SSO as an alternate authentication method

[PayPalAustralia]

Description

PayPal Australia Pty Limited (PayPal) is a limited Authorised Deposit-Taking Institution with authority to provide purchase payment facilities. Its primary business is as a digital wallet provider that allows buyers and sellers to send and receive payments online. PayPal customers are able to store balance in their PayPal account and withdraw those funds to a linked bank account, pay for goods and services or make person to person transactions within PayPal’s closed network using their PayPal account. There are three (3) types of accounts offered by PayPal: a Personal Account, a Premier Account (no longer available to new customers) and a Business Account.

When it comes to authentication, globally PayPal’s large enterprise business customers typically have their own Identity Provider (IdP) and related Single Sign On (SSO) based authentication. Some of these enterprises have integrated their IdP with the PayPal security ecosystem to authenticate users, and this is how their staff log into PayPal as authorised. To this end, they do not have individual user credentials (e.g. login and password) specific to our platform. 

The current CDR authentication model does not consider this online account authentication scenario. The authentication model for CDR with One-Time-Password (OTP) assumes that all online users of a data holder have individual user credentials with said the data holder, which is not necessarily the case for large enterprises.

Area Affected

specific standards/API’s: CDR Authentication Standards

Change Proposed

Change Requested: PayPal requests that the Data Standards Body revises the CDR Authentication Standards to allow an authentication method other than OTP. Specifically, we request that Single Sign On (SSO) be added as an alternate authentication method.