Story image

ForgeRock achieves open banking compliance certification

30 Apr 2019

Digital identity management solutions provider ForgeRock has announced it is the first Identity and Access Management vendor to achieve conformance with the OpenID Foundation’s FAPI (Financial-grade API) standard.

FAPI is a fully open standard designed for banks and fintechs in Europe and around the world to build Open Banking standards for the secure exchange of consumer financial information.

APIs are essential in making this a reality.

Synonymous with innovation and a commitment to open standards, ForgeRock is active in the certifications, regulations and standards that drive industries around the world, and the company has demonstrated consistent leadership in Open Banking.

For two years, ForgeRock has worked with the Open Banking Implementation Entity (OBIE), originally in delivering a reference implementation for the UK big banks (the CMA 9) to provide a Model Bank with APIs built to specification.

Most recently, ForgeRock delivered a Sandbox-as-a-Service to enable agile development teams to achieve compliance with Open Banking and the Revised Payment Service Directive (PSD2).

The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies, and supported the working group responsible for delivering the FAPI certification.

The standard enables banks and fintechs to test and certify their implementations, which should accelerate development and testing, reduce support issues, and reduce costs.

FAPI aims to provide specific implementation guidelines for online financial services to adopt and can be applied in any market that requires higher levels of security.

OpenID Foundation executive director Don Thibeau says, “In working with the OBIE and industry leaders like ForgeRock, the OpenID Foundation is proud to build upon the Financial-grade API with an advanced approach that enables stronger security, openness, flexibility, easy-to-implement and delivers real customer value.”

Accelerating compliance with the ForgeRock Sandbox-as-a-Service

The primary goal of PSD2 and Open Banking is to encourage greater innovation and competition within financial services.

To facilitate this, ForgeRock delivered a Sandbox that is fully compliant and meets the agreed standard for testing the functionality of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

The cloud-based solution can be deployed rapidly and is already in production for several European banks that provide apps and services to more than 35 million consumers.

ForgeRock financial services and regulatory vice president Nick Caley says, “Everyone understands APIs will completely change the financial services landscape and other markets by driving new competition, collaboration and innovation.

“In support of the standard, along with our Sandbox for Open Banking, we continue to aim to provide financial institutions with compliance-ready solutions.”

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.