News
 
 

FAQ

 
+ - SUBSCRIPTION AND TESTS
+ - 1. Is joining CBI Globe mandatory or optional for the members of Consorzio CBI?

Joining the cooperative solution of Consorzio CBI is to be intended as optional and therefore not mandatory.

 
+ - 2. What is the on-boarding phase of the participating Intermediaries?

The on-boarding activities relate to the connection of the "core" IT systems of the individual Intermediaries/Service Centers to CBI Globe. Over the next few weeks the technical documentation containing the technical-infrastructural aspects that the Intermediaries will have to make available to connect to CBI Globe will be published. 

 
+ - 3. With regard to the on-boarding phase, which are the activities that are included in the basic offer to support the member Intermediaries/Service Centers?

Consorzio CBI will provide a technical-operational team to support integration activities according to the identified standard. Further details will be present in the technical documentation containing the technical-infrastructural aspects that the Intermediaries will have to make available to connect to CBI Globe.

 
+ - 4. In the case of Intermediaries handled by technological subjects or Service Centers, will the adhesion to CBI Globe be carried out through these subjects?

CBI Globe allows Intermediaries to join directly (connecting their IT systems to the service), or indirectly through their IT providers/service centers. In this case, the base annual fee envisaged by Consorzio CBI's funding model will be paid for a single core information system (e.g. a Service Center corresponds to a single base annual fee if all the banks it establishes are certified on the same information system and therefore they share the same interfaces).

 
+ - 5. Will CBI Globe's base solution allow the participating PSPs in the role of ASPSP to use, for the display of APIs related to competitive services, a Sandbox environment not shared with other participating ASPSPs?

Yes, the basic solution includes a Sandbox module dedicated to TPPs' tests in relation to services developed both in the competitive and cooperative sphere.

 
+ - 6. Is the direct involvement of the ASPSPs expected during the testing phase by the TPPs of the APIs exposed by CBI Globe or will the test data generated directly by the Gateway be used?

CBI Globe provides both possibilities. The first tests performed on the platform will see the use of testing data. The second modality that involves the direct involvement of the ASPSPs is bound to the availability of one or more Banks to make available for this purpose the interfaces present in their test environments.test.

 
+ - 7. What is the timing for the production go live of the CBI Globe service?

The service will enter the testing phase with the opening of the sandbox to the TPPs from 14th March 2019, while it will officially go live on production from 1st June 2019 in view of the entry into force of the RTS on 14th September 2019.

 
+ - 8. Which are the ASPSPs that have already joined CBI Globe?

CBI Globe - Global Open Banking Ecosystem presents itself internationally as a concrete collaborative project between Banks and Fintech for the adaptation to the PSD2. The platform will allow each member to offer innovative, safe and easy-to-use solutions for the benefit of final customers. Precisely because of these characteristics and because of the considerable advantages presented, the response that the banking world is giving to CBI Globe is extremely positive. Indeed, around 300 banks have already joined the platform, representing 80% of the Italian banking industry.

Below there is the continuously uptaded list of the endpoints gathering all the Account Servicing Payment Service Providers (ASPSP) members. Inside the API Portal, which can be accessed only after registering and uploading an eIDAS Certificate - valid for production or test - there is the complete list of ASPSPs that have joined CBI Globe.

 
ENDPOINT MEMBERSABI CODE
Banca 5 S.p.a.3385
Banca Carige S.p.a.3431
Banca Monte dei Paschi di Siena S.p.A.1030
Banca Nazionale del Lavoro S.p.a.1005
Banca Passadore & C. S.p.A.3332
Banca Popolare di Sondrio S.C.p.A.5696
Banco BPM S.p.a.5034
Bper Banca S.p.a.5387
Crèdit Agricole Italia S.p.a.6230
Credito Emiliano S.p.a.3032
Credito Valtellinese S.p.a.5216
Fiditalia S.p.a.19365
Findomestic Banca S.p.a.3115
Iccrea Banca S.p.a.8000
Intesa Sanpaolo S.p.A.3069
Nexi Payments S.p.A.32875
Phoenix  Informatica Bancaria S.p.A. -
Poste Italiane S.p.A.7601
SEC Servizi S.C.p.A. -
UBI Banca S.p.a.3111
Logo CBI Globe
 
+ - CYBER SECURITY AND ACCESSES
+ - 1. Regarding the possible exemptions from the Strong Customer Authentication, will CBI Globe include also a module dedicated to the Transaction Risk Analysis?

Yes, CBI Globe provides a module dedicated to the Transaction Risk Analysis whose data will be possible to be used by the ASPSP also for internal analysis.

 
+ - 2. Which modes of Strong Customer Authentication (embedded, redirect, decoupled) will be adopted as a standard by CBI Globe?

SCA Redirect/OAuth: SCA management mode based on user redirection from the TPP front end to a bank web application on which to perform credential verification and additional authentication factor. After the SCA the bank redirects the control on the TPP front-end, using the appropriate URL provided by the latter.The sharing with the Gateway of the outcome of the verification is managed directly by the Bank, through a dedicated channel that does not involve the TPP;

 

SCA Embedded: SCA management mode based on the acquisition of the parameters required for the SCA directly through the front-end of the TPP, which provides for the transmission of these parameters to the Bank's systems, through dedicated APIs. This case requires that the outcome be immediately available to the Gateway through the content of the API responses;
 
SCA Decoupled: SCA management mode based on the activation of a Bank's proprietary channel (e.g. Mobile App via push notification), through which the SCA can be carried out. The Bank's systems therefore directly detect the client's will to receive the transaction through their channel, proceeding with the sharing of this outcome directly with the Gateway that can proceed with the transaction.

 
+ - 3. Will the modules for the SCA and the TRA provided by CBI Globe be used within the CBI Globe alone, i.e. in "stand alone" mode to be integrated/used in the applications provided directly to customers?

The SCA and TRA modules provided by CBI Globe are exploitable only within the solution of Consorzio CBI (both for the "core" PSD2 services and for the future VAS services). However, the data provided by the TRA may be used by the participating ASPSP to enrich its internal information.

 
+ - 4. Does the counting of the accesses by TPPs fall within the implemented functionalities?

Yes, in detail, after the 4th "unattended" call, a block to the TPP calls is expected from Consorzio CBI.

 
+ - FUNCTIONALITIES
+ - 1. Will it be possible to monitor individual calls and have reports available to individual Intermediaries through CBI Globe?

Yes, CBI Globe provides a module dedicated to monitoring the operations performed. Intermediaries will be able to use, with a periodicity to be defined at a collaborative level, details on their operations through CBI Globe.

 
+ - 2. Does CBI Globe provide an API Portal and a Sandbox? Will it also be possible to develop APIs in both competitive and cooperative areas?

The solution provides the mentioned modules (API Portal and Sandbox). It is also envisaged the possibilty to develop value added services (VAS) in both cooperative and competitive areas.

 
+ - 3. Will CBI Globe's base solution allow the participating PSPs in the role of ASPSP to use, for the display of APIs related to competitive services, a Sandbox environment not shared with other ASPSP members?

Yes, the basic solution includes a Sandbox module dedicated to TPP tests in relation to services developed both in the competitive and collaborative sphere.

 
+ - 4. Can some modules offered by CBI Globe (e.g. TRA, anti-fraud system, SCA) be unused by an ASPSP member?

Yes, CBI Globe allows individual direct members to decide whether or not to use some modules offered by the platform (e.g. TRA, anti-fraud, SCA). The TRA will always be performed by the Gateway, with the possibility of the Bank to override the result.

 
+ - 5. CBI Globe provides a module dedicated to the centralized monitoring of the APIs managed by the solution. Is the possibility for ASPSP to periodically view the statistics relating to the APIs addressed to them envisaged?

CBI Globe provides a centralized monitoring module that will allow the ASPSPs to receive periodically - with a cadence to be defined - the statistics relating to the operations related to them. The ASPSPs will also receive a timely report of the individual AIS / PIS calls assigned to them by CBI Globe.

 
+ - 6. In the event that the participating PSP is not able to display its "core" PSD2 online services according to the standard adopted by the CBI Globe, is it possible to standardize the data or convert the ASPSP language according to the adopted standard?

Yes, CBI Globe offers the possibility (not included in the basic solution and characterized by ad hoc pricing) to adopt a tool for converting the standards used by the service into the proprietary specifications used by the ASPSP IT systems. It will be possible to address this aspect with the solution provider during the on-boarding phase by the interested PSPs.

 
+ - 7. Will the service model identified focus on the online services offered by Intermediaries to their customers (Retail and Corporate)?

The ASPSPs that offer to their customers online payment accounts must provide at least an access interface that allows secure and open communication with third parties (TPPs). In this regard, the service model identified will facilitate the interconnection between ASPSP and TPP, necessary for the use of the "core" functions envisaged by the PSD2 (eg available balance, initialisation of a payment, information on account movements ...).

 
+ - 8. Will the identification of new cooperative services - and related APIs - to be exhibited through CBI Globe, be managed by Consorzio CBI?

Yes, the governance of the solution will be entrusted to Consorzio CBI. The Consortium will set up an ad hoc Working Group with the aim of identifying any evolutions/new services to be exhibited through CBI Globe.

 
+ - 9. Is the consensus collection done by the CBI Globe platform?

Yes, with the exception of the consent related to the sole Fund Check functionality related to the interaction with the CISPs. In detail, in accordance with the PSD2 regulation (Article 65 "Confirmation of availability of funds") on "request of a Card Information Service Provider (CISP), the Account Servicing Payment Service Provider (ASPSP) must immediately confirm whether the amount requested is available on the payer's account, provided [...] the payer (PSU) has given explicit consent to the ASPSP". Consorzio CBI specifies that the above consent collected by the ASPSP must be sent to CBI Globe through the "CreateConsentForPisp" API. During the meeting, the "RetrieveTPP" API must be called by the ASPSP to acquire the list of TPPs authorized by CBI Globe.

 
+ - 10. Will the availability of the service be guaranteed 24 hours a day, 365 days a year?

Yes, however, there are some unavailability windows for extraordinary maintenance which will be given more details in the shortest time possible.

 
+ - TPP
+ - 1. Will the Third Parties be able to access only current account movements or will they also be able to perform reporting and analysis of user data (PSU)?

According to current legislation, the Third Parties will be able to obtain in response from the ASPSPs only the information promptly requested by the PSUs. CBI Globe will respond to the API invocations of the TPPs with the data promptly requested by the PSUs to the ASPSP through the TPPs.

 
+ - 2. Regarding the authentication of the Third Parties, what activities will CBI Globe perform for the ASPSPs?

CBI Globe provides a module dedicated to the recognition of TPPs. CBI Globe will therefore check the presence of TPPs in the list of certified TPPs prepared by the EBA, as well as validating the certificate submitted by the TPPs according to their role (PISP / AISP / CISP).

 
+ - 3. The interfaces (API) that CBI Globe will expose to the third parties will be only those related to the "core" services required by the PSD2? Does CBI Globe envisage the opportunity to exhibit APIs related to VAS services that require specific agreements between Third Parties and ASPSPs?

The API interfaces exposed to the TPPs will be related - in a first phase - to the "core" features required by the PSD2. In a second planning phase, additional value-added services will be activated, identified and developed at a collaborative or competitive level. The solution also provides for the availability of a tool for counting of API accesses by the TPPs to support the monetization activities that each Bank will be able to manage independently. There is no centralized billing system of CBI Globe. The management of any agreements between TPPs and ASPSPs regarding VAS services offered through CBI Globe will be left to the competitive scope.

 
+ - 4. CBI Globe will expose to TPPs - in a first phase - only the APIs foreseen for the use of the "core" PSD2 service. Will the APIs invoked be subsequently managed internally by CBI Globe and, through a routing tool, addressed to the ASPSP recipients? In other words, will CBI Globe not exhibit the dedicated APIs of each ASPSP?

CBI Globe will exhibit - in a first phase - only the APIs related to the use of "core" features required by the PSD2. The redirection to the ASPSPs addressed by the invocations will be carried out by the internal solution routing module. CBI Globe, therefore, in this first phase, will not directly expose the APIs exposed to it by each ASPSP.