Welcome to the Consumer Data Right Support Portal

Check out our guides, browse through our FAQs, and post your own questions for Support.

New to the Consumer Data Right? Learn more

Articles in this section

Glossary Follow

Avatar
Neale Morison
  • Updated

ACCC

Australian Competition and Consumer Commission

The ACCC is a co-regulator of the Consumer Data Right (CDR) regime. The OAIC is the other co-regulator.

accreditation

The status provided to an organisation that has met the requirements to be considered an Accredited Data Recipient (ADR). The Australian Competition and Consumer Commission (ACCC) is responsible for accreditation, and for the accreditation requirements.

ADI

Authorised Deposit-taking Institution

This has the meaning specified in the Banking Act 1959.

ADR

Accredited Data Recipient

See accreditation. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of ADRs and Data Holders.

API

Application Programming Interface

An API is a software intermediary that allows two applications to talk to each other. In the case of the CDS the APIs are RESTful interfaces.

AT

Access Token

 

authentication

The consumer authenticates with the Data Holder (DH). Authentication occurs alongside of authorisation.

authorisation

Authorisation occurs when a consumer consents to disclosure of CDR data from a DH.

CA

Certificate Authority

 

CDR

Consumer Data Right

See Treasury Consumer Data Right documentation.

CDR Rules

Rules defined by the ACCC outlining how CDR works. Current rules are Consumer Data Right Rules 2019.

CDR Register

The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process. UK Open Banking uses the term Directory.

CDS

Consumer Data Standards

These Standards have been developed as part of the Australian Government's introduction of the Consumer Data Right legislation to give Australians greater control over their data.

CORS

Cross-Origin Resource Sharing

See:

CRN

Customer Reference Number

CX

Consumer Experience

The consumer experience for end users (consumers) interacting with the Consent Model and the CDR ecosystem. For CX Standards and CX Guidelines, search for CX Standards and CX Guidelines on the Consumer Data Standards web site.

Data cluster

A data cluster is a grouping of data, as specified in the Data Language Standards of the Consumer Experience Guidelines. The CX Guidelines provide advice on use of data clusters. For a full discussion of data clusters and data cluster language, search for CX Guidelines on the Consumer Data Standards web site. In the latest CX Guidelines document, search for Data Language Standards.

DCR

Dynamic Client Registration

This protocol defines mechanisms for dynamically registering OAuth 2.0 clients with authorisation servers. It is used by Accredited Data Recipients and Data Holders for obtaining credentials.

DH

Data Holder

The organisation that holds the information and supplies it at the request of the ADR or consumer. The Australian Competition and Consumer Commission (ACCC) maintains a CDR register of Accredited Data Recipients (ADRs) and Data Holders (DHs). Visit the CDR Register Github site to engage in the consultation process.

DLP

Data Loss Prevention

DLP is an information industry term referring to a comprehensive strategy for information security, including the protection of data in use, data at rest, and data in motion.

DSB

Data Standards Body

The Data Standards Body assists the Data Standards Chair in making and reviewing the data standards. CSIRO is currently designated as the DSB.

DSC

Data Standards Chair

The DSC is the authority that makes and reviews the CDR Data Standards. Mr Andrew Stevens is the inaugural Data Standards Chair.

designated sector

A designated sector means a sector of the Australian economy that is to adopt the CDR. The minister designates sectors via legislative instrument.

duration

Duration of consent

The period for which the consumer consents to share CDR data with an ADR.

notification

A notice sent to a consumer related to a data sharing arrangement.

MFA

Multi-Factor Authentication

Typically MFA requires two authenticators: a password, and a code that has been sent to the consumer separately, for example by SMS, by a phone app or by email.

mTLS

mutual Transport Layer Security

OAIC

Office of the Australian Information Commissioner

The OAIC is a co-regulator of the Consumer Data Right (CDR) regime. The ACCC is the other co-regulator.

OIDD

OpenID Connect Discovery

See

OTP

One Time Password

A single-use password generated by a Data Holder and used by a consumer to authenticate. One time passwords can be provided to the consumer by various means such as SMS message, app notification, or email.

OSP

Outsourced Service Provider

A person (or corporation) to whom an accredited person discloses CDR data under a CDR outsourcing arrangement.

PDS

Product Data Specification

A collection of data that describes a product. The details are specified in the Consumer Data Standards, Get Products section.

permission

The specific data in an authorisation scope is referred to as a permission. Permissions are grouped by data cluster.

PAN

Primary Account Number

A unique number with a varying length assigned to the primary account. The Primary Account Number is also known as the unique identifier of the embossed card number designated to payment cards.

PAR

Pushed Authorisation Request

See OAuth 2.0 Pushed Authorization Requests.

PII

Personally Identifiable Information

Personally identifiable information (PII) is data that might identify an individual. Transmitting PII without adequate protection is a threat to privacy and security, and may provide the opportunity for identity theft.

PRD

Product Reference Data

PRD is the generic description of a product offering provided to consumers as part of a Product Data Specification. It does not include any personal customer information. A PRD must be provided to the public for every banking product. The DSB has a Banking Products comparator demo.

reauthorise

Permission given by a consumer for a sharing arrangement to continue (for an agreed period) beyond the expiry date of the current sharing arrangement.

register

This can refer either to the CDR Register, or to what clients do in the process of Dynamic Client Registration (DCR).

REST

REpresentational State Transfer

An architecture for web services. Services using this architecture are described as RESTful.

withdrawal

Withdrawing consent or authorisation. This occurs when a consumer stops sharing or cancels a sharing arrangement.

Comments

0 comments

Please sign in to leave a comment.