PSD2 open banking Glossary

May 28, 2018
Posted by: Brendan Jones


Acronym

Term

Definition/Description

AIS

Account Information Services

An online service which provides consolidated account information to a Payment Service User (PSU) on one or more payment accounts held by that PSU with other FIs

AISP

Account Information Service Provider

Any TPP that wishes to aggregate online account information of one or more accounts held at one or ASPSPs (FIs). This service can be used in accounting or generation of dashboards for a single customer.

API

Application Programming Interface

In computer programming, an application programming interface (API) is a set of subroutine definitions, protocols, and tools for building application software. A good API makes it easier to develop a computer program by providing all the building blocks, which are then put together by the programmer. An API may be for a web-based system, operating system, database system, computer hardware, or software library. An API specification can take many forms, but often includes specifications for routines, data structures, object classes, variables, or remote calls. POSIX, Microsoft Windows API, the C++ Standard Template Library, and Java APIs are examples of different forms of APIs. Documentation for the API is usually provided to facilitate usage. The status of APIs in intellectual property law is controversial.

API Data

API Data

API Data is data made available to an API User or a TPP through the API.

API Provider

API Provider

An API Provider is a service provider implementing an Open Data API. An API Provider provides Open Data via an API gateway.

API User

API User

An API User is any person or organisation who develops web or mobile apps which access data from an API Provider.

ASPSP

Account Servicing Payment Service Provider

An ASPSP is any financial institution that offers a payment account with online access. PSD2 will mean ASPSPs will have to provide access to let regulated third parties initiate payments and access account information.  APIs are currently considered the most practical way to do this.

ASPSP Brand

ASPSP Brand

An ASPSP brand is any registered or unregistered trade mark or other Intellectual Property Right provided by an ASPSP.

Brexit

British Exit of the EU

Brexit is the process by which the United Kingdom plans to end its current membership of the European Union. In the context of PSD2 Brexit is unlikely to have an effect on the implementation of the legislation in the UK.

CA

Competent Authorities (PSD2 related)

A competent authority is any person or organization that has the legally delegated or invested authority, capacity, or power to perform a designated function. For PSD2 the competent authority in each EU member state will have primary responsibility for monitoring compliance and enforcement of PSD2. In the UK the competent authority for PSD2 is the Financial Conduct Authority (FCA).

Card scheme

 Card scheme

A payment network tied to payment cards (debit or credit). FIs can join these schemes to offer cards to consumers.

Certificate

X509 public key certificate

A cryptographically protected data structure for storing and transporting a public key. The data structure contains the public key value together with the identity of the owner of the key, the validity period of the key and the identity of the Certificate Authority that registered the public key and signed the certificate.

CMA

Competition Markets Authority

The Competition Markets Authority is a UK body, they have been working to increase competition in UK banking; this has lead them to push for reforms in retail banking that are in line with PSD2.

CMA 9

CMA 9

The nine largest FIs in the UK, based on the volume of personal and business current accounts.  Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.

CMA Order

CMA Order

The Retail Banking Market Investigation Order 2017.

CMA Remedies

CMA Remedies

Remedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail Banking market considered to be having an adverse effect on competition. These remedies included a requirement for the UK banking industry to adopt a subset of HMT’s proposals for Open Banking.

CNP

Card Not Present

Sometimes referred to as cardholder not present, this refers to a transaction where the payer, payee and the method of payment (the card) are not in the same location, when the transaction takes place. Tackling fraud in the CNP process is a main objective of PSD2.

CP

Consultation Paper

Consultation Paper issued by the EBA to the market to solicit feedback and opinions.

Data Standard

Data Standard

The data standards issued by Open Banking from time to time in compliance with the CMA Order.

EBA

The European Banking Authority

An independent EU authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector. Its overall objectives are to maintain financial stability in the EU and to safeguard the integrity, efficiency and orderly functioning of the banking sector.

EBA Register

Electronic central register of the EBA

The EBA central register that will be an electronic central register that contains information as notified by CAs.

EC

European Commission (PSD2 context)

An institution of the European union, it is responsible for proposing legislation, implementing decisions and upholding EU treaties. In the context of PSD2 it is the force behind the proposition and adoption of the directive at a European wide level. In each country this responsibility will be managed in conjunction with the local governments and appointed Competent Authorities for example in the UK the FCA.

ECON

European Parliament Economic and Monetary Affairs Committee

An agency in charge of everything from the regulation of financial services to taxation and competition policies.

EEA

European Economic Area (PSD2 context)

The European Economic Area (EEA) unites the EU member states and the three EFTA States (Iceland, Liechtenstein and Norway) 31 countries are members. PSD2 is in force for payments within the EEA, from the EEA to outside countries and from outside countries into the EEA, in all currencies. Where one of the PSPs is situated outside the EEA these are known as One Leg Payment Transactions.

e-IDAS

electronic IDentification, Authentication and trust Services

A framework that provides a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. For PSD2, the e-IDAS framework informs the developing standards for Strong Customer Authentication for remote payments.

e-IDAS Certificates

e-IDAS public key certificates

Public key certificates that conform to the e-IDAS framework and have been issued by a Qualified Trust Service Provider (QTSP).

e-IDAS Seal Certificates

e-IDAS public key certificates for Seals

The e-IDAS certificate containing the public key used to verify the Seal (or digital signature) generated by the corresponding private key.

EMD2

Directive 2009/110/EEC (Electronic Money Directive

The Directive regulates electronic payment systems in the European Union. The aim of the Directive is to enable new and secure electronic money services and to foster effective competition between all market participants.

EMI

Electronic Money Institution

An e-money institution is a supplier of the financial product 'electronic money'. The electronic money can be used to make payments to parties others than the issuer. 'Electronic money' is a monetary value stored on an electronic carrier or remotely in a central accounting system.  An EMI has received regulatory approval from their NCA.  An EMI can passport their regulatory status to other markets in the EU.

E-Money

Emoney

Electronic money is an electronic store of monetary value on a technical device that may be widely used for making payments to entities other than the e-money issuer.

EPC

European Payments Council

Is a membership organisation created in 2002 by the major European FIs. The main task of the EPC is the development of the Single Euro Payment Area. (SEPA) a key initiative of PSD1. They represent their members’ interests in the development of PSD2, for example by preparing responses to the developing Regulatory Technical Standards.

ERPB

Euro Retail Payments Board

The purpose of the ERPB, launched by the European Central FI (ECB) is to contribute to and to facilitate the further development of an integrated, innovative and competitive market for euro retail payments in the EU.

ETV

Exemption Threshold Value

Related to the application of exemptions from Strong Customer Authentication ETV defines the payment value at which the Reference Fraud Rates must be adhered to, in order to secure a payment using Transaction Risk Analysis.

EU

European Union

The European Union is a political and economic union of 28-member states that are located primarily within Europe.

FCA

Financial Conduct Authority

The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.

FI

Financial Institution

A generic term applied to banks, credit unions, building societies, EMI and PI institutions.

GDPR

General Data Protection Regulation

A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).

IP

Internet Protocol

Internet Protocol (IP) is the principal set (or communications protocol) of digital message formats and rules for exchanging messages between computers across a single network or a series of interconnected networks, using the Internet Protocol Suite (often referred to as TCP/IP).

ITS

Implementing Technical Standards

Implementing Technical Standards define how requirements will be developed, agreed upon and implemented. The European Banking Authority is responsible for the development of the ITS’s to meet the objectives of PSD2 as defined by the European Commission.

Mandatory ASPSP

Mandatory ASPSP

Mandatory ASPSPs are entities that are required by the CMA Order to enrol with Open Banking.

Merchant Acquirer

Merchant acquirer

A financial organisation that processes credit or debit card payments on behalf of a merchant.

NCA

National Competent Authorities (PSD2 related)

As per competent authority but often called National Competent Authority.  A national competent authority is any person or organization that has the legally delegated or invested authority, capacity, or power to perform a designated function. For PSD2 the competent authority in each EU member state will have primary responsibility for monitoring compliance and enforcement of PSD2. In the UK the competent authority for PSD2 is the Financial Conduct Authority (FCA).

OB

Open Banking

The general term applied to the provision of access by TTPs to FI customers’ data normally through APIs.

OBIE

Open Banking Implementation Entity

The Open Banking Implementation Entity is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Otherwise known as Open Banking Limited.

OBWG

UK Open Banking Working Group

Established in September 2015 to explore how data can be used to help people transact, save, borrow, lend and invest their money.  The OBWG has set out an Open Banking Standard to guide how open banking data should be created, shared and used by its owners and those who access it. It is expected that the UK’s implementation of PSD2 will be somewhat driven by these recommendations.

Open Banking Ecosystem

Open Banking Ecosystem

The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants.

Open Banking Services

Open Banking Services

The open banking services to be provided by Open Banking to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory.

Open Data

Open Data

Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards.  Open Data is data that anyone can access, use or share.

Open API

Open API

An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.

P20

P20

Founded in 2017, the P20 will bring together 20 leaders in the payments industry, plus UK and US government officials and regulators to promote growth of the industry globally.

PBC

Primary Business Contact

A Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls related to Open Banking.

PI

Payment Institution

Born out of the original Payment Services Directive (PSD), a Payment Institution is a special form of payment service provider. It offers services including payment processing, foreign exchange and money remittance.

PIS

Payment Initiation Services

An online service which accesses a PSU’s account to initiate the transfer of funds on their behalf with the user's consent and authentication. Alternative payment methods commonly called push & pull payments.

PISP

Payment Initiation Service Provider

A type of TPP offering a service that allows initiation of payments without the customer needing to directly access their FI account or use a debit or credit card.

PSD

Payments Systems Directive

The Directive on Payment Services (PSD) provides the legal foundation for the creation of an EU-wide single market for payments. The PSD aims to establish a modern and comprehensive set of rules applicable to all payment services in the European Union. The goal is to make cross-border payments as easy, efficient and secure as ˜national” payments within a Member State.

PSD1

Directive 2007/64/EC (Payment Services Directive) 

Provides the necessary legal platform for the Single Euro Payments Area (SEPA).

PSD2

Directive(EU)2015/2366 (Revised Payment Services Directive)

Provides the necessary legal platform and changes to the payments framework in order to better serve the needs of an effective European payments market, fully contributing to a payments environment which nurtures competition, innovation and security to the benefits of all stakeholders and consumers in particular.  

PSD2

Revised Payment Services Directive

The Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.

PSD2 Exemptions related

Exemptions (PSD2 context)

For PSD2 Exemptions are most widely talked about in the context of exemptions from using Strong Customer Authentication, for example for parking or ticketing payments or for payments where the threshold is met based on Reference Fraud Rates for the payment value; these permissible exemptions are detailed in the Regulatory Technical Standards.

PSP

Payment Service Provider

A payment service provider (PSP) offers shops online services for accepting electronic payments by a variety of payment methods including credit card, FI-based payments such as Direct Debit, FI transfer, and real-time FI transfer based on online banking.

PSR

Payment Services Regulations

The Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.

PSU

Payment Service User

A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.

PTC

Primary Technical Contact

A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.

QTSP

Qualified Trust Service Provider

An entity allowed to issue qualified digital certificates which can be used to create qualified electronic signatures.

REST

Representational State Transfer

A set of architectural principles for designing web services

RTS

Regulatory Technical Standards

Regulatory Technical Standards define certain requirements of PSD2 in more detail. The European Banking Authority is responsible for the development of the RTS to meet the objectives of PSD2 as defined by the European Commission.

SCA

Strong Customer Authentication

Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.

SDK

Software Developer Kit

A set of software development tools that allows the creation of applications.

Standards

Standards

The Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available.

TPP

Third Party Provider

Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments.  Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).

UK Open Banking Directory

Directory

The Open Banking Directory provides a “whitelist” of participants able to operate in the Open Banking Ecosystem, as required by the CMA Order.  The Read/Write Directory also provides identity and access management services to provide identity information in order to participate in payment initiation and account information transactions through APIs.

UK Open Banking Directory Sandbox

Directory Sandbox

The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open Banking Directory.

Voluntary ASPSP

Voluntary ASPSP

Voluntary ASPSPs are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their own APIs, to enrol onto the Open Banking Directory, and to use the associated operational support services.

XS2A

Access to Accounts

Gives financial institutions, plus approved and regulated third parties, access to the FI accounts of consumers in the European Union.