Our Open Banking service is designed for banks who want to securely make their data available via a REST API using a consent-driven authorisation without the associated risks or costs of doing it themselves.
Based on the Consumer Data Right framework, Data Source in a Box provides a consent driven, hosted and fully managed REST API which connects to core banking systems.
Our inbuilt accreditation system requires Data Recipients to undergo an annual compliance and security review before a financial institution approves access to customer data, thereby reducing risk for financial institutions and ensuring they maintain control of the data.
For the last 10+ years, SISS Data Services have integrated our solutions with all major banks in Australia.
Join us to benefit from our experience of partnering with the largest Australian banks to bring you a fully managed Open Banking solution.
What is Open Banking as a service?
Key Features
Data Recipient Onboarding
Vet Data Recipients, annual compliance review, approve or revoke access, dispute resolution
API Management
Vendor onboarding & approval, API versioning, API throttling, high availability and uptime, API status page
Data Security
Regular penetration testing, vulnerability monitoring, data loss prevention, web application firewall
Sandbox/Playground
Access to test data, developer support, release management
Data Analytics
Daily data usage, usage by data recipient, comparison by period, consent status and trends
Consent Management
Online & paper based consent, approve and revoke consent
Developer Portal
API documentation & changelogs, API versioning, API throttling
Relationship Manager
Dedicated account manager, open banking updates, technical assistance
Core Banking Integration
Existing core banking plug-ins, multiple file format (BAI, CSV,XML), push or pull data collection via, SOAP REST, SFTP data cleansing, transport data encryption at rest and in transport
Data Recipient Onboarding
Vet Data Recipients, annual compliance review, approve or revoke access, dispute resolution
Data Recipient Onboarding
Vet Data Recipients, annual compliance review, approve or revoke access, dispute resolution
API Management
Vendor onboarding & approval, API versioning, API throttling, high availability and uptime, API status page
API Management
Vendor onboarding & approval, API versioning, API throttling, high availability and uptime, API status page
Data Security
Regular penetration testing, vulnerability monitoring, data loss prevention, web application firewall
Data Security
Regular penetration testing, vulnerability monitoring, data loss prevention, web application firewall
Sandbox/Playground
Access to test data, developer support, release management
Sandbox/Playground
Access to test data, developer support, release management
Data Analytics
Daily data usage, usage by data recipient, comparison by period, consent status and trends
Data Analytics
Daily data usage, usage by data recipient, comparison by period, consent status and trends
Consent Management
Online & paper based consent, approve and revoke consent
Consent Management
Online & paper based consent, approve and revoke consent
Developer Portal
API documentation & changelogs, API versioning, API throttling
Developer Portal
API documentation & changelogs, API versioning, API throttling
Relationship Manager
Dedicated account manager, open banking updates, technical assistance
Relationship Manager
Dedicated account manager, open banking updates, technical assistance
Core Banking Integration
Existing core banking plug-ins, multiple file format (BAI, CSV,XML), push or pull data collection via, SOAP REST, SFTP data cleansing, transport data encryption at rest and in transit
Core Banking Integration
Existing core banking plug-ins, multiple file format (BAI, CSV,XML), push or pull data collection via, SOAP REST, SFTP data cleansing, transport data encryption at rest and in transit
Who is Open Banking as service designed for?
Open Banking as a service is designed for banks who want the benefit of securely sharing consumer data, without the high upfront costs and ongoing day to day management of Open Banking.
- ✓ Fixed pricing – Keep within budget
- ✓ Fully Managed – Use our team, not yours
- ✓ Developer Portal & Sandbox – Ready, set . . . BUILD
- ✓ Security Monitoring – We worry, so you don’t have to
- ✓ Connect now – Instant data sharing via our exciting Fintech network
We Keep Costs Simple
No lock-in contracts, minimum terms or exit penalties, simply set up your service and pay month-to-month.
Set Up Fee$10,000 +GST
Monthly FeeFrom $2,500 +GST per month
Speak to us for more details
Data Lifecycle
The following diagram highlights the phases of the data lifecycle.
Definitions
WSO2 Open Banking is the only purpose-built solution that provides all technology requirements for achieving complete Open Banking compliance using a single technology platform.
Data Custodians
Data Managers
Personnel directly responsible for the operational access and management of Data.
Data Owner
SISS Data Services is the Owner of all Data collected, stored or managed by personnel of SISS Data Services.
Data Sources
The Bank or Financial Institution that the Data Owner maintains an account with and obtains the Data Feeds from
Data Stewards
Personnel responsible for the integrity, availability, confidentiality, and quality of Data Management. There should be at least one designated Data Steward for each business unit or department.
Financial Information
Data that relates to a financial product or transaction from Data Sources that may contain information as detailed in Table 3 below.
Personal Information or PII
Any information or an opinion about an identified individual, or an individual who is reasonably identifiable.
SISS Data Services Data Resource
Data owned by SISS Data Services may reside in various systems and locations as required and justified by the business, these are consistently referred to as a single, shared resource.
All such Data owned and managed by or on behalf of SISS Data Services is considered part of the SISS Data Services Data Resource.
Third Party
An individual, company or other entity that an individual has granted consent to access their personal information.
Data Types
| We'll help you comply with the regulation's Open API and security requirements |
We are part of the Data Standards technical working group and follow the regulation closely. We will ensure that the Open Banking solution is updated as and when the specification and security updates are released. This frees your teams' time to focus on more pressing tasks. |
| Our technology model and team, work well with yours |
We provide both cost-based and deployment-based engagement models catering to Banks of any size. We also provide training programs that get your teams up and running with our technology in record time. |
| We assist in communicating the benefits of Open Banking to your customers |
Our work with European Banks revealed some key concerns consumers had with Open Banking. We’ll use these as examples to address perceptions for Australian banking customers. The earlier you educate your customers, the more trust you build with them. |
| Use us to prepare for digital banking initiatives in Australia |
As Open Banking takes off, your customers will demand more services and products that make their lives easier. Your IT infrastructure needs to scale to meet these new demands. Our platform and domain expertise make us the ideal technology partner to help you become a market leader in digital banking. |
Data Types
SISS Data Services, through their feeds, may store the information as detailed in the table below.
Bank Account Data
Direct from Financial Institution
- Account Number
- Account Name
- BSB
- Transaction Details
- Balance Details
Credit Card Data
Direct from Financial Institution
- Tokenised Credit Card Number
- Card Name
- Transaction Details
- Balance Details
Contract Note Data
PDF of Contract Note emailed to SISS & Direct from Financial
- Name of Account
- Account ID
Institutions System
- Email Address
- Transaction Details
- Brokers Details
Wrap & Managed Fund Data
Direct from Financial Institution
- Account Number
- Account ID
- Investment Holding Details
- Transaction Details
- Balance Details
Share Registry Data
Direct from Financial Institution
- HIN
- Account Name
- Investment Holding Details
- Transaction Details
- Balance Details
Principles
The following principles outline the acceptable minimum requirements that must be adhered to by SISS Data Services and its personnel to provide high quality and easily accessible Data while protecting the confidentiality, integrity and availability of Data collected and provided by SISS Data Services.
Collection of Data Principles
- SISS Data Services owns the data collected, created, and provided via its services.
- A delegated Data Steward is responsible to ensure the ongoing confidentiality, integrity, availability and quality of information collected and provided.
- There is at least one Data Steward identified for each data type collected, created and provided by SISS Data Services.
- SISS Data Services will obtain consent from individuals for the processing, storing, and transfer of personally identifying information where applicable and relevant as required by the Privacy Act.
- Consent from an individual must be information and explicit.
- SISS Data Services will never utilise screen scraping to obtain or collect information.
Plan to Distribute Principles
- A delegated Data Manager is provided for each business unit or data type to ensure the data is availablein accordance with operational requirements to authorised parties only.
- Collected data is verified to be accurate and true from the supplying feed prior to delivery to SISS Data Services customers.
- SISS Data Services will be transparent in the use and purpose of the data sourced.
Assess Classification Principles
Open Banking in Australia was created to give consumers the power to control their own data. As holders of this data, every bank has a responsibility to ensure data protection when the data is shared across various data holders and recipients. A key aspect of building trust is through transparency. A few things you can do include
- SISS Data Services will ensure the accuracy and integrity of the information provided via its services.
- Data is classified as public or protected.
- Public data is any data that is made publicly available in accordance with compliance requirements such as media releases or is already directly available via public systems.
- Protected data is all SISS Data Services Data Resource that is not considered public.
- Data classified as public will require no special treatment or imposition of access controls.
- Data classified as protected will be stored securely and only made accessible where a suitable business need or justification has been demonstrated by the authorised party.
- The principles of least privilege and need to know are adhered to by SISS Data Services.
- Only authorised parties are provided access to data they require access to.
- Unauthorised parties are not provided access to any SISS Data Services Data Resource.
- Suitable business justification must be provided prior to access being authorised, enforcing the principle of "need to know".
Protection of Data Principles
- Data is protected against misuse, misconduct, and failing integrity through access control and authorisation limitations.
- All entities using SISS Data Services API or other interfaces to access SISS Data Services Data Resources must agree and adhere to terms and conditions with SISS Data Services.
- All entities using SISS Data Services API or other interfaces to access SISS Data Services Data Resources must implement appropriate and reasonable information security protections and controls.
- SISS Data Services may verify and request evidence of appropriate security protections and controls being applied by any entity accessing SISS Data Services Data Resources.
- Access to the API and other interfaces are reviewed and audited periodically to identify any potential misuse.
- SISS Data Services does not share personal or financial information with individuals or third-parties without completing identification verification.
- SISS Data Services will ensure that any breach of personally identifiable information collected or provided is identified and mitigated in a reasonable time period.
- SISS Data Services will ensure that any breach of personally identifiable information collected or provided is notified in accordance with the Notifiable Data Breaches Scheme.
Disposal of Data Principles
- Data that is no longer of value to SISS Data Services or its customers is securely destroyed within a reasonable time frame.
- All data, unless there no longer exists a value of personally identifying information, will undergo a de-identification process or be destroyed.
- All entities using SISS Data Services API or other interfaces to access SISS Data Services Data Resources must implement appropriate and reasonable information security protections and controls.
- Personally identifiable information will be destroyed in accordance with the Privacy Act 1988, ensuring PII is destroyed when it is no longer required.
- SISS Data Services will comply with appropriate legislation, for any requests made by an individual for the extraction, correction, or deletion of their own records.
- SISS Data Services provides individuals with the right to be forgotten (delete all data) when an individual has been identified accurately, via their financial institution or via an authorised third-party.
- SISS Data Services will, at their discretion, either destroy the client information where any record may result in or cause harm to an individual or anonymise it such that the individual can no longer be identified.
Review
SISS Data Services commits to reviewing and updating this policy on an annual basis or more frequently where required.