Commercial Credit Card Structure under Get Account Details call

[NationalAustraliaBank]

Description

At NAB, we have a variety of credit cards offered to customers, including personal credit card, business credit card, and corporate credit card.

For personal credit cards, repayment info is visible to the individual Account owner. However, for business credit cards, the business account owners and facility authorised personnel are allowed to view the facility account level information (repayment amount, repayment due date, etc). For Business card holders who are not business account owners or facility authorised personnel, they are not able to view facility account level repayment information as the repayment information fields are applicable at facility account level. Hence, we suggest that the following fields should be changed to "Optional":

BankingAccountDetailV3 - BankingCreditCardAccount

"minPaymentAmount"
"paymentDueAmount"
"paymentCurrency"
"paymentDueDate"

Area Affected

BankingAccountDetailV3 under GetAccountDetail

Change Proposed

Option 1: "creditCard" object to be made optional even if specificAccountUType is creditCard
Option 2: Fields under "creditCard" object to be made optional.

[nils-work]

Hi @NationalAustraliaBank

Making fields optional at a schema level may not be the best solution to an issue that seems to relate to sharing permissions (entitlements/scopes).

Two options to explore may be:

1. If the "business card holders" are "not able to view facility account level repayment information" perhaps they should not be designated as a Nominated Representative (NR) for that account.
2. In the NR service, provide the ability for "business account owners" to specify NRs that are only "business card holders" as not being allowed to authorise certain accounts in consents requiring the Detailed Bank Account Data scope which authorises the Get Account Detail endpoint containing those fields.
   Use-cases requiring only Bank Transaction Data (which requires Basic Bank Account Data) could remain unaffected and still be available for sharing.

These options could make any accounts that the NR is not allowed to share (depending on their NR status⁽¹⁾ and possibly the scopes required by, and consented to, at the ADR⁽²⁾ appear in the "Unavailable for sharing" section of the account selection screen in the authorisation flow, potentially with details about why they are unavailable and how to make them available.

Without restrictions such as these, all accounts of the non-individual consumer could be expected to be available to a designated NR, and all endpoints and fields should be available for disclosure according to the scopes authorised.

Would something like above solve this issue?

[NationalAustraliaBank]

After doing further analysis , and reviewing the Business Credit Card structure , we believe our current implementation is aligned with the Nominated Representative service .
Hence if a Nominated Representative has been given Business Credit Card facility account access , they would be able to share all respective datasets including credit card object as part of get account details when consent is created . Based on the above , we recommend no changes to the existing CDR standards and suggest that we close the CR

[perlboy]

@NationalAustraliaBank since it's being discussed, as far as I'm aware it is impossible to add a Nominated Representative to a NAB Business Credit Card service without them being added as a cardholder. In fact there is no "Nominated Representative" form available anywhere in NAB. Is this what you were alluding to with "after doing further analysis"?