When used in Open Banking, Account Information Service refers to an API that gives access to customer, transaction and other types of payment account information. To gain that access there needs to be two types of authorisation. On one side, the entity accessing the API must be an authorised institution (known as an AISP). On the other side, the person or business that owns that account (called the PSU) must give the AISP permission to access that specific account.
An AISP (Account Information Service Provider) is authorised by a competent authority to access the account and transaction information of individuals and businesses who have given it permission do so. An AISP might use this access to provide a aggregation service, for example, allowing people to see several of their bank accounts in one place.
API stands for ‘Application Programming Interface’ - an API provides a means by which multiple software systems can integrate with, and interact with each other through standardised protocols, typically over HTTPS. Open Banking relies on standardised APIs which allow Third Party Providers (TPPs) to connect with many different ASPSPs and get a consistent and scalable integration experience.
The ASPSPs (Account Servicing Payment Service Providers) are the account providers. These APIs provide access to customer account information (for example, to AISPs) and also allow third-party providers (TPPs) to initiate payments from the account provider’s customers’ accounts.
The customer must give specific permission to the entity that wants to access their account information and initiate payments on their behalf.
In Open Banking, a Competent Authority is a regulator who can authorise entities to be ASPSPs, AISPs, TPPs and so on. The UK Competent Authority is the FCA but it’s important to note that a provider could be authorised by a Competent Authority based in another EU state.
DCR stands for ‘Dynamic Client Registration’. DCR is a kind of API-based automatic registration standard that some ASPSPs may provide to TPPs in order to make onboarding fast and transparent but also highly secure via certain technical requirements. Dynamic Client Registration is a form of Open ID Connect (OIDC) standard that is maintained by the Open ID Foundation (OIDF).
The Open Banking Directory is the canonical list of providers who are authorised to take part in the Open Banking ecosystem. The directory handles authentication between registered providers.
The Open Banking Directory Sandbox provides a test instance of the real directory so that providers can test their implementations before going live. You’ll need to registered with the Open Banking Directory Sandbox in order to use the Allica API sandbox.
The European Banking Authority (EBA) sets the regulatory technical standards for common and secure communication and strong customer authentication under PSD2, more commonly known as the ‘RTS’.
The technical standards set for Open Banking (and PSD2 in general) by the European Banking Authority are called the Regulatory Technical Standards.
The Financial Conduct Authority is the UK regulatory responsible for authorising participants in Open Banking. It is the UK’s Competent Authority.
Open Banking Limited is the legal entity defined to design and deliver Open Banking in teh UK in the wake of the Competition and Markets Authority 2017 ‘Retail Banking Market Investigation Order’ which amongst other initiatives, kick started regulated Open Banking in the UK. OBL has been tasked with overseeing the delivery of Open Banking in the UK, in particular enforcing mandatory open standards on the largest 9 banks also known as the ‘CMA 9’.
Open Banking is the consumer-friendly name for the UK’s implementation of the second edition of European Union’s Payment Services Directive. Open Banking oversees the regulatory and technical framework, based on the requirements of the directive, of PSD2 in the UK.
Separate to PSD2, Under the CMA Order, some mandated ASPSPs, must provide certain data through APIs that are available for anyone to access. These Open Data APIs include data such ATM and branch locations, as well as production details.
Founded in 2007, the OpenID Foundation (OIDF) is a non-profit open standards body developing identity and security specifications that serve billions of consumers across millions of applications.
A payment gateway is an intermediary between a merchant services provider –– that facilitates the processing of payment cards –– and e-commerce software.
The second edition of the European Union’s Payment Services Directive sets the framework for Open Banking and similar implementations across the EU.
When used in Open Banking, Payment Initiation Service refers to an API that allows authorised third parties to initiate payments on a user’s behalf. To facilitate this there needs to be two types of authorisation. On one side, the entity accessing the API must be an authorised institution (known as a PISP). On the other side, the person or business that owns that account (called the PSU) must give the PISP permission to initiate payments against that specific account.
A Payment Initiation Service Provider is a service that uses Open Banking APIs to make a payment from a person’s bank account held at another institution, at their request.
A Payment Service Provider is any of the regulated Open Banking providers, including ASPSPs (such as Allica), PISPs and AISPs
The Payment Service Regulations are the UK’s implementation of the second edition of the European Union’s Payment Service Directive (PSD2).
A Payment Services User is an individual or business using an Open Banking payment service.
The Primary Technical Contact is the person responsible for the management of the technical aspect of an entity’s implementation of Open Banking.
Strong Customer Authentication is the technical standard required by the EBA for PSD2 services.
Third-party providers are the people or institutions that are authorised by a Competent Authority to access customer account information (AISPs) or to initiate payments (PISPs).
An Open Banking sandbox provides an environment and data for testing an implementation without having to use real data or be authorised by a Competent Authority.