Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical Demonstration

316 views

Published on

This slide deck explores how WSO2 Open Banking is built to address the key pain points of PSD2 compliance by providing a secure API-based environment to expose customer data to third parties. Watch the webinar here: https://wso2.com/library/webinars/2018/01/secure-and-accelerated-psd2-compliance-with-wso2-open-banking/

Published in: Technology

Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical Demonstration

  1. 1. Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical Demonstration Amalka Subasinghe Associate Technical Lead, Financial Solutions Team, WSO2
  2. 2. Agenda ● WSO2 Open Banking and its offerings ● Technical demonstration ○ End user experience in AISP flow ○ Consent revocation ○ TPP registration and approval process ○ Third party application developer experience ○ Bank experience/ API developer experience ● Why WSO2 Open Banking?
  3. 3. WSO2 Open Banking provides all the technology requirements that banks need to create an “Open Banking” platform to be PSD2 compliance and as a result become a digitally transformed bank. Customer TPP (AISP/PISP) FinTech Merchants Core Banking Internal Payment Services Bank Internal Network ISO 8583 (TCP/IP) HTTP Other Banks HTTPS HTTPS WSO2 Open Banking
  4. 4. WSO2 Open Banking - Key Offerings ● Full PSD2 compliance including adherence to PSD2 and EBA RTS and guidelines ● Provide standardized API specifications for Payment and Account information ● Out-of-the-box API security (OAuth2) ● Strong Customer Authentication (SCA) ● Adaptive authentication based on rules defined ● User Consent Management + GDPR ● Third Party Provider (TPP) onboarding ● Integration with core banking systems and external services ● API analytics and business insights with dashboards ● API monetization to create various revenue models
  5. 5. ● End user experience in AISP flow ● Consent revocation ● TPP registration and approval process ● Third party application developer experience ● Bank experience/ API developer experience Technical Demonstration openbanking.org.uk
  6. 6. Demo End User Experience in AISP Flow
  7. 7. Process of Accessing Account Information Login and accessing account information via web/mobile application Login page 2 Factor authentication Customer consent Initiation account info 2 3 4 5 302 6 Token 7 Get accounts information Web/Mobile Apps 1 Token
  8. 8. Security Capabilities ● Strong Customer Authentication ○ Multi-factor authentication with at least 2F ○ Extensible to support any other mechanism preferred by banks to authenticate users. ● Access delegation with explicit user consent ○ GDPR enforcement (May 2018) ○ Revoke user consents ○ Audit trails and fine grained authorization to handle sensitive information ● Secured API Invocation ○ OAuth2 grant types ○ Recommendations to meet specifications ○ E.g. openbanking.org.uk ■ OIDC Hybrid flow ■ private key JWT client authentication ■ request object
  9. 9. More Security Capabilities ● Fraud detection and audit logs ● Conditional authentication ● Adaptive authentication ● Fine grained authorization ● Federated authentication ● Continued security procedures
  10. 10. Demo Consent Revocation
  11. 11. Demo Third Party Provider Registration and Approval Process
  12. 12. Demo Third Party Application Developer Experience
  13. 13. Demo Bank Experience/ API Developer Experience
  14. 14. WSO2 Open Banking ● API Management ● API Security + SCA1 ● Consent Management ● API Analytics ● API Monetization Compliance through Open APIs ● API Integration ● Federated Authentication ● Fraud Detection ● Consolidated API Analytics ● Business KPI Dashboards Third Party Provider ● Web/Mobile App Suite ● Insight Sales ● Required Integration Recommendations and Insights
  15. 15. Why WSO2 Open Banking? ● World class technology, preconfigured for full compliance as well as business expansion ● Proven track record of working with financial institutions of all sizes ● Standards-based API-M/Integration that interoperates with COTS or bespoke tech ● Minimum impact and changes to existing internal systems and B2B integrations ● Ability to implement through bank’s preferred local partners ● Structured training programs for IT staff and focused workshops & hackathons ● Ability to seamlessly cater to evolving regulations and business priorities
  16. 16. Resources More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com On Demand Webinars WSO2 Open Banking: Digital Transformation Through PSD2 - https://wso2.com/library/webinars/2017/08/wso2-open-banking-digital-transformation-through-psd2 Getting Your API Management Strategy on Point for PSD2 Compliance - https://wso2.com/library/webinars/2017/11/getting-your-api-management-strategy-on-point-for-psd2-complia nce/ Building a Fool Proof Security Strategy for PSD2 Compliance - https://wso2.com/library/webinars/2017/11/building-a-fool-proof-security-strategy-for-psd2-compliance/ WSO2Con Keynote https://wso2.com/library/conference/2017/11/wso2con-eu-2017-digital-transformation-in-the-guise-of-a-regulation-p sd2-and-open-banking/
  17. 17. THANK YOU wso2.com THANK YOU wso2.com

×