FDX API Overview (Dinesh).pdf

•

0 likes•41 views

The document summarizes an organization called the Financial Data Exchange (FDX) and its work developing standards for consumer access to financial records. FDX operates independently under FS-ISAC and aims to promote interoperable standards for securely sharing consumer financial data. The document outlines FDX's mission and membership, its API portfolio including the FDX API specification, and provides an overview of FDX's technical workgroups. It also summarizes FDX's standards for authentication, authorization, account coverage, and communication security.

Technology

The Industry Standard for Consumer
Access to Financial Records
FDX API and Security Overview
Dinesh Katyal – 7/20/20

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.
Agenda
2
Organization Overview
The FDX API Portfolio
- FDX API 4.1
- Control Consideration for Consumer Financial Account Aggregation 3.1
- User Experience Guidelines – Account Information 1.0
- Use Cases
Q & A

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.
Mission
3
The Financial Data Exchange (FDX) mission is to promote and enhance a
common interoperable standard and operating framework to efficiently
and securely share consumer and business financial data.
FDX operates as an independent subsidiary of the Financial Services
Information Sharing and Analysis Center (FS-ISAC) and took up the work
of the FS-ISAC Aggregation Working Group.
FDX launched on 18 October 2018.

Financial Data Exchange (FDX) The current Board comprises 11 Financial Institutions, 5 Permissioned
Parties, 5 Aggregators, 2 Industry Groups & the FS-ISAC.
The Industry Standard for Consumer Access to Financial Records
Open Membership | ¼ of members are Fin-Tech firms | 2/3 are not banks | FDX is not a policy or lobbying group.
118 Member
Organizations

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.

The Industry Standard for Consumer Access to Financial Records
FDX Technical Organization
Security &
Authentication
User
Experience
& Consent
API / Data
Structures
Qualification &
Certification
OFX
Working
Groups
Every Working Group, Committee and the Board are co-chaired by a Financial Institution and a Non-Financial Institution
Technology
Review
Committee
E2E
Encryption
Task
Forces
Cert Model Directory Tax Forms
Intermediary
ID
UX
Guidelines
Taxonomy
Money
Movement
FDX Staff
Director Product
+

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.
FDX API
7
• Secure authentication
- Tokenized access to data
- No login credentials used/ held by aggregator/ apps
• Authorization and consent standard
- Owner approves what is shared, its use, and duration
- UX guidelines 1.0 will cover consent for account information services
• API specification
- Replaces screen scraping
- JSON/ REST
- Comprehensive coverage of account information services and tax forms (US)
- Free to access and royalty free to use

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.
Supported Accounts and Documents
■ Deposit: ■ Lines of Credit:
Checking (DDA) Credit Cards
Savings LOC (retail)
Money Market Accounts LOC (Commercial)
Time Deposits (CD) HELOC
Other Other
■ Loans: ■ Investments
Loans (Installment) IRA
Mortgages TAXABLE
Loans (Commercial) TRUST
Other Other
■ Insurance: ■ Annuities:
● Statements
● Tax Documents: US Tax Forms
● Images (receipts or check images)

The Industry Standard for Consumer Access to Financial Records
• FALL 2020 Release Timeline
• Sep 7 – RFC cutoff for release inclusion
• Sep 21:
• Spec 4.2 (tax ‘20) – 14-day member notice
• Spec 4.5 (non-tax RFCs) – WG notification
• Oct 5 (60 days prior) –
• Spec 4.2 (tax ‘20) - GA
• Spec 4.5 (non-tax RFCs) – 60-day member
notice
• Dec 3 – Spec 4.5 GA
Note: Tax and non-tax will be aligned from Fall 2021
onwards shifting general release schedule up by 2
months
Release Calendar

The Industry Standard for Consumer Access to Financial Records
FDX Confidential. All rights reserved.
Questions

apidays New York 2022 - Beyond API Regulations for Finance, Insurance, and Healthcare July 27 & 28, 2022 Discussing the significance of API standardization Dinesh Katyal, Director Product, Open Banking and Payments at Avast ------------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe

FIDO Alliance

File Sharing Use Cases in Financial Services

BlackBerry

Financial services institutions need to meet high standards of security, particularly when collaborating with external partners, in order to comply with federal regulations and protect their customers. However, security protocols designed to protect sensitive information can actually hinder workplace productivity. This presentation demonstrates different ways that financial institutions were able to get back to business using BlackBerry Workspaces, the secure file sync & share solution.

apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...

apidays

apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare July 28 & 29, 2021 Security Design Patterns that Protect Sensitive Financial Data Shared via APIs Dinesh Katyal, Product Director at Financial Data Exchange, Ray Voss, VP, Security Architect, JPMorgan Chase Bank, N.A and Co-Chair, Financial Data Exchange Security and Authentication Working, & Shawn Jobe, Director of Software Development at Factual Data

Identity Live London 2017 | Kenneth May

ForgeRock

The Pensions Dashboard project is an important and exciting initiative for the UK consumer with an immense social purpose. It has the potential to significantly improve retirement planning, financial inclusion and consumer engagement with the pensions industry. Origo is working with ForgeRock and the wider industry to bring an enabling infrastructure to market. The solution will securely identify the consumer before orchestrating a search of pensions across the industry. Today we will provide a tour of the project to date. We’ll cover the architecture for identity, attribute exchange and resource sharing; bringing this to life with a demonstration.

How to setup Guarantees in a Core Banking

vinoth511

This document provides an overview of Oracle's FLEXCUBE Universal Banking (FCUB) Guarantees module. It discusses the key components and functionality of the guarantees module, including the product setup, contract lifecycle, and processing of guarantee issuance, amendments, invocations, and other transactions. The document is intended to guide users through the various maintenance and configuration options available in the Oracle banking system for handling guarantee products and contracts.

Data Center Audit Standards

Keyur Thakore

The document discusses various audit standards for data centers, including SAS 70, SSAE 16, SOC 1-3, and PCI DSS. It provides details on the requirements and goals of each standard. The SAS 70 focused on controls over financial reporting but was not intended for security verification. SSAE 16 superseded SAS 70 and requires assessment of control design and effectiveness. SOC reports evaluate specific controls and are restricted (SOC 1) or public-facing (SOC 3). PCI DSS standards were created by credit card companies to protect cardholder data and require vulnerability assessment, remediation and reporting.

CEDAR Summary_Oct2010c

Mark Davies

This document provides an overview and introduction to CEDAR (Credit Exposure Data and Analytics Repository Portal), a proposed centralized data portal for loan-level credit exposure data. The summary includes: 1) CEDAR aims to create a technology-led portal that makes standardized and transparent loan-level data available to support various market participants like investors, regulators, and analysts. 2) There is demand and need for more granular loan data across the structured finance market to rebuild confidence following the 2008 financial crisis. CEDAR seeks to address this need in a way that is independent, transparent, and accessible to all. 3) The proposal outlines CEDAR's vision, market opportunity, value proposition, key

The document discusses RAiDiAM and its Open Banking Identity product. It summarizes: - RAiDiAM was created to help with identity challenges of Open Banking and PSD2 regulations. It provides consulting and modular/scalable identity architecture services. - The Open Banking Directory was developed as a trust framework "hub" to enable secure transactions between authorized financial companies using standards like OAuth2 and OIDC. - It describes the Directory's key components, onboarding process to issue credentials to companies, and role in later transactions to validate claims between financial entities.

First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...

Yogi Golle

The document discusses potential synergies between the finance and energy sectors, including trading of financial products related to energy, regulations both industries face, use of industry standards, and data security concerns. It proposes a cross-functionality platform called SIDE (Securities Industry Data Exchange) that could integrate finance and energy/utility data and transactions. It also discusses how blockchain/distributed ledger technology could provide security benefits and reduce costs for areas like trade confirmations and reporting between counterparties in the finance sector.

PCI-DSS for IDRBT

Shanmugavel Sankaran

This document discusses PCI DSS (Payment Card Industry Data Security Standard) and protecting personally identifiable information (PII). It provides background on PCI DSS including its purpose of optimizing credit card security. It defines what constitutes cardholder data and who must comply with PCI DSS. The document also discusses risks of PII breaches and best practices for minimizing PII use and categorizing PII confidentiality levels. It emphasizes the need for coordination across an organization in managing PII issues and having an incident response plan for PII breaches.

Enterprise Governance Risk and Compliance (GRC) Management Solution in India

LexComply

5 Things to Look for in an ELD Provider

Brittany Wooten

This document discusses key considerations for choosing an electronic logging device (ELD) provider to comply with federal ELD mandates. It covers the ELD definition, exemptions, compliance dates and top five criteria to evaluate providers: accuracy and reliability of data capture; safety and security of data; support services; using driver performance data to promote safety; and integrated solutions. It provides EROAD company information and resources on ELD regulations.

Trisilco-IT NSRS presentation

Hasan Mokaddes

This document discusses Trisilco IT's proposed solution for data submission to BNM's NSRS system. The key points are: 1. The proposed solution is a web-based application that allows for multi-user, multi-department data entry, checking, approval and submission across various reporting templates from a central repository. 2. It features workflow management, data versioning and audit trails to streamline the reporting process and ensure compliance. 3. Implementation is expected to take 1 month and involve requirement gathering, system setup, training and user acceptance testing. 4. Future phases could include automating data extraction and loading into a data warehouse using ETL processes.

IQ3 Group - ISDA August 2012 DF Protocol

IQ3 Solutions Group

Vendor Management for PCI DSS, HIPAA, and FFIEC

ControlCase

Managing Multiple Assessments Using Zero Trust Principles

ControlCase

Fido uaf-overview-v1.1-rd-20161005

Jaime Ruiz

The document provides an overview of the FIDO Universal Authentication Framework (UAF) Reference Architecture. It describes the key components of the FIDO UAF ecosystem including the FIDO UAF client, server, protocols, authenticator abstraction layer, and authenticators. The goals of FIDO UAF are to enable strong, multi-factor authentication across devices and platforms while simplifying integration of new authentication capabilities and preserving user privacy.

Bank Tech Asia 2012

Hasan Mokaddes

The document discusses Trisilco IT's role in providing software and solutions to financial institutions in Malaysia. It outlines some of Trisilco IT's key systems and services including its CCRIS backend and frontend systems for credit reporting, compliance solutions, risk rating platforms, and CRM systems. It also describes Bank Negara Malaysia's project to implement an Integrated Statistical System to standardize statistical reporting across financial institutions and the phased implementation approach. Finally, it provides an overview of Trisilco IT's ISS solution for automating statistical reporting with features like security, workflow, data auditing, and support for over 70 reporting templates.

Global Regulatory Landscape for Strong Authentication

FIDO Alliance

The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.

20190523 archiver fim

Archiver

This document provides an overview of federated identity management for the ARCHIVER project. It discusses key concepts like identity providers, service providers and protocols. It recommends that ARCHIVER select a service provider proxy, research institutes ensure they have SAML identity providers, and services support SAML or OIDC. Next steps include deciding on a service provider proxy, ensuring identity providers and services support federated protocols, and complying with policies to encourage attribute sharing. Testing tools and further help are also referenced.

FIDO as Regtech - Addressing Government Requirements

FIDO Alliance

This document discusses how authentication technology and government policies need to evolve together. It argues that FIDO authentication addresses regulatory needs in a secure, usable way. The document notes that governments are recognizing that two-factor authentication can now happen within a single device and that they should promote the "right" authentication standards like FIDO that are secure by default. Major reports recommend FIDO to overcome identity challenges in a way that empowers consumers.

Open Banking and Payment Service Directive

Lac Vuong

Implementing a Global Unique Device Identification (UDI) Solution: Regional U...

Greenlight Guru

UDI data requirement experts Gary Saner and John Lorenc of Reed Tech will discuss best practices for UDI preparations and the future potential impacts to medical device manufacturers as global health authorities publish mandates. This session will give suggested best practices concerning EU EUDAMED preparation, what we have learned via testing and a Q&A session. Bring your specific questions concerning medical device registration scenarios, data elements and requirements. The speakers will review and provide clarity on currently posted guidance and answer your questions concerning EUDAMED and other health authority timelines. This presentation originally aired during the 2021 State of Medical Device Virtual Summit.

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Similar to FDX API Overview (Dinesh).pdf

Pistoia Alliance European Conference 2015 - Stuart Robertson / Exostar

Pistoia Alliance

OneAudit™ - Assess Once, Certify to Many

ControlCase

Continuous Compliance Monitoring

ControlCase

India’s Most Comprehensive Compliance Management software

LexComply

Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...

FinTechLabs.io

First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...

Yogi Golle

PCI-DSS for IDRBT

Shanmugavel Sankaran

Enterprise Governance Risk and Compliance (GRC) Management Solution in India

LexComply

5 Things to Look for in an ELD Provider

Brittany Wooten

Trisilco-IT NSRS presentation

Hasan Mokaddes

IQ3 Group - ISDA August 2012 DF Protocol

IQ3 Solutions Group

Vendor Management for PCI DSS, HIPAA, and FFIEC

ControlCase

Managing Multiple Assessments Using Zero Trust Principles

ControlCase

Fido uaf-overview-v1.1-rd-20161005

Jaime Ruiz

Bank Tech Asia 2012

Hasan Mokaddes

Global Regulatory Landscape for Strong Authentication

FIDO Alliance

20190523 archiver fim

Archiver

FIDO as Regtech - Addressing Government Requirements

FIDO Alliance

Open Banking and Payment Service Directive

Lac Vuong

Implementing a Global Unique Device Identification (UDI) Solution: Regional U...

Greenlight Guru

Similar to FDX API Overview (Dinesh).pdf (20)

Pistoia Alliance European Conference 2015 - Stuart Robertson / Exostar

OneAudit™ - Assess Once, Certify to Many

Continuous Compliance Monitoring

India’s Most Comprehensive Compliance Management software

Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...

First-North - EUSN Presentation (November 16 2016) Final-v1 Yogi Notes 2016-1...

PCI-DSS for IDRBT

Enterprise Governance Risk and Compliance (GRC) Management Solution in India

5 Things to Look for in an ELD Provider

Trisilco-IT NSRS presentation

IQ3 Group - ISDA August 2012 DF Protocol

Vendor Management for PCI DSS, HIPAA, and FFIEC

Managing Multiple Assessments Using Zero Trust Principles

Fido uaf-overview-v1.1-rd-20161005

Bank Tech Asia 2012

Global Regulatory Landscape for Strong Authentication

20190523 archiver fim

FIDO as Regtech - Addressing Government Requirements

Open Banking and Payment Service Directive

Implementing a Global Unique Device Identification (UDI) Solution: Regional U...

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Safe Software

Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency. During the hour, we’ll take you through: Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board. Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes. Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI. We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI. This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Chart Kalyan

Serial Arm Control in Real Time Presentation

tolgahangng

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Digital Marketing Trends in 2024 | Guide for Staying Ahead

Wask

https://www.wask.co/ebooks/digital-marketing-trends-in-2024 Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.

Project Management Semester Long Project - Acuity

jpupo2018

Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Columbus Data & Analytics Wednesdays - June 2024

Jason Packer

GraphRAG for Life Science to increase LLM accuracy

Tomaz Bratanic

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

UI5 Controls simplified - UI5con2024 presentation

Wouter Lemaire

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

akankshawande

How to use Firebase Data Connect For Flutter

Daiki Mogmet Ito

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Generating privacy-protected synthetic data using Secludy and Milvus

Zilliz

During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/ DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen! Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell. Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten. Diese Themen werden behandelt - Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten - Wie funktionieren CCB- und CCX-Lizenzen wirklich? - Verstehen des DLAU-Tools und wie man es am besten nutzt - Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw. - Praxisbeispiele und Best Practices zum sofortigen Umsetzen

Introduction of Cybersecurity with OSS at Code Europe 2024

Hiroshi SHIBATA

I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems. The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS. Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application. I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany

20240609 QFM020 Irresponsible AI Reading List May 2024

Driving Business Innovation: Latest Generative AI Advancements & Success Story

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Serial Arm Control in Real Time Presentation

Skybuffer SAM4U tool for SAP license adoption

HCL Notes and Domino License Cost Reduction in the World of DLAU

Digital Marketing Trends in 2024 | Guide for Staying Ahead

Project Management Semester Long Project - Acuity

UiPath Test Automation using UiPath Test Suite series, part 6

Columbus Data & Analytics Wednesdays - June 2024

GraphRAG for Life Science to increase LLM accuracy

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

UI5 Controls simplified - UI5con2024 presentation

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

How to use Firebase Data Connect For Flutter

Programming Foundation Models with DSPy - Meetup Slides

Generating privacy-protected synthetic data using Secludy and Milvus

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

Introduction of Cybersecurity with OSS at Code Europe 2024

FDX API Overview (Dinesh).pdf

1. The Industry Standard for Consumer Access to Financial Records FDX API and Security Overview Dinesh Katyal – 7/20/20

2. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Agenda 2 Organization Overview The FDX API Portfolio - FDX API 4.1 - Control Consideration for Consumer Financial Account Aggregation 3.1 - User Experience Guidelines – Account Information 1.0 - Use Cases Q & A

3. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Mission 3 The Financial Data Exchange (FDX) mission is to promote and enhance a common interoperable standard and operating framework to efficiently and securely share consumer and business financial data. FDX operates as an independent subsidiary of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and took up the work of the FS-ISAC Aggregation Working Group. FDX launched on 18 October 2018.

4. Financial Data Exchange (FDX) The current Board comprises 11 Financial Institutions, 5 Permissioned Parties, 5 Aggregators, 2 Industry Groups & the FS-ISAC. The Industry Standard for Consumer Access to Financial Records Open Membership | ¼ of members are Fin-Tech firms | 2/3 are not banks | FDX is not a policy or lobbying group. 118 Member Organizations

6. The Industry Standard for Consumer Access to Financial Records FDX Technical Organization Security & Authentication User Experience & Consent API / Data Structures Qualification & Certification OFX Working Groups Every Working Group, Committee and the Board are co-chaired by a Financial Institution and a Non-Financial Institution Technology Review Committee E2E Encryption Task Forces Cert Model Directory Tax Forms Intermediary ID UX Guidelines Taxonomy Money Movement FDX Staff Director Product +

7. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. FDX API 7 • Secure authentication - Tokenized access to data - No login credentials used/ held by aggregator/ apps • Authorization and consent standard - Owner approves what is shared, its use, and duration - UX guidelines 1.0 will cover consent for account information services • API specification - Replaces screen scraping - JSON/ REST - Comprehensive coverage of account information services and tax forms (US) - Free to access and royalty free to use

8. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Supported Accounts and Documents ■ Deposit: ■ Lines of Credit: Checking (DDA) Credit Cards Savings LOC (retail) Money Market Accounts LOC (Commercial) Time Deposits (CD) HELOC Other Other ■ Loans: ■ Investments Loans (Installment) IRA Mortgages TAXABLE Loans (Commercial) TRUST Other Other ■ Insurance: ■ Annuities: ● Statements ● Tax Documents: US Tax Forms ● Images (receipts or check images)

9. The Industry Standard for Consumer Access to Financial Records • FALL 2020 Release Timeline • Sep 7 – RFC cutoff for release inclusion • Sep 21: • Spec 4.2 (tax ‘20) – 14-day member notice • Spec 4.5 (non-tax RFCs) – WG notification • Oct 5 (60 days prior) – • Spec 4.2 (tax ‘20) - GA • Spec 4.5 (non-tax RFCs) – 60-day member notice • Dec 3 – Spec 4.5 GA Note: Tax and non-tax will be aligned from Fall 2021 onwards shifting general release schedule up by 2 months Release Calendar

10. The Industry Standard for Consumer Access to Financial Records FDX Confidential. All rights reserved. Control Considerations 10 • Conceptual security architecture stack - Federated user authentication interoperability with OpenID Connect 1.0 - Delegated user authorization using OAuth 2.0 - Specific user identification pattern using FIDO 1.2 UAF • Communication; - TLS for all communications - NIST recommended encryption algorithms - Recommended key lengths and host name verification enabled • API Security Profile - Normative references to FAPI part 1 – read only security profile - FAPI part 2 – read-write security profile OAuth 2.0

FDX API Overview (Dinesh).pdf

Recommended

Recommended

More Related Content

Similar to FDX API Overview (Dinesh).pdf

Similar to FDX API Overview (Dinesh).pdf (20)

Recently uploaded

Recently uploaded (20)

FDX API Overview (Dinesh).pdf