NAV Navbar

V1.3.0 Release Notes

Release notes for version 1.3.0 of the CDR Standards.

High Level Standards

Change Description Link
Updated Principles Amendment to high level principles to include principles for CX and for cross-sector extension Principles
Maintenance Link A link to the standards maintenance GitHub repository has been added to the table of contents General
x-fapi-auth-date Clarification Clarification that the FAPI Read profile defines the format for the x-fapi-auth-date header HTTP Headers

API End Points

Change Description Link
x-cds-client-headers correction The x-cds-client-headers header was missing from the Get Transactions For Account end point. This has been rectified Get Transactions For Account
x-fapi-interaction-id correction The x-fapi-interaction-id header was missing from the Get Customer end point. This has been rectified Get Customer
Product API v3 Introduction of v3 of the Product Reference end points to remove sub tiers, addition of more info and info URL fields, and addition of repayment type and loan purpose fields Get Products
APCA Field Description Clarified the description of the APCA field for the apcaNumber field BankingTransaction
MAX_LIMIT, MIN_LIMIT Descriptions Clarification of descriptions for MAX_LIMIT and MIN_LIMIT enumeration values Product & Account Components

Information Security Profile

Change Description Link
ID Token Encryption Clarification of the non-normative examples for the OpenID Provider Configuration End Point regarding ID Token encryption algorithms InfoSec End Points
Request Object Sample Clarifications of non-normative example for the Request Object Request Object
Client Authentication Sample Addition of non-normative samples for the client authentication section Client Authentication
Concurrent Consent Addition of changes arising from the concurrent consent consultation. This resulted in a number of changes to the Information Security profile General
MTLS RFC The reference to the MTLS normative reference has been updated from the draft to the final standard Normative References

Consumer Experience

Change Description Link
Optional example for ‘Transaction Details’ amended CX Standards defect. An optional example for ‘Transaction Details’ incorrectly referred to ‘BSB, account number’. This optional example has been removed. CX Standards p.14
Use of ‘One Time Password’ CX Standards clarification. Amended to clarify that the use of the term “One Time Password” may be presented alongside an existing term used by a data holder (e.g. Netcode, one time pin etc.). CX Standards p.16
Unavailable accounts in the authorisation flow CX Standards clarification. This clarification has been added to the standard as follows:

Data holders are not permitted to show unavailable joint accounts as joint accounts need to be elected via a joint account management service before they are permitted to appear in the authorisation flow (See CDR Rules: Schedule 3, 4.1(1); 4.2; 4.3(3); and CDR Rule 4.24)
CX Standards p.16
Profile selection step CX Standards, optional addition. To avoid DH non-compliance this guideline has been added as an optional part of an existing CX standard on account selection as follows:

Data holders MAY add a ‘profile selection’ step or equivalent prior to the account selection step if a single identifier provides access to different customer accounts. For example, one customer ID may give access to business customer and individual customer accounts.

The ‘profile selection’ step
SHOULD only be considered if it is an existing customer experience, and SHOULD be as minimal as possible to avoid introducing unwarranted friction (having regard to CDR Rule 4.24).

This item was previously a guideline but was uplifted to be an optional part of the standards as it is not permitted in the authorisation flow unless it is a rule or standard.
CX Standards p.16
CX Principles The CX Guidelines and CX Standards artefacts now include the CX Principles and Outcome Principle 3.
These principles guide standard/guideline development but are not standards themselves.
ABS hyperlink corrected Broken link replaced CX Guidelines p.24
Concurrent consent CX Guideline amended to avoid implying that concurrent consent will support re-authorisation.
Guideline amended to clarify that consumer withdrawal must occur before/in the course of replacing an existing consent.
CX Guidelines p.65
(Added to key decisions table p.3)
CDR Logo in authorisation flow CX Guideline has been removed pending the ACCC making this functionality available. CX Guidelines p.79
Accreditation ID in authorisation flow CX Guideline has been removed pending the ACCC making this functionality available. ACCC is consulting on the sharing of the accreditation ID with DHs on GitHub CX Guidelines p.79
Historical data Screen example changed to ‘may date back to 1st January 2017’ as DH won’t know this detail. CX Guidelines p.83
User-defined tags ADR guideline refers to ‘absence of information about the purpose or use case’. This has been removed as this only relates to DHs CX Guidelines p.93, 95
Status of consent/sharing Guideline changed to clarify nuance of ‘status’ referring to both consent or data sharing CX Guidelines p.95, 108