Embed Size (px)
Citation preview
PSD2 APIFramework
PD2: Changing the Access to Finances
Changing the Banking Industry
Open banking aims to empower banks’ customers, putting them in charge of their account data, and granting them the privilege to share it with payment services providers of their choice.
The idea is to improve the customers’ experience, accelerate innovation in our industry and support its further development.
PSD2 isn’t simply a compliance project – it can be used to your own benefit. It is time to set your own PSD2 strategy and pursue ‘bank-as-a-platform’ system, where third parties will build applications and services around your institution.
The PSD2 regulation causes banks to open their infrastructure to third parties, which is considered to be the single biggest change in the banking industry.
Banks need to allow a secure way for customers to authorize their preferred third-party providers in having access to these aspects of their bank account:
• customer’s account and transactional data,
• the ability to authorize payments directly from customer’s account.
To tackle this challenge, banks need to adapt to an evolving ecosystem, and overcome obstacles of security and integration:
• Addressing data privacy and confidentiality risks when sharing account information,
• Verifying if current IT landscape provides solid foundation for accessing customers’ data,
• In order to provide great digital services to customers and stay ahead of its competitors, banks need to act quickly and with an agile mindset. The environment is everchanging and everybody has to adopt fast.
Open API Approach: the Right Answer to PSD2Open APIs are transforming fractured, siloed landscape and enabling banks to create connected experiences on existing applications.
APIs will give access not only to the bank’s own internal system, but also provide access to new innovative products external to the bank, such as P2P lending or digital wallets.
PSD2 is opening doors for players who will offer a full view of customer’s finances. Providing view over all accounts in a single dashboard, being accessible 24/7 and showing real-time data, it offers a strong position to win customers and promote their brand, no matter which bank or fintech player is actually holding the accounts or funds. And that player could be anybody.
PSD2 APISolutionComtrade Digital Services has designed PSD2 API solution that addresses all concerns of modern banking and goes even further: - It is based on the Berlin Group guidelines and is compliant with all requirements of the Revised Payment Services Directive (PSD2), following local regulatory requirements at the same time.
- It enables third parties to access accounts (XS2A), using strict rules and best practices for the security of such interactions,
- It enhances the Backbase Digital banking platform with PSD2 functionalities (AISP, PISP, PIISP),
- It goes beyond compliance, enabling users of your bank to import accounts from multiple other banks, which opens a whole new area of business opportunities.
* PSD2 API is implemented on Backbase digital banking platform, following Backbase standards and practices and local regulatory requirements.
PSD2 Digital Banking Platform Extensions• PSD2 API itself is based on Berlin Group NextGenPDS2 XS2A interface specification.
• PSD2 capability is built using standard Backbase service SDK, following Backbase service design guidelines.
• Upon successful login, TPP is issued a standard Backbase JWT, providing secure access to the DBP API.
• PSU consent is actually a specialized service agreement, controlling access rights for TPP.
• Consent and payment request related data is persisted in dedicated database via corresponding persistence service.
• When TPP issues AISP request referencing valid consent, that AISP request is automatically placed in context of corresponding consent service agreement, making it fully compatible with standard DBP access control (entitlements).
• ASPSP part of the API used for PSU SCA and consent management, implements Backbase consent presentation specification.
• UI is implemented as standard CXP web application, using Backbase PSD2 widgets with certain level of customization.
• This approach makes full use of existing access control infrastructure and allows TPP access rights to be defined as standard Backbase entitlements.
PSD2 Capability• PSD2 API presentation service (Subset of Berlin Group Standard XS2A Interface),
• Consent presentation service (Implements Backbase API specification), • PSD2 Persistence service.
Creating value through partnership
900+ 18 2500+satisfied customers
offices worldwide
employees worldwide
Penthouse, Blackthorn Exchange, Bracken Road, Sandyford Industrial Estate, Dublin 18, D18 P3Y9
E-mail: [email protected]
Handelskai 94-96 / 23rd floor Millennium Tower1220 Wien, Österreich, Austria
E-mail: [email protected]
Letaliska cesta 29b 1000 Ljubljana, Slovenia
E-mail: [email protected]
