Difference between revisions of "Open Banking"
(→Context) |
(→Context) |
||
Line 5: | Line 5: | ||
==Context== | ==Context== | ||
− | A Chris Michael interview<ref>Saira Guthrie, ''Open Banking and Identity: Chris Michael Talks Current State, Trends and the Future.'' Ping https://www.pingidentity.com/en/company/blog/posts/2018/open-banking-identity-chris-michael-talks-current-state-trends-future.html?</ref> described Open Banking Limited, the brand name of the Open Banking Implementation Entity (OBIE), as a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create standards and implementation guidelines for United Kingdom retail banking. The organization is funded by major UK banks. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international | + | A Chris Michael interview<ref>Saira Guthrie, ''Open Banking and Identity: Chris Michael Talks Current State, Trends and the Future.'' Ping https://www.pingidentity.com/en/company/blog/posts/2018/open-banking-identity-chris-michael-talks-current-state-trends-future.html?</ref> described Open Banking Limited, the brand name of the Open Banking Implementation Entity (OBIE), as a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create standards and implementation guidelines for United Kingdom retail banking. The organization is funded by major UK banks. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international payments. It sounds more dangerous every day. |
“I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said. | “I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said. |
Revision as of 08:47, 21 September 2018
Contents
Full Title or Meme
Open Banking is both a concept and an actual implementation in the UK.
This page will address both the UK implementation of the EU banking standards and the concept of Open Banking.
Context
A Chris Michael interview[1] described Open Banking Limited, the brand name of the Open Banking Implementation Entity (OBIE), as a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create standards and implementation guidelines for United Kingdom retail banking. The organization is funded by major UK banks. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international payments. It sounds more dangerous every day.
“I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said.
Part of that evolution revolves around the fact that while Open Banking is the name of a UK initiative, “open banking” as a concept is spreading globally. In Australia, for example, the Australian Government is pushing forward with Open Banking, recommending adopting the UK’s standards. Japanese banks and financial institutions are registering as payment providers and soon will be required to open their APIs. And here in the United States, Intuit’s Mint now uses OAuth to connect to select banks like Bank of America, Chase Bank, and Capital One with tokens instead of username and password. At Ping, we expect that Open Banking’s version 3 standard, released in September, will reflect this growing scope.
“We're also trying to make sure that these standards are true global standards. So we're working with other standards bodies globally, whether it's in Europe or other emerging markets like Australia, to try and make sure that everyone's using the same core standards,” Michael said. “What we're doing now is creating standards and implementation services for not just the CMA order but for the whole of PSD2, and our standard is designed to be one that is a European, if not a global standard, for financial APIs.”
“It's really great to see so many other markets who are adopting open banking and also who are looking to our standards as a kind of gold standard to build on,” he added. “But it's also great to talk to those other markets and talk to the identity professionals who are looking at open banking in those markets because I think there's also quite a lot that we can learn from them as well.” When it comes to standards creation, the open banking arena is changing rapidly. Open Banking originally was focused on a subset of PSD2, namely personal and business accounts in UK currency. Now the group is tackling a broader set that covers all PSD2 requirements for payment providers across Europe and includes credit cards and e-wallets, all currencies, and FX international payments—and the landscape continues to shift.
“I think the standards will evolve even beyond that, so this is a really interesting space,” Michael said.
Part of that evolution revolves around the fact that while Open Banking is the name of a UK initiative, “open banking” as a concept is spreading globally. In Australia, for example, the Australian Government is pushing forward with Open Banking, recommending adopting the UK’s standards. Japanese banks and financial institutions are registering as payment providers and soon will be required to open their APIs. And here in the United States, Intuit’s Mint now uses OAuth to connect to select banks like Bank of America, Chase Bank, and Capital One with tokens instead of username and password. At Ping, we expect that Open Banking’s version 3 standard, released in September, will reflect this growing scope.
“We're also trying to make sure that these standards are true global standards. So we're working with other standards bodies globally, whether it's in Europe or other emerging markets like Australia, to try and make sure that everyone's using the same core standards,” Michael said. “What we're doing now is creating standards and implementation services for not just the CMA order but for the whole of PSD2, and our standard is designed to be one that is a European, if not a global standard, for financial APIs.”
The Open Banking team is working with the OpenID Foundation to create a profile of OpenID Connect and OAuth 2.0 called Financial-grade API, or FAPI.
Banking APIs Now in Deployment
Definitions of interest from the UK Open Banking effort. These acronyms are used through-out the already jargon-heavy industry and will cause lots of head scratching. The major issue is whether Trusted Third Party access to the Users account are read-only (for consolidated reporting - aka screen scraping), or read/write (for payment initiation).
Entity Name | Type | Cat | Description | Access |
Payment Service User (PSU) | Real World Entity | N/A | a natural or legal person making use of a payment service as a payee, payer or both | No |
Payment Service Provider (PSP) | Legal Entity | N/A | A legal entity (and some natural persons) that provide payment services as defined by PSD2 Article 4(11) | Yes |
Account Servicing Payment Service Provider (ASPSP) | Legal Entity | PSP | provides and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points. | ?? |
Third Party Providers / Trusted Third Parties (TPP) | Legal Entity | PSP | organisation or natural person that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are PISPs or AISPs. | see PISP and AISP below |
Payment Initiation Service Provider (PISP) | Legal Entity | TPP | provide an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider. | read write |
Account Information Service Provider (AISP) | Legal Entity | TPP | provide account information services to consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s). | read only |
Financial Conduct Authority | Legal Entity | Federation Owner | The FCA is the competent authority for the UK | No |
Problems
The following are listed as problems that will be solved.
- The major selling point of this effort by the European bureaucrats is for increased competition.
- The major selling point of this effort by the standards makers is reduction of the risk caused by "screen-scraping" by personal financial consolidation software, which needs full user passwords to the banks today.
There are several areas that will need to be monitored as Open Banking roles out in the EU as exacerbating existing problems in the banking world.
- Out right fraud https://www.bloomberg.com/news/features/2018-09-11/why-the-eu-is-furious-with-malta
- Money laundering
Solutions
- The UK open banking specs are keep on an open source repository.[2]
References
- ↑ Saira Guthrie, Open Banking and Identity: Chris Michael Talks Current State, Trends and the Future. Ping https://www.pingidentity.com/en/company/blog/posts/2018/open-banking-identity-chris-michael-talks-current-state-trends-future.html?
- ↑ Open Banking Specs version 1.1.1-rc1 https://openbanking.atlassian.net/wiki/spaces/DZ/pages/28737919/The+Open+Banking+Directory+-+v1.1.1-rc1
External Sites
- The API page on this wiki helps put the banking apis in context.
- CEF: Opening a Bank Account Across Borders with an EU National Digital Identity for OIX Europe