What is Open Banking?
New demands from the EU, including the European Banking Authority (EBA), force banks (AISPs) and Payment Service Providers (PSPs) who conduct business in the EU to open up their data.
This means that third-party providers (TPPs), also known as FinTech’s, can now access their customers’ data — with customer consent, of course.
Why Open Banking?
Open Banking is an evolution that supports digitalization, innovation, and competition in the financial market.
The movement is regulated through Payment Services Directive 2 — PSD2 in short:
The overall purpose of the PSD2 initiative is to increase competition in the financial market, giving customers greater freedom of choice, more transparency, cheaper products, and better solutions for managing and optimizing daily finances.
More openness requires more security
In traditional banking, a customer interacts with banks and Payment Service Providers using separate logins.
Apart from being a hassle, the traditional banking setup also lacks transparency regarding agreements and general terms.
With PSD2, banks and Payment Service Providers must share their customers’ account information via open APIs, allowing a TPP like SPIIR to present a customer’s engagement overview from multiple AISPs via a single APP — simple and with full transparency.
A crucial element of the PSD2 Regulation is Strong Customer Authentication (SCA). SCA is a principle put in place to ensure that customer data and account information are shared securely and authorized.
SCA is obtained using PSD2 certificates: QWACs and QSealCs.
QWACs and QSealCs are variants of eIDAS-qualified certificates and may only be issued by Qualified Trust Service Providers (QTSPs).
QWAC and QSealC
Open Banking requires specific Qualified Certificates — two new types of digital certificates which must be used to comply with the PSD2 regulation:
QWAC: A digital certificate comparable to an EV SSL/TLS certificate. This certificate ensures identification in the transport layer. It is used for site authentication so that banks, Payment Service Providers, and TPPs can be sure of each other’s identities.
QSealC: A digital certificate that seals and ensures data integrity when information is shared between a bank, a Payment Service Provider, and a TPP.
Qualified Trust Service Provider
TRUSTZONE is an authorized partner with several Qualified Trust Service Providers (QTSPs), and we can provide all certificates and certificate configurations needed to comply with the requirements of the PSD2 regulation.
We have already helped several Nordic banks and third-party providers become compliant, and we are ready to help you as well.