Open banking is changing the way financial companies do business in the modern world. By allowing seamless and more open data exchange between parties, open banking can help improve service delivery and quality. However, in order to provide open banking services, businesses have to get consent from the clients, and the service can then, be initiated and delivered.
Open banking consent management is a very delicate matter that requires diligence, tech & legal know-how as well as stable technological architecture. So, managing consent isn’t just as simple as enabling the client to press a simple ‘Agree’ button or to tick a box. It has to be done in accordance with the GDPR and PSD regulations. Both the bank and the TPP need to know that the client has authorized access.
Usually, the open banking consent model works like this
However, this is just the most common example. There can be many more different variants of open banking consent that can work in different ways. For example, instead of requesting confirmation and authentication for every transaction, the open banking system could ask for renewing the confirmation every 12 months. During those 12 months after confirmation, there can be no need for further authentication of the client.
The open banking consent flow is heavily linked to the consent model and shows how data and information travels during the process of requesting consent.
First and foremost, open banking consent flow starts from the setup. This process should clearly indicate that by agreeing, a client will transfer some of their data to third parties and will allow them to initiate payments or collect certain data on the behalf of service providers. Every region has different regulations in terms of how authentication is done, but it’s usually a two-step verification process or a universally approved identification method like mobile identification service, logging in to a bank account, digital signature, etc.
During the consent flow, a few parties are involved. The client, the resource owner, the authorization server, and the resource server. They all communicate with one another in order to initiate, manage and end the flow of consent.
To give more detail, we will explain the step-by-step of open banking consent management in-depth, giving even more information on how a model OAuth 2.0 Flow (used by UK open banking systems) works. It’s an 11-step process, so pay close attention to not miss anything!
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept