Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
PSD2 API FrameworkMore than just Compliance project
WHITEPAPER
2 WHITEPAPER | PSD2 API Framework
PD2: Changing How We Access Our Finances
Open banking aims to empower bank customers, put them in charge of their
account data, and grant them a privilege to share the data with payment service
providers of their choice. The idea behind this is to improve the customer
experience, as well as increase marketing competition and innovation.
And Changing Banks, too
The PSD2 regulation is regarded as the single biggest change in the banking
industry, as it forces banks to open their infrastructure to a third-party. Banks need
to enable a secure way for their customers to authorize preferred third-party
providers and allow them to have a direct access to the two aspects of their bank
account:
$ their account and transactional data,
$ the ability to authorize payments directly from their account.
To tackle this challenge, banks have to overcome obstacles of security, integration,
and adaptation to an evolving ecosystem:
$ All data privacy and confidentiality risks when sharing account information;
$ How to reach customer data: does existing IT landscape provides solid
foundation when accessing those data, or is it patchier;
$ In order to provide great digital services to customers and stay ahead of their
competitors, banks have to act quickly and with an agile mindset. The
environment is everchanging, and everybody has to adopt fast.
PSD2 is not simply a compliance project – it can be used to your own benefit. It is
time to set your own PSD2 strategy and pursue ‘bank-as-a-platform’, where
third-parties will build applications and services around your institution.
comtradefintech.comWHITEPAPER | PSD2 API Framework comtradefintech.com
3 WHITEPAPER | PSD2 API Framework
Open API Approach: The Right Answer to PSD2
comtradefintech.com
Open APIs are transforming fractured, siloed landscapes, and enabling banks to
create connected experiences on existing applications. APIs will give access not
only to the bank’s own internal system, but also provide access to the new
innovative products external to the bank, such as P2P lending or digital wallets.
PSD2 is opening doors for players who will offer a full view of a customer’s
finances. Providing view over all accounts in a single dashboard, accessible 24/7,
while showing a real-time data, offers a good position to win customers and
promote their brand, no matter which bank or fintech player is actually holding the
accounts or funds. And that player could be - anybody.
4 WHITEPAPER | PSD2 API Framework
24/7
comtradefintech.com
5 WHITEPAPER | PSD2 API Framework
Comtrade Digital Services designed PSD2 API solution, that addresses all concerns of modern banking, and goes even further:
$�It is based on the Berlin Group guidelines and compliant with all requirements
of the Revised Payment Services Directive (PSD2), following local regulatory
requirements at the same time,
$� It enables third-parties to access accounts (XS2A), using strict rules and best
practices for the security of such interactions,
$�It enhances the Backbase digital banking platform with PSD2 functionalities
(AISP, PISP, PIISP),
$�It goes beyond compliance, enabling users of your bank to import accounts
from multiple other banks, thus opening a whole new area of business
opportunities.
Backbase DBP
PSU
TPP
Inte
gra
tion
Ser
vice
s
Cor
e B
anki
ng
Ed
ge
Acc
ess
Con
trol
PSD2 API
SCA & Consent MAnagement
Authentication &Authorization
DBP Service
DBP Service
DBP Service
*PSD2 API is implemented on the Backbase digital banking platform, following Backbase standards and practices, as well as local regulatory requirements.
comtradefintech.com
6 WHITEPAPER | PSD2 API Framework
PSD2 Digital Banking Platform
Extensions
comtradefintech.com
47 WHITEPAPER | PSD2 API Framework
$�PSD2 API itself is based on Berlin Group NextGenPDS2 XS2A interface
specification.
$ PSD2 capability is built using standard Backbase service SDK, following
Backbase service design guidelines.
$ Upon successful login, TPP is issued a standard Backbase JWT, providing
secure access to the DBP API.
$ PSU consent is a specialized service agreement, controlling access rights for
TPP.
$ Consent and payment request related data is persisted in dedicated database
via corresponding service.
$ When TPP issues AISP request referencing valid consent, that AISP request is
automatically placed in the context of corresponding consent service
agreement, making it fully compatible with standard DBP access control
(entitlements).
$ ASPSP part of the API, used for PSU SCA and consent management,
implements Backbase consent presentation specification.
$ UI is implemented as a standard CXP web application, using Backbase PSD2
widgets with certain level of customization.
$�This approach makes full use of existing access control infrastructure, allowing
TPP access rights to be defined as standard Backbase entitlements.
PSD2 Capability
$ PSD2 API Presentation service (Subset of Berlin Group Standard XS2A Interface)
$ Consent Presentation service (Implements Backbase API specification)
$�PSD2 Persistence service
PSD2 API Presentation service
PSD2 API Persistence service
Consent Presentation service
PSD2 Database
PSD2 Capability
comtradefintech.com
Penthouse, Blackthorn Exchange Bracken Road
Sandyford Industrial Estate Dublin 18, D18 FH39
E-mail: [email protected]
comtradefintech.com