Australian Consumer Data Right (CDR) and Open Banking

IAM: The Key to Open Data Sharing

Australian Consumer Data Right (CDR) and Open Banking

get the ebook watch the demo
The obstacle

CDR and Open Banking in Australia

The global momentum toward consumer data rights, starting with open financial APIs, cannot be denied. The Australian government has mandated open consumer data APIs in key industries, and Australia’s Big 4 banks are moving forward with open APIs based on a timeline of July 2020. All other banks in Australia are bracing themselves for their own deadline, July 2021. Unlike other jurisdictions around the world at this time, Australia’s standards effort will eventually impact all verticals in the country. The retail energy sector is already on its way to defining an Open Energy regime, and Open Telco has been slated as the next in line.

open ebook
The obstacle

Building a New Standard for Australia

In the face of regulatory directives, Australia’s leading financial institutions are turning to IAM technology partners to modernise their infrastructure in preparation for what’s to come. Championing existing and emerging open standards for financial APIs, Mark Perry from Ping Identity is the only vendor representative on the Advisory Committee helping to define Australia’s Open Banking standard as part of the Consumer Data Right.

read the blog
the solution

Modernise IAM to Secure Open Banking

To comply with the Open Banking initiative of CDR, Australia’s financial services institutions will eventually have to adopt technology that allows them to expose and protect account data APIs in a security framework that prioritises consumer data rights, privacy and informed consent. To turn this requirement into a competitive advantage and be able to quickly adapt and earn consumer trust, leading financial institutions are taking action to modernise their infrastructure today. Our solution brief demonstrates the advantages of a digital banking strategy with modern identity and access management (IAM) at its core.

open solution brief

For enterprises working to put financial APIs in place in response to compliance deadlines, Ping Identity helps navigate the financial technology partner landscape to integrate with leading API gateways and leverage pre-built financial API layers, platforms and managed services deployed within a security framework powered by Ping Identity.

the solution

Quickstart Your Open Banking Environment

We’ve created a pre-configured sandbox to help financial Institutions and fintechs get up and running quickly with a development environment that aligns to the CDR specifications for Open Banking. Leave the complex InfoSec and user consent requirements of CDR to us, and as the CDR continues to evolve, we’ll continue to update the sandbox accordingly. As an added bonus, you’ll gain a flexible platform that you can use for other identity security projects across your enterprise.


watch the demo
the solution

IAM: The Key to Open Banking

As a leading vendor in the IAM space, Ping Identity’s IAM technologies are used by hundreds of financial services enterprises, including large retail banks, challenger banks and emerging fintech organisations, as well as Open Banking Ltd. in the UK.


    To enable fine-grained authorisation to access consumer data in financial APIs, financial enterprises are combining our market-leading federation solution (PingFederate) and our API access security solutions (PingAccess, PingIntelligence for APIs and PingDataGovernance). This provides standards-based, intelligent support for an OAuth 2.0-based API security model, including OpenID Connect (OIDC) and Financial-grade API (FAPI) specifications.


    Each time a customer requests access to their account data via a third-party provider (Data Recipient), the account holding institution (the Data Holder) must check the request against data consent policies and log an auditable consent record. This is supported by our highly scalable identity datastore (PingDirectory) and our customer-centric data access and consent management product (PingDataGovernance).


    PingID, our contextual multi-factor authentication (MFA) solution, provides real-time assurance that it’s truly your banking customer on the other end of a third-party API call requesting their account data. PingID enables customised, detailed MFA notifications so your customer will know exactly what data they’re entrusting with a third-party app.

the proof

Open Banking Runs on Ping


In the UK, Open Banking, Ltd. needed to establish a trusted whitelist to ensure that banks and third parties meet certification standards for seamless interoperability and know at all times who can access what APIs. They considered building the register in-house, but needed to go live by January 2018.



They chose to build the Open Banking Directory on the Ping technology stack, and were able to deploy successfully within the limited time frame. “Many of the banks in the UK and indeed globally are using Ping as a core IAM vendor. It’s quite interesting that Ping plays a role in both the security model at banks but also in the trust framework that we’ve developed internally at Open Banking.”


-Chris Michael, Head of Technology, Open Banking


read the story

Additional Australia Open Banking Resources

  • Blog

    Open Banking Around the World

    Read now
  • white paper

    Digital Leaders Open Banking Roundtable, Sydney 2018

    get the white paper
  • Blog

    Improving CX with Client Initiated Backchannel AuthN

    Read now

Take the Next Step

See how Ping can help you stay ahead of the curve in a rapidly evolving digital world.