PSD2, the Payment Services Directive mandate of the European Union (EU) enables business and consumer banking customers to use third-party providers to manage financial transactions. Furthermore, the regulation requires banks to provide these third-parties access to their customers accounts through open APIs
PSD2, in fact, changes the very nature of banking when any of the participants — bank, customer, merchant, or third party — resides in Europe. The regulation also establishes different types of third parties, opening up new opportunities for enterprising service providers.
The APIs that PSD2 delineates provide the mechanism that enables PSD2 to work — and for any company serving in any of the roles that PSD2 defines, managing those APIs is essential to the seamless operation of the services and the mitigation of inherent security and performance risks.
On this webinar, digital transformation expert Jason Bloomberg, President of industry analyst firm Intellyx, will discuss the complexities of the API-enabled ecosystem that PSD2 creates and the many essential roles that API management must serve to ensure successful, secure financial transactions.
Next, Fiorano Software CEO and CTO Atul Saini will explain the actual PSD2 functionality and will show how APIs (and to a lesser extent messaging) are used to implement PSD2. He will also show how Fiorano API Management provides the security, metering, monitoring, and management that all PSD2 participants require.
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
PSD2: Open Banking with APIs
1. Jason Bloomberg Atul Saini
• A leading industry analyst and expert on agile architecture
• Advises on Digital transformation initiatives
• Popular books by Jason
- “The Agile Architecture Revolution”
- “Service Orient or Be Doomed! How Service Orientation
Will Change Your Business”
Speaker Introduction
• Founded Fiorano Software in 1995, Currently
CEO & CTO
• Been at the forefront of integration, SOA & peer-
to-peer distributed processing
• One of the first entrepreneurs to realize the
power of Microservices
14. Impact on
Banks
Before PSD2 Post PSD2
Banks need a secure gateway to expose customer account data and payment
processes to 3rd parties.
15. What Fiorano
can do for
Banks
Open up bank’s systems to provide
access to 3rd party players of PSD2
ecosystem
API
Exposure
Simplify the flow of transactions and
payments bypassing manual entry of
customer details
Streamline
Payments
Provide added services to customers
by wearing hats of PISP and AISP
Value
Added
Services
17. System
Architecture
Banks need API Management
for interaction with PISP and
other banks
PISP packages the transaction
information from the user and
sends it out to the banks
PISP
Bank 1 Bank 2 Bank 3
APIs APIs APIs
18. Key PSD2 Flow
(Step 1)
Customer
Beneficiary’s
Bank
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• Consumer consolidates all Bank accounts with PISP
• Transfers can be from any Bank account to any Beneficiary in a single
interface
19. Key PSD2 Flow
(Step 2)
Customer
Beneficiary’s
Bank
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• Secure, time-bound API tunnel created from PISP to Bank
• CryptographicTrace, with ISO messages
The PISP initiates the
payment from
customer bank to
beneficiary bank
<PIAN 1 message>
ISO20022
20. Key PSD2 Flow
(Step 2…)
Customer
Beneficiary’s
Bank
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• Before transfer, customer reviews Exchange rates,Transfer fees,Time-
guarantees, etc.
• Transaction can be reversed if consumer is not satisfied with
guarantees/rates
The PISP initiates the
payment from
customer bank to
beneficiary bank
<PIAN 1 message>
ISO20022
<PIAN 2 message>
ISO20022
- Exchange Rate
- Transfer Fee
- Time required
for payment
21. Key PSD2 Flow
(Step 3)
Customer
Beneficiary’s
Bank
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• For each transaction over a certain limit (35-45 Euro), the Bank performs a
2-factor authentication over a range of devices/methods (mobile phones,
email, etc.)
• Overall timebound for complete transaction maintained
<PIAN 2 message>
ISO20022
- Exchange Rate
- Transfer Fee
- Time required
for payment
2 Factor
Authentication
22. Key PSD2 Flow
(Step 4)
Customer
Beneficiary’s
Bank
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• After Bank executes transfer, confirmation sent to PISP via one-way
messaging
• PISP updates ‘front-office’ transaction record and maintains
cryptographic trace
<PIAN 2 message>
ISO20022
- Exchange Rate
- Transfer Fee
- Time required
for payment
2 Factor
Authentication
Post authentication the customer bank
transfers the amount to the beneficiary’s bank
23. Key PSD2 Flow
(Step 5)
Customer
The customer asks the PISP to transfer X
amount to a beneficiary
PISP
Customer’s
Bank
AISP
• Additional aknowledgements from Benefiary banks also recorded by both
PISP and AISP
2 Factor
Authentication
Post authentication the customer bank
transfers the amount to the beneficiary’s bank
<1 way asynchronous message>
Bank updates AISP & PISP with
payment acknowledgement <PIAN 2 message>
ISO20022
- Exchange Rate
- Transfer Fee
- Time required
for payment
Beneficiary’s
Bank
24. Fiorano PSD2
Solution:
Features
Secured API
connectivity
via 256 bit
encryption
Security
2 factor
authentication
via email and
mobile
Complete
view of
financial
accounts in
a single view
Transparency
End-to-end
visibility of
transaction
history
Out of the
box core
banking
integration
Interoperability
Fully
customizable
solution to
promote
innovation
25. PSD2
Requirements
Single view of entire financial account status of an individual
Complete financial transactional history for increased transparency
Strong authentication mechanism that allows 2 factor authentication
Enhanced security as confidential data is exposed to 3rd parties
Sandbox for banks to start exploring new business models under
PSD2 compliance
Complete control on APIs to provide restrictive and selective
permission access to different 3rd parties
26. Pre-requisites
Customer has already authorized PISP to initiate payment on
his behalf and the required information (includingSecurity
Tokens, etc.) is available with the customer’s bank for
verification
The Merchant has the requiredCustomer Credentials / Security
Token(s) (provided by Customer and Customer Bank during the
setup process) to initiate payment via PISP
Execution Flows (with PISP)
PSD2
Execution
Flows
(PISP)
27. Execution Flows (with PISP)
PSD2
Execution
Flows
(PISP)
Customer
Customer
Bank
Merchant/
Amazon
Step 1:
Customer places
order on merchant
website
Step 2:
Merchant contacts PISP which
has been authorized by
customer
Step 3:
PISP initiates the payment at
customer’s bank via a secure
Oauth connection
Step 4:
Customer Bank verifies
PISP’s request, debits
customer account and
wires money to Merchant
TransferWise
(PISP)
AISP
Step 5:
The Bank NotifiesAISP, PISP,
and Merchant via one-way
messages
Step 6:
AISP (optionally) sends
notification to Customer
28. Single Portal
for accessing
your banks
Banks Balance
Bank A $ 2500
Bank B $ 4500
Bank C $ 1000
Beneficiary Bank
ABC Bank A
XYZ Bank B
PQR Bank C
Step 1:
Customer chooses one of his
banks from PISP to transfer
money to a Beneficiary
$ 500
Transaction
Details
Amount Beneficiary
Customer
Accounts
Beneficiaries
Transaction
History
29. 2 Factor
Authentication
PISP
Step 2:
PISP contacts Bank A via API
Bank A
Customer
Step 3:
CustomerAuthorizes the
transaction via 2 factor
authentication
Bank C
Step 4:
Bank A completes the
transaction by transferring $500
to PQR’s account in Bank C
30. Transaction
History
&
Updated
Balance
Banks Balance
Bank A $ 2000
Bank B $ 4500
Bank C $ 1000
Beneficiary Bank
ABC Bank A
XYZ Bank B
PQR Bank C
Step 5:
Customer sees the updated
account status and transaction
history
Transaction
Details
Amount Beneficiary
Bank A to
Bank C
$ 500 PQR
Customer
Accounts
Beneficiaries
Transaction
History
32. NextSteps…
Please type in your questions using the Chat Q&A windowQ&ASession
in Progress
To find out more about Fiorano solutions, please visit www.fiorano.com
or Email us at sales@fiorano.com.
33. ThankYou
for joining
us today
To find out more about Fiorano solutions, please visit www.fiorano.com
or Email us at sales@fiorano.com.
AMERICA’S
Fiorano Software, Inc.
230 S. California Avenue
Suite 103
Palo Alto, CA 94306 USA
Tel: +1 650 326 1136
Fax: +1 646 607 5875
Toll-Free: +1 800 663 3621
Email: info@fiorano.com
EMEA
Fiorano Software Ltd
3000 Hillswood Drive
Hillswood Business Park
Chertsey Surrey KT16 0RS UK
Tel: +44 (0) 1932 895005
Fax: +44 (0) 1932 325413
Email: info_uk@fiorano.com
APAC
Fiorano Software Pte. Ltd.
Level 42, Suntec Tower Three
8 Temasek Boulevard
Singapore 038988
Tel: +65 68292234
Fax: +65 68292235
Email: info_asiapac@fiorano.com
ThisWebinar has now concluded.
We will appreciate if you can complete the feedback form
displayed at the end of the webinar