@@ -174,6 +174,51 @@ No. We will use most of the modules of the current Exchange backend so deploying
**Q: TransferWise allows for fast payments for transaction with Credit Cards via Adyen. Do we plan something similar? (added 23.09.2019)**
We will want to support that in the future. It's not part of the MVP.
## OBP Questions
**1. What are possible ways (integration strategies) to connect OBP instance to the extenral OAuth server (e.g. our ORY Hydra)?**
- This task was left for Jason.
**2. Is there a list of requirements available for transfer request to be validated successfuly?**
- _Details including Currency, Value, Description and other initiation information specific to each type._ Type `sepa` requires IBAN.
**3. What is the difference between the `toAccount` and the `Counterparty`?**
-`Counterparty` is a receiver that was previously verified and stored in OBP, which allows to skip security challenges in certain situations, e.g.
__
Article 13 regulates that trusted beneficiaries and recurring transactions are not subject to strong auth.
OBP Transaction Request Type = COUNTERPARTY requires payment to an account previously specified by the customer (Counterparty is_beneficiary=true).
The return value of challengeLevel controls if step-up authorisation is activated for repeated based on regular counterparty and amounts.
__
See https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018R0389 https://businessdocbox.com/Business_Software/79154281-Obp-at-the-heart-of-your-psd2-strategy.html
**4. What is the difference between SecurityChallenge and AuthCode, are AuthCodes part of Security Challenge?**
- One of `createChallenge`'s arguments is of type `CallContext` that includes (among others) `oAuthParams`, `directLoginParams`, `authReqHeaderField` & `gatewayLoginRequestPayload` (of type PayloadOfJwtJSON).
**5. Can we use OTP tokens (e.g. TOTP) for SewcurityChallenges. Who is responsible for handling the login of this (OBP/CBS/External Login Provider)?**
- Security Challenge *is* OTP ( _One Time Password (OTP) (AKA security challenge)_ ). In Kafka mapped connector I see that authInfo is exctracted from call context (see 4) and used to create the challenge.
**6. Does `TransactionRequest` allow us to store intermediary statuses between INITIATED and COMPLETED? How does it look when CBS or DIS rejects a transfer?**
- Judging by source code, at least PENDING status is being used. See https://github.com/OpenBankProject/OBP-API/blob/fba145bc2360554fcd5eea9306b9d30f52ac2e42/obp-api/src/main/scala/code/bankconnectors/Connector.scala#L652 There are more, indluding rejection `INITIATED, PENDING, FAILED, COMPLETED, FORWARDED, REJECTED`
- Transaction request can have PENDING status, while waiting for the answer to `saveTransaction`.
**7. Can OBP generate Bank Account with IBAN based on BIC of the Bank registered in OBP? Does it support other address schemas like US Routing number?**
- According to European Committee for Banking Standards _7.1 Generation of the IBAN shall be the exclusive responsibility of the bank/branch servicing the account._ (https://www.ecbs.org/Download/EBS204_V3.PDF), which means that every bank has its own IBAN generation scheme. I found no IBAN generation in OBP. You can use any address schema in OBP.
**8. Will OBP retry sending the transfers if the receiver (CBS) is down (transfer queue support)?**
- In OBP's simple world transfers are replaced by transactions & transaction requests. Transaction requests are subject of queuing & retrying at the moment when the request creates actual transaction (saveTransaction, see transaction diagram and this comment). Therefore only transaction request can have PENDING status, the transactions are always complete.
**9. Can OBP generate sub-account with flag telling that Banking Details do not belong to this account?**
- I could not find sub-accounts in OBP.
**10. Can OBP process Recalls and Returns for transfers?**
- There's no trace of Recalls nor Returns in OBP. I'd assume returns are regular transactions for OBP, perhaps bound to original transfers with info placed in _details_ ( _description_ field?) or _metadata_ ( _tags_ ?)
**11. How do SecurityChallenges work, what should CBS implement to process them?**
- Security Challenge is the way of delegating the responsibility of performing transaction to external module, when it becomes necessary (i.e. when transaction's amount > security threshold). OBP calls appropriate adapter _createChallenge_ that returns challenge id, used to call another adapter _validateChallengeAnswer_ that returns boolean value. This means that _createChallenge_ implementation is supposed to a) register the challenge, granting it an id and b) decide whether to accept or reject such transaction request, assigning appropriate boolean value to the id.
## Resources
All links and resources that could be useful in the SEPA project implementation.
