PSD2 API FrameworkMore than just Compliance project

WHITEPAPER

2 WHITEPAPER | PSD2 API Framework

PD2: Changing How We Access Our Finances

Open banking aims to empower bank customers, put them in charge of their

account data, and grant them a privilege to share the data with payment service

providers of their choice. The idea behind this is to improve the customer

experience, as well as increase marketing competition and innovation.

And Changing Banks, too

The PSD2 regulation is regarded as the single biggest change in the banking

industry, as it forces banks to open their infrastructure to a third-party. Banks need

to enable a secure way for their customers to authorize preferred third-party

providers and allow them to have a direct access to the two aspects of their bank

account:

$ their account and transactional data,

$ the ability to authorize payments directly from their account.

To tackle this challenge, banks have to overcome obstacles of security, integration,

and adaptation to an evolving ecosystem:

$ All data privacy and confidentiality risks when sharing account information;

$ How to reach customer data: does existing IT landscape provides solid

foundation when accessing those data, or is it patchier;

$ In order to provide great digital services to customers and stay ahead of their

competitors, banks have to act quickly and with an agile mindset. The

environment is everchanging, and everybody has to adopt fast.

PSD2 is not simply a compliance project – it can be used to your own benefit. It is

time to set your own PSD2 strategy and pursue ‘bank-as-a-platform’, where

third-parties will build applications and services around your institution.

comtradefintech.comWHITEPAPER | PSD2 API Framework comtradefintech.com

3 WHITEPAPER | PSD2 API Framework

Open API Approach: The Right Answer to PSD2

comtradefintech.com

Open APIs are transforming fractured, siloed landscapes, and enabling banks to

create connected experiences on existing applications. APIs will give access not

only to the bank’s own internal system, but also provide access to the new

innovative products external to the bank, such as P2P lending or digital wallets.

PSD2 is opening doors for players who will offer a full view of a customer’s

finances. Providing view over all accounts in a single dashboard, accessible 24/7,

while showing a real-time data, offers a good position to win customers and

promote their brand, no matter which bank or fintech player is actually holding the

accounts or funds. And that player could be - anybody.

4 WHITEPAPER | PSD2 API Framework

24/7

comtradefintech.com

5 WHITEPAPER | PSD2 API Framework

Comtrade Digital Services designed PSD2 API solution, that addresses all concerns of modern banking, and goes even further:

$�It is based on the Berlin Group guidelines and compliant with all requirements

of the Revised Payment Services Directive (PSD2), following local regulatory

requirements at the same time,

$� It enables third-parties to access accounts (XS2A), using strict rules and best

practices for the security of such interactions,

$�It enhances the Backbase digital banking platform with PSD2 functionalities

(AISP, PISP, PIISP),

$�It goes beyond compliance, enabling users of your bank to import accounts

from multiple other banks, thus opening a whole new area of business

opportunities.

Backbase DBP

PSU

TPP

Inte

gra

tion

Ser

vice

s

Cor

e B

anki

ng

Ed

ge

Acc

ess

Con

trol

PSD2 API

SCA & Consent MAnagement

Authentication &Authorization

DBP Service

DBP Service

DBP Service

*PSD2 API is implemented on the Backbase digital banking platform, following Backbase standards and practices, as well as local regulatory requirements.

comtradefintech.com

6 WHITEPAPER | PSD2 API Framework

PSD2 Digital Banking Platform

Extensions

comtradefintech.com

47 WHITEPAPER | PSD2 API Framework

$�PSD2 API itself is based on Berlin Group NextGenPDS2 XS2A interface

specification.

$ PSD2 capability is built using standard Backbase service SDK, following

Backbase service design guidelines.

$ Upon successful login, TPP is issued a standard Backbase JWT, providing

secure access to the DBP API.

$ PSU consent is a specialized service agreement, controlling access rights for

TPP.

$ Consent and payment request related data is persisted in dedicated database

via corresponding service.

$ When TPP issues AISP request referencing valid consent, that AISP request is

automatically placed in the context of corresponding consent service

agreement, making it fully compatible with standard DBP access control

(entitlements).

$ ASPSP part of the API, used for PSU SCA and consent management,

implements Backbase consent presentation specification.

$ UI is implemented as a standard CXP web application, using Backbase PSD2

widgets with certain level of customization.

$�This approach makes full use of existing access control infrastructure, allowing

TPP access rights to be defined as standard Backbase entitlements.

PSD2 Capability

$ PSD2 API Presentation service (Subset of Berlin Group Standard XS2A Interface)

$ Consent Presentation service (Implements Backbase API specification)

$�PSD2 Persistence service

PSD2 API Presentation service

PSD2 API Persistence service

Consent Presentation service

PSD2 Database

PSD2 Capability

comtradefintech.com

Penthouse, Blackthorn Exchange Bracken Road

Sandyford Industrial Estate Dublin 18, D18 FH39

E-mail: info.ie@comtrade.com

comtradefintech.com