For a sole trader, should the Get Customer API response supply
organisation details or both?
If the authenticated user has the ability to access both personal and business accounts through the same login, should the schema allow for both options, or does organisation data prevail if both are available?
The Standards have accommodated business and retail profiles under a single login by allowing the Data Holder (DH) to define the concept of "consumer" according to the DH's own usage and current digital Customer Experience (CX).
The following key statement in the standards is in the CDS CDR Federation section:
For the purposes of this standard a single person or individual may be represented as multiple Customers according to the practice of the Data Holder according to their existing digital channels.
If the customer has multiple separate profiles with the DH under one identity, the DH must show a profile selection step so that the customer can choose what accounts to share.
If the consumer is sharing personal accounts, then the DH shares personal customer details.
If the individual is sharing business accounts, then the DH shares organisation details.
In determining whether, post authentication, the customer is using a personal or business profile, see the CDR Federation definition of Consumer.
If it is not clear whether the customer is intending to share personal or business data, the decision is at the discretion of the Data Holder (DH). The DH should align with the treatment in existing digital channels. If the DH treats the customer as a business with an agent, the DH responds with organisation data. If the DH treats the customer as an individual, the DH responds with person data.
The Customer Experience (CX) of the profile selection step might work as follows:
- Consumer specifies their user ID.
- Consumer provides the One-Time Password (OTP).
- The DH then asks "are you sharing as a personal or business customer?" and the consumer selects their preference.
- Optionally, if the consumer selects business, they may be asked to specify the business or trust for which they wish to share details.
- The DH holder now uses the subject identifier to refer to this customer, in a business context, for the specified business.
The above is only a suggested sequence for profile selection. The actual profile selection sequence is at the discretion of the Data Holder.
- CDS Common APIs, Get Customer
- CDS CDR Federation
- CDS CommonOrganisation
- CDS ResponseCommonCustomer schema