As a concept, open banking has ignited a revolution in the financial industry, allowing users to finally take full advantage of their financial data. With the possibility of third party access to bank accounts, financial data that was until now exclusively managed by banks, can be used by third party providers to offer a new range of services.
Open banking is regulated in the European Union by the revised payments service directive (PSD2), and OBIE (Open Banking Implementation Entity) in the UK.
What is an open banking provider?
Essentially, they act as a middleman in the banking industry, allowing users to have access to an interface designed to match their necessities and access their financial data efficiently.
All third party providers (TPPs) must be licensed and registered as digital service providers with the FCA (UK Financial Conduct Authority) in the UK and the respective designated entity in each EEA country.
What type of TPP there are, and what can they do?
There are two main types of TPPs:
- Payment Initiation Services Provider (PISP)
- Account Information Service Provider (AISP)
A PISP can initiate a payment service without needing to use a card or log into a personal or corporate bank account. However, the Strong Customer Authentication (SCA) still applies to ensure security. This means that for any action to be performed, user consent and identity verification must be guaranteed.
An AISP is a digital service provider that aggregates your financial information from all banking institutions and portrays it in one place. It has no access to consumers funds, however, all the transactional data is accessible. AISPs can be used for better financial management purposes or to ease loan application processes. Just as it happens with PISPs, users need to give consent before an AISP can move forward with the requested information gathering.
Big names in Europe and the UK
With the growth and great traction of open banking in Europe, it was just a matter of time until the number of third party providers would increase exponentially. Just by looking at the official list published on the Open Banking website, it’s easy to understand how much this market is growing, with new open banking providers being born every week.
At the moment, there are 295 registered financial service providers in the UK, who help to make open banking available to everyone. In the list, there are some well-known companies who can already be recognised no only in the UK, but also around Europe:
- Acquired Limited
- Afterbanks LTD
- Experian Limited
- GoCardless Ltd
- Salt Edge
- Skrill Limited
- Trustly Group
Open banking API providers
Before going into what an API provider is, it’s essential to understand what an API is, since it is a crucial piece of the puzzle that allowed open banking online to become a reality.
An API, or Application Programming Interface, is a set of definitions and protocols for building and integrating software applications. Essentially, they allow developers to make their applications’ data and features available to other developers.
To know more about how they work and how they can be used, you can visit our page dedicated to APIs.
What is an API provider?
Open banking API providers are all the companies that, in one way or another, provide third party access to bank accounts.
With a summarised approach to the definition, we can consider API providers both AISPs and PISPs, since they all provide APIs to facilitate their customers' access to open banking.
What are the basic security rules API providers need to follow?
All third party providers need to be regulated and licensed to be an active member of the open banking industry. Since the implementation of PSD2, payment services need to ensure compliance with a very specific set of regulations.
One of the main pillars of PSD2 regarding security and fraud reduction is the implementation of strong customer authentication, also known as SCA.
If you want to know more in detail about SCA, we have a dedicated page to this topic. Below you can find all the basics to understand how it works, and why it is important.
Strong Customer Authentication has two main goals: reduce fraud and make online payments more secure.
The application of SCA is done by using two-factor authentication (2FA), where customers need to provide two independent pieces of information to confirm their identity:
- Something they own (e.g., smartphone)
- Something they know (e.g., PIN code)
- Something they are (e.g., fingerprint)
With this regulation, customers can be sure that no one will be able to impersonate them and their financial information will be secure.
Some important API providers available in the UK
- Nordigen — aggregates regulated bank APIs with major European banks in a single API. One can access account holder name, bank account number and historic transactions with their consent, for free.
- Afterbanks — their technology is a key piece in scoring and account ownership verification processes for real-time loans. They also process payments by creating a single, standardized interface for all PSD2 APIs in Europe.
- Token.io — allows financial institutions and other players in the payments' ecosystem, such as merchants and payment processors, to build bank direct payment methods and data aggregation solutions for their customers. The platform aims to raise security, reduce fraud and disintermediation. Unlike in-house developed solutions, Token supports the same API across all banks.
- Saltedge — aggregate users’ bank accounts with their consent and get balances, transaction data and verify their identity. Initiate payments and transfers from users’ accounts across Europe.
- Tink — their open banking platform enables banks, fintechs, and startups across Europe to develop data-driven financial services. Through one API, Tink allows customers to access aggregated financial data, initiate payments, enrich transactions and build personal finance management tools.
- Truelayer — enables companies to capitalise on new Open Banking initiatives in the UK, and the broader, European wide PSD2 rules by providing secure, clear and simple access to banking infrastructure.
- Budget Insight — provides APIs to access accounts on more than 300 European banks and 200 invoice providers.
- Bud Financial — brings together data from multiple financial institutions via its proprietary aggregation technology. Bud’s machine learning capability uses lines of transactional data to understand users and to help highlight where they spend, how they can save and which financial services might be relevant for a user via the marketplace.
Do you have any additional questions or doubts about open banking and everything involved with it? Check our page with the most Frequent Asked Questions.