Account Information Services (AIS) provides customers (PSU) with access to their bank and payment accounts with different account servicing payment service providers (ASPSPs) in a single place. The entity accessing the account information and providing the service to the PSU must be an authorised institution known as an AISP. The PSU must give the AISP permission (consent) to access the required account data. The PSU must also authenticate with their account provider (ASPSP) to authorise the data disclosure with the AISP.
An AISP (Account Information Service Provider) is authorised by a competent authority to access the account and transaction information of individuals and businesses who have given it permission do so. An AISP might use this access to provide an aggregation service, for example, allowing people to see several of their bank accounts in one place.
Anti-money laundering processes, regulations and laws.
Account Servicing Payment Service Providers (ASPSPs) provide and maintain payment accounts for customers (PSUs). Under PSD2, ASPSPs must provide free of charge access to customer payment account information and also allow third-party providers (PISPs) to initiate payments from the customers’ payment account. The customer must give specific permission to the entity that wants to access their account information and initiate payments on their behalf.
A card-based payment instrument issuer (CBPII) is a Payment Service Provider (PSP) that can issue a card-based payment instrument to customers in order to initiate a payment. The PSP who issues the card-based payment instrument does not have to be the financial institution (ASPSP) who manages and services the payment account of the customer.
Under PSD2 Article 65 where the PSP does not service the customer’s payment account the PSP can request confirmation of availability of funds for the payment transaction value from the ASPSP. Before this request can be made, the customer must give their explicit consent to the ASPSP to provide this yes / no answer to the confirmation of availability of funds.
A competent authority is a regulatory agent or supervising body that has oversight of financial institutions, ensuring they behave responsibly and safely in the interest of the public and the wider market. In Open Banking, the Competent Authority is the regulator who authorises entities to be AISPs and PISPs.
The Open Banking Consent is the authority from the customer for the bank and the third party provider to access the customer's bank account or to initiate a payment. The consent defines the scope and duration of the access or payment initiation details. After the customer has authenticated (SCA) themselves with the ASPSP and authorised the consent the TPP can access the account information or initiate the payments without further customer interaction, as long as the consent has not expired or has been not revoked by the customer.
As per PSD2 RTS SCA & CSC Article 31, ASPSPs can provide a dedicated interface that allows TPPs to access account information and initiate payments on behalf of the customer. For Open Banking, the dedicated interface are APIs that are provided by ASPSPs based on a standard or framework like the Berlin Group NextGenPSD2.
The European Banking Authority (EBA) is an independent EU Authority which works to ensure effective and consistent prudential regulation and supervision across the European banking sector.
The technical standards set for Open Banking (and PSD2 in general) by the European Banking Authority are called the Regulatory Technical Standards.
The Berlin Group NextGenPSD2 framework provides services that can add additional value to the bank or the financial institution. As these added services are outside the scope of PSD2 Banks have the freedom to choose whether they implement the additional services.
Regulations designed to prevent money laundering require that financial institutions can prove the identity of their customers. Know Your Customer is the process of verifying the customer’s identity and evaluating potential risk for illegal activity.
Open Banking is the consumer-friendly name for the implementation of the second edition of the European Union’s Payment Services Directive (PSD2).
A payment gateway is an intermediary between a merchant services provider –– that facilitates the processing of payment cards –– and ecommerce software.
A Payment Initiation Services Provider is a service that uses Open Banking APIs to make a payment from a person’s bank account held at another institution, at their request.
The second edition of the European Union’s Payment Services Directive. The objectives of PSD2 were to make payments safer, increase the consumers’ protection, foster innovation and competition while ensuring a level playing field for all players, including new ones.
PSD2 created two new types of PSP, commonly referred to as ‘third party payment service providers‘ (TPPs) with the goal to strike a balance between opening up the payments market and maintaining appropriate security standards for online payments.
The two new types of PSP were Account Information Service Providers (AISP) and Payment Initiation Service Provider (PISP).
PSD2 did not define the dedicated interface (APIs) that must be implemented to enable access to payment accounts or initiate payments. The definition of standard APIs in the EU was left to individual Member States or organizations like the Berlin Group.
A Payment Service Provider (PSP) is a third-party company that facilitates electronic payment transactions between customers, businesses and banks. PSPs provide the necessary infrastructure, security measures, and compliance with regulations to allow businesses to process payments securely and efficiently.
A Payment Services User is an individual customer or business using an Open Banking payment service.
A sandbox is an isolated testing environment that enables developers to run and test their applications without having to use real customers or data, or access the Production environment.
A sandbox must be provided by the ASPSP to meet the PSD2 RTS testing facility requirement. The sandbox must allow TPPs to perform functional testing to verify their software and applications created to provide PSD2 payment service.
Strong customer authentication (SCA) involves the use of two-factor authentication for bank operations as well as a stricter definition of what counts as an authentication factor. Introduced in 2019 as part of the RTS SCA & CSC with the goal to improve the security of payments and limit fraud during the authentication process.
The SEPA Credit Transfer scheme enables any individual or business to easily move money from one account to another. Although SEPA transfers generally cost the same as local domestic bank transfers, some banks may charge an extra fee for them.
The SEPA Credit Transfer Instant scheme enables the electronic transfer of up to EUR 15,000 in funds in less than 10 seconds.
Third-party providers are the institutions that are authorised by a Competent Authority to access customer account information (AISPs) or to initiate payments (PISPs).
Access to account –– a key principle in PSD2 –– is a provision that enables third-party access to the bank accounts of individuals and businesses.