process.
- Personal Financial Management (PFM) Use Case – Developed after months of consultation among FDX members, this first FDX defined use case provides end-users with access to data they need to manage their personal finances while ensuring data minimization so that only necessary data is shared. Specifically, the PFM Use Case defines the minimum required data elements consumers must share to power Personal Financial Management apps and services without sharing additional unneeded financial data. FDX plans to approve and certify additional use cases in the future such as credit management and servicing, account verification and tax preparation.
- Taxonomy of Permissioned Data Sharing – FDX is providing this set of common data sharing terminology to align industry stakeholders and help regulators and policymakers better understand and define the various roles and perspectives within the user-permissioned financial data ecosystem. The Taxonomy also includes comparison of similar terminology defined by regulators, policymakers, and other financial services industry bodies.
- FDX Financial-Grade API Security Specification v3.2 – Adopted from globally recognized FAPI v1 standard from OpenID Foundation, this Security Specification aims to provide specific implementation guidelines for online financial services to adopt by developing a REST/JSON data model protected by a highly secured OAuth profile.
- Control Considerations v3.2 – This documentation represents a reference architecture addressing security, and fraud concerns in user-permissioned financial data exchange between financial institutions (data providers), data aggregators (data access platforms), and fintech applications and services (data recipients). This reference architecture will better align security, risk, cost, fraud, and user-experience with consumer expectations to be able to view and manage all their financial relationships in one convenient location. Specifically, version 3.2 includes guidelines for application-level encryption in data transmission, and updated references to FIDO 2.0 – a design pattern for direct authentication of end-user via mechanisms such as biometrics.
- Foundational Requirements v1.0 – The document covers operational quality requirements that data providers must meet to apply for a FDX use case certification. The document covers availability, performance, and security requirements, and is part of a series of certification documents that will outline the FDX certification requirements.
All FDX releases originate with work by FDX’s global array of members from across the financial industry spectrum in FDX’s Committees, Working Groups and Task Forces to arrive at technical standards for the entire financial services industry. Today’s release was approved by the FDX Board of Directors in September and completed satisfaction of a 60-day objection period last week.
“The standards, products and updates contained in today’s release represent the best of financial industry collaboration and offer critical guidance and industry-led standardization that will deliver a more consumer-centric, secure and transparent Open Finance data sharing experience for consumers,” said Dinesh Katyal, FDX’s Director of Product.
About Financial Data Exchange
Financial Data Exchange, LLC (FDX) is an international, nonprofit organization operating in the US and Canada that is dedicated to unifying the financial industry around a common, interoperable, royalty-free standard for the secure access of permissioned consumer and business financial data, aptly named the FDX Application Programming Interface (FDX API). FDX members include financial data providers (i.e. financial institutions), data recipients (i.e. third-party financial technology companies or fintechs), data access platforms (i.e. data aggregators and ecosystem utilities), consumer groups, financial industry groups and other permissioned parties in the user-permissioned financial data ecosystem. FDX is an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC). For more information and to join, please visit financialdataexchange.org.