CDR Compliance Just Got Faster & Easier

We’re now well into the era of the Consumer Data Right (CDR), Australia’s Open Banking. The four major banks have been sharing their customers’ data using a standard set of APIs with customer consent since July first of this year. And now four accredited data recipients (three fintechs and one regional bank) are as well. 

Ping Identity has been at the forefront of CDR compliance, with several banks using our solution to meet their CDR requirements, including one of the four majors. As we talk with tier 2 and tier 3 banks and larger fintechs, it’s obvious that project teams are racing to meet CDR compliance, battling the changing CDR specifications, their internal processes and environments, and a lack of resources skilled in the nitty-gritty of the CDR.

To address these needs, Ping invested significant resources into fast-tracking a CDR programme with the Ping Identity CDR Sandbox. The sandbox is a FAPI-compliant and fully operational development environment that shows the CDR data sharing use cases end to end, including dynamic client registration, user consent, authentication and authorisation.

Even as comprehensive as it is, however, the sandbox is a pre-production demonstration to be used for testing and education. So our customers have asked how they can plug Ping’s CDR configuration work, as demonstrated in the sandbox, into their existing cloud-ready Ping solutions. We’ve answered with the release of a new integration kit.

The Ping Identity CDR Integration Kit adds “data out” functionality to enable data holders to meet their compliance requirements, as well as a “data in” capability that allows them to perform as data recipients in the CDR ecosystem. Both functions can be implemented independently or together on the same platform.

The CDR integration kit gives banks and others who wish to participate in the CDR regime a pre-configured, supported and production-ready option—which in turn gives them a massive head start in delivering to their CDR timeline. The integration kit encapsulates everything Ping has learned from its CDR implementations to date and will be updated as the specifications change, which we know they will.

I’ve heard it said that becoming a data holder is a “compliance” play—something that must be done. Conversely, becoming an accredited data recipient is a “compete” play—it enables an organisation to deliver new services and offers to their customers, to drive new revenue and increase customer retention. The “data in” capability of the CDR integration kit allows Ping customers to deliver the InfoSec aspects of their data recipient implementations and allocate more time and resources to delivering business value. And as the integration kit is developed and maintained by Ping, our customers have the reassurance that there’s one point of contact for support and upgrades.

The components and configuration items contained in Ping’s CDR integration kit dramatically reduce the skill set required by our customers to deploy a solution that meets the CDR InfoSec requirements, removing a huge roadblock for those who don’t have a large or skilled identity management team. And for those architects and implementers who have wrestled with the complexity of the CDR InfoSec specification and now have to meet additional requirements like concurrent consent, the kit gives them a way to move to a vendor-supported solution with minimal fuss.

We’re excited to make CDR compliance faster and easier for Australian banks and fintechs. The pre-configured nature of our CDR integration kit simplifies the effort needed to implement to the specification by using the market-leading Ping Intelligent Identity platform while allowing organisations to extend beyond CDR in the future. For programme directors and project teams feeling the pressure to meet CDR compliance, our CDR integration kit might be just the thing they’ll be excited to see under their Christmas trees!

Ready to get on the fast track to CDR compliance? Access the sandbox.

To learn more about CDR, visit pingidentity.com.