Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Energy 'Get Agreed Payment Schedule' - BSB and Account Number Tokenisation/non-Tokenisation #591

Closed
jsaxon-red opened this issue May 17, 2023 · 4 comments
Closed

Energy 'Get Agreed Payment Schedule' - BSB and Account Number Tokenisation/non-Tokenisation #591

jsaxon-red opened this issue May 17, 2023 · 4 comments
Labels
Energy Proposal made The DSB has proposed a specific change to the standards to address the change request
Milestone
v1.25.0

Comments

@jsaxon-red
Copy link

jsaxon-red commented May 17, 2023
edited by CDR-API-Stream
Loading

Description

Under the Energy 'Get Agreed Payment Schedule' API where a consumer has a Direct Debit configured the Data Holder is required to provide the BSB and Account Number, unless the Data Holder stores this information in a Tokenised form, in which case these details are not provided and a 'isTokenised' boolean flag is set to 'True' instead.

This presents an undesired technical implementation quirk where a Data Holder stores these details in a secured but untokenised way, the Data Holder needs to choose between a material relaxing of the secured storage of the details to make these available or an implementation of Tokenisation.
If the latter option is chosen then once the details are Tokenised, they are no longer required to be provided.

Area Affected

/energy/accounts/{accountId}/payment-schedule

Change Proposed

Whilst there may be other viable options, two readily identified options suggested are:

  1. Updating of the description/requirement for the 'isTokenised' flag to include cases where the details are Tokenised or otherwise held in an secured store.
  2. Removal of the requirement to provide BSB/Account Number

DSB Proposed Solution

The DSB proposed solution for this issue is in #591 (comment)
@CDR-API-Stream
Copy link
Collaborator

The DSB recommends option 1 and updating the description of the isTokenised flag as follows:

  • "Flag indicating that the account details are tokenised, or held in a closed system, and is not accessible through any other channels"

This would help clarify that the isTokenised can be used in scenarios where the account details (bsb and account number) cannot be shared due to being held in a closed system and is not shared via any other channels.

Feedback on the proposal is welcome.

@biza-io
Copy link

biza-io commented Jun 6, 2023

Biza.io supports the proposal to adopt Option 1 of modifying the description.

@CDR-API-Stream
Copy link
Collaborator

This issue has been staged and can be viewed here - ConsumerDataStandardsAustralia/standards-staging@b3e10da

@CDR-API-Stream CDR-API-Stream added the Proposal made The DSB has proposed a specific change to the standards to address the change request label Jun 22, 2023
@nils-work nils-work added this to the 1.25.0 milestone Jul 10, 2023
@nils-work
Copy link
Member

Standards version 1.25.0 has now been published, incorporating this change.

@github-project-automation github-project-automation bot moved this from Full Backlog to Done in Data Standards Maintenance Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Energy Proposal made The DSB has proposed a specific change to the standards to address the change request
Projects
Data Standards Maintenance
Status: Done
Milestone
v1.25.0
Development

No branches or pull requests
4 participants
@CDR-API-Stream @nils-work @biza-io @jsaxon-red