A |
(AISP) Account Information Service Provider
An Account Information Service provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s). |
API (application programming interface)
An application programming interface, or API, enables companies to open up their applications’ data and functionality to external third-party developers, business partners, and internal departments within their companies. |
API Data
API Data is data made available to an API User or a Third-Party Provider through API(s). |
API Service Provider
An API Provider is a service provider implementing an Open Data API. An API Provider provides Open Data via an API gateway. |
(ASPSP) Account Servicing Payment Service Providers
Provide and maintain payment accounts for payment service users (PSUs). Traditionally, ASPSPs are banks and similar institutions. Under Open Banking, ASPSPs publish Read/Write APIs. These enable consumers to share their account transaction data with third-party providers; in turn third-party-providers can initiate payments on their behalf. Under PSD2, all ASPSPs in Europe are required SP) Account Servicing Payment Service Provider. |
B |
C |
Card Based Payment Instrument Issuer (CBPII)
CBPII stands for Card Based Payment Instrument Issuer. It gives its customers the option to initiate card-based payments from payment accounts held by an Account Servicing Payment Service Providers. An example would be paying your credit card provider via your bank account. |
CMA (Competition and Markets Authority)
The CMA is a UK competition regulator. It is a non-ministerial government department with the responsibility of increasing business competition and reducing anti-competitive activities such as price fixing. |
CMA9
The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland). The were the first mandatory Account Servicing Payment Service Providers. |
CMA Order
In 2017, the CMA published the Retail Banking Market Investigation Order, in which they conclude that competition in the financial sector needed to be stimulated. In this Order, the CMA required the CMA9 – the nine largest banks in the UK – to start sharing customer data under Open Banking and to set up the Open Banking Implementation Entity. |
Competent Authority
A Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subject matter of Participants. Third-Party Providers must obtain a license from their country’s national competent authority (NCA) before being allowed to access banks’ customer data. |
D |
E |
EBA (The European Banking Authority)
The European Banking Authority (EBA) is an independent EU authority regulating and supervising the European banking sector. It is involved in open banking through its working group on APIs under PSD2. |
European Banking Authority Regulatory Technical Standards (EBA RTS)
The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes. |
F |
The Financial Conduct Authority (FCA)
The Financial Conduct Authority is the Competent Authority for the UK. They work to make financial markets work efficiently. The FCA aims to offer consumers a fair deal by protecting customers, enhancing market integrity, and promoting competition. The FCA is the conduct regulator for over 55,000 financial services firms and financial markets in the UK. |
G |
GDPR (General Data Protection Regulation)
A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). The GDPR is important in the context of open banking because it provides regulations for how and how long companies are allowed to store their customers’ personal data and the right for the data subject to be forgotten. |
H |
I |
J |
K |
Know Your Customer (KYC)
Banks are legally required to verify the identities of their customers to reduce risks of illegal interactions such as money laundering or dealing with sanctioned countries. |
L |
M |
Mandatory ASPSPs
Mandatory ASPSPs are entities that are required by the CMA Order to enrol with Open Banking. The CMA9 were the first mandatory ASPSP’s. |
N |
O |
OBIE (Open Banking Implementation Entity)
The Open Banking Implementation Entity is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. |
Open API
An Open API is an API that is made freely available for developers to use. Under Open Banking, the CMA9 were required to create Open APIs that give access to current accounts. Under PSD2, all banks in the EU are required to do the same. |
Open Banking
Open banking aims to give power back to consumers. In the UK, open banking was implemented via the CMA through the Open Banking regulation. In the EU, the relevant regulation falls under the second Payment Services Directive (PSD2) From a technical perspective, Open Banking is the secure bi-directional exchange of data to/from third-parties such as customers and partners via API and helps businesses and consumers move, manage and make more of their money. |
Open Banking Ecosystem
The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants. |
Open Data
Open data is data that anyone can use, access or share. Open banking is facilitating the implementation of open data across the EU. This may include information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards. |
P |
Payment Initiation Service Provider (PISP)
A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. A PISP is authorised to initiate payments into or out of a user’s account. |
PSD2 (The Payment Service Directive 2)
The European Payment Services Directives are a set of regulations that were created to facilitate an innovative and competitive cross-European payments environment. (PSD2) mandates that banks must share (with customer consent) consumer banking data with registered and licensed TPPs for the purposes of payment or account information services to allow more flexibility and competition into the market. |
Payment Service User
A PSU is a person or legal entity that uses a payment service to view, send or receive money. These are the people/entities who can now, under PSD2 and Open Banking, share their account data with third-party providers. |
Q |
R |
Read/Write API
A PSU is a person or legal entity that uses a payment service to view, send or receive money. These are the people/entities who can now, under PSD2 and Open Banking, share their account data with third-party providers. |
Read/Write Data
Read/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of Personal and Business Current Accounts and/or initiate payments from those accounts. |
S |
Strong Customer Authentication (SCA)
Strong Customer Authentication was defined in the European Banking Authority's Regulatory Technical Standards. SCA aims to improve customer security by increasing the strength of their authentication when logging into online banking, from only their username and password to two or more independent multi-factor identification elements. These include something only the user knows (e.g. a one-time password or secure key), something only the user possesses (e.g. a mobile device) or something part of the user (e.g. biometrics). SCA was made mandatory under PSD2 and will be implemented in phases. TPPs operating under open banking must update their user login methods in line with these new SCA requirements. |
Sweeping
Sweeping is the automated movement of a customer's funds between two accounts in their name, such as a current and savings account. It is commonly used to help the customer avoid overdraft charges, repay a loan or benefit from better interest rates. |
T |
Third Party Provider
Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs). Third-Party Providers must register with and obtain a license from their country’s national competent authority before being allowed to access a bank’s customer data. |
U |
V |
W |
X |
Y |
Z |
