Open Banking (PSD2)

Overview

Open Banking is a financial technology initiative that aims for a faster, more convenient user experience and an increased financial transparency. At the core of Open Banking are public APIs that enable licensed third-party service providers to build their own financial applications and services. The APIs are secured in accordance with PSD2 regulations.

As part of the Open Banking initiative, the European Union has composed a new directive called Payment Services Directive 2 or PSD2. The directive specifies a list of financial services aimed for account holders and account providers, most notably Account Information Service (AIS) and Payment Initiation Service (PIS).

An important part of the PSD2 directive is making sure transactions are done in a secure manner. To achieve this, financial institutions are required to leverage Strong Customer Authentication (SCA).

In addition, the directive specifies that third parties requesting access to account holder data via APIs are required to capture and store an explicit consent from the account holder. This consent is forwarded to external account providers with each data request, and subsequently verified prior to returning any account holder data. Each given consent is valid for a maximum of 90 days, as specified by PSD2.

All licensed financial institutions within the EU are obligated to make the services available on their respective sandbox platforms by March 14th, 2019. Production deadline is June 14th, 2019. All third party providers aggregating data and initiating payments are obligated to start using PSD2 APIs beginning from September 14th, 2019.

Service descriptions

Account Information Service (AIS) enables AIS service providers to aggregate customer’s payment accounts across multiple account providers and present the information to the account holder in a single interface maintained by the AIS service provider, e.g. on a smartphone or in a web page.

AIS includes the following account information:

  • IBAN
  • Account balance
  • Account statement
  • Transaction details

Payment Initiation Service (PIS) enables PIS service providers to initiate payments on behalf of the account holder from a single access point, using any EU payment account owned by the customer as a source for the payment. The payments are confirmed using Strong Customer Authentication (SCA).

PIS includes the following payment information:

  • Payer IBAN
  • Amount
  • Currency
  • Counterparty IBAN
  • Counterparty name
  • Details
  • Reference number

Combining AIS and PIS it’s possible for account holders to manage all of their accounts and initiate payments from said accounts using a single interface.

How to participate

To enrol yourself as a PSD2 API consumer, please apply for a eIDAS PSD2 compliant QWAC certificate beforehand and then register by sending us an email. Once we’ve received the email with the QWAC certificate information, we will send you a ClientId and ClientSecret, which can be exchanged for an OAuth2 access token. All requests apart from authentication require an OAuth2 token to be included in the request header. Authorisations are confirmed by the PSU (Payment Service User) using a decoupled approach in a mobile application.

To get more information, please contact us by emailing to openbanking@pocopay.com