Time: Nov. 2, 2022, 11:10 p.m.

Status: Resolved

Update: What has happened NAB have implemented multi-factor authentication (MFA) for new devices logging in to NAB internet banking. Action taken Basiq has added support for NAB MFA. Impact * Existing active NAB web connections are not affected and will continue to refresh as normal * New NAB web connections will need the user to answer an MFA challenge * Subsequent refreshes for these new connections will not require MFA * The Basiq smart cache will continue to service NAB web connections as normal What you need to do * If you are on Basiq API v2.0, you will not be able to create any new web connections to NAB * If you want to continue supporting new NAB web connections, you will need to upgrade to v3.0 of the API - you can find upgrade notes here: https://api.basiq.io/docs/go-list-for-upgrading-to-v30 * We also recommend that you consider switching from web connections to CDR ("open banking"): CDR connections are not affected by this issue The Consumer Data Right (CDR, or "open banking") Please contact your account manager or [email protected] if you would like to know more about connecting via open banking instead of web connections. You can also read more here: https://basiq.io/open-banking-hub/ Questions? Please reach out to us any time at [email protected]

Time: Sept. 16, 2022, 5:41 a.m.

Status: Resolved

Update: Closing this ticket as testing and monitoring throughout the day has confirmed all major institutions are stable. As always, please reach out to [email protected] with any questions - we're here to help. Have a great weekend everyone.

Time: Sept. 15, 2022, 11:10 p.m.

Status: Monitoring

Update: We are continuing to monitor but no major issues noted so far. The big 4 have been stable and we are working through verifying all data holders. We will keep this ticket open for your visibility until confirmed all stable.

Time: Sept. 15, 2022, 3:22 a.m.

Status: Monitoring

Update: The CDR Data Standards Body has mandated that all data holders must make a change to their security profile from midnight tonight (Friday 16 September 00:00). Basiq has already deployed the required changes and are not planning any outage for this work. There may be a brief interruption for each data holder as the bank applies changes on their side. As each one comes back up we will be testing and confirming connectivity. There is room for interpretation in the new standard so there is a slight risk of a bank implementing the change differently to Basiq; as there is no CDR test environment, we can only wait for the banks to make their changes live. Anticipated impact: * no impact to web connectors, unless the banks make changes to their internet banking at the same time * while the bank is deploying the change midnight to dawn, their CDR APIs may be unavailable * once the bank has deployed the change, if Basiq is unable to authenticate then new users will not be able to connect the bank via CDR; we will be pro-actively testing and following up as needed to keep these to a minimum Technical readers can read more about the security profile requirements, here: https://consumerdatastandardsaustralia.github.io/standards/#security-profile As always, please reach out to [email protected] with any questions or concerns.

Time: Sept. 16, 2022, 5:41 a.m.

Status: Resolved

Update: Closing this ticket as testing and monitoring throughout the day has confirmed all major institutions are stable. As always, please reach out to [email protected] with any questions - we're here to help. Have a great weekend everyone.

Time: Sept. 15, 2022, 11:10 p.m.

Status: Monitoring

Update: We are continuing to monitor but no major issues noted so far. The big 4 have been stable and we are working through verifying all data holders. We will keep this ticket open for your visibility until confirmed all stable.

Time: Sept. 15, 2022, 3:22 a.m.

Status: Monitoring

Update: The CDR Data Standards Body has mandated that all data holders must make a change to their security profile from midnight tonight (Friday 16 September 00:00). Basiq has already deployed the required changes and are not planning any outage for this work. There may be a brief interruption for each data holder as the bank applies changes on their side. As each one comes back up we will be testing and confirming connectivity. There is room for interpretation in the new standard so there is a slight risk of a bank implementing the change differently to Basiq; as there is no CDR test environment, we can only wait for the banks to make their changes live. Anticipated impact: * no impact to web connectors, unless the banks make changes to their internet banking at the same time * while the bank is deploying the change midnight to dawn, their CDR APIs may be unavailable * once the bank has deployed the change, if Basiq is unable to authenticate then new users will not be able to connect the bank via CDR; we will be pro-actively testing and following up as needed to keep these to a minimum Technical readers can read more about the security profile requirements, here: https://consumerdatastandardsaustralia.github.io/standards/#security-profile As always, please reach out to [email protected] with any questions or concerns.

Time: Sept. 8, 2022, 1:58 a.m.

Status: Resolved

Update: This incident has been resolved. Thank-you for your patience.

Time: Sept. 7, 2022, 1:31 a.m.

Status: Monitoring

Update: Root cause was confusion regarding the rolling out of new standards for the CDR handshake between data recipients (Basiq and our partners) and data holders (banks). Basiq deployed a change last night but some data holders did not, and as a result the handshake for those banks is failing. We have rolled back our change and confirmed service is restored; we are also following up with the ACCC. If you have any further trouble, please reach out to [email protected].

Time: Sept. 7, 2022, 12:15 a.m.

Status: Investigating

Update: We are investigating an issue with creating new CDR connections in the consent UI: when an end user selects a CDR-enabled institution, the redirect to that institution fails with an error, "SyntaxError: Unexpected token 'I'..." This issue only affects the creation of new CDR connections: refreshes on existing connections are working, and creation of web connections is also working. We will update this notice with progress.

Time: Sept. 8, 2022, 1:58 a.m.

Status: Resolved

Update: This incident has been resolved. Thank-you for your patience.

Time: Sept. 7, 2022, 1:31 a.m.

Status: Monitoring

Update: Root cause was confusion regarding the rolling out of new standards for the CDR handshake between data recipients (Basiq and our partners) and data holders (banks). Basiq deployed a change last night but some data holders did not, and as a result the handshake for those banks is failing. We have rolled back our change and confirmed service is restored; we are also following up with the ACCC. If you have any further trouble, please reach out to [email protected].

Time: Sept. 7, 2022, 12:15 a.m.

Status: Investigating

Update: We are investigating an issue with creating new CDR connections in the consent UI: when an end user selects a CDR-enabled institution, the redirect to that institution fails with an error, "SyntaxError: Unexpected token 'I'..." This issue only affects the creation of new CDR connections: refreshes on existing connections are working, and creation of web connections is also working. We will update this notice with progress.