Open Banking Glossary: A Deep Dive into Key Acronyms
Open Banking is a revolutionary system that is redefining the way we manage our finances. However, it comes with a plethora of jargon that can be quite confusing. This blog post serves as a glossary that explains the most common Open Banking acronyms.
Account Information Service Provider (AISP)
Account Information Service Providers are authorised to view bank account information but cannot initiate payments.
Application Programming Interface (API)
An application program interface (API) is a set of routines, protocols, and tools for building software applications. Basically, an API specifies how software components should interact.
Account Service Payment Service Provider (ASPSP)
Banks or similar institutions which provides payments accounts.
Electronic Identification, Authentication and trust Service (eIDAS)
An EU regulation on / a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.
Personally Identifiable Information (PII)
Any information relating to an identified or identifiable individual.
Payment Initiation Services Provider (PISP)
A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
Second Payment Services Directive / Revised Payment Services Directive (PSD2)
An EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).
Payment Service User (PSU)
The owner of the accounts. (E.g: Anyone that has a payment account).
Qualified Certificate for Electronic Seals (QSealC)
The QSealC is used for identity verification at the application layer to protect transactional information from potential attacks. This means that the person receiving digitally signed data can be certain about who signed the data and that it has not been changed. It is used to sign API/HTTP requests.
Qualified Trust Service Provider (QTSP)
QTSPs are regulated (Qualified) to provide trusted digital certificates under the electronic Identification and Signature (eIDAS) regulation.
Qualified Website Authentication Certificate (QWAC)
Provides identification at the transport layer. QWAC is similar to SSL/TLS. It is used for website authentication, so that ASPSPs and TPPs can be certain of each other’s identity.
Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (RTS on SCA and CSC)
Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes. This specific RTS, the RTS on SCA and CSC under PSD2 is key to achieving the objective of the
PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.
Strong Customer Authentication (SCA)
Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the
user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are
independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.
Third Party Provider (TPP)
Third Party Providers are organisations or natural persons that use APIs developed to PSD2 standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either Payment Initiation Service Providers (PISPs), Account Information Service Providers (AISPs), or both
Technical Service Providers (TSP)
Technical service providers (TSPs) are companies that work with regulated providers to deliver open banking products or services
Open Banking, with its myriad of acronyms and terminologies, may seem daunting at first. However, once you understand these key terms, navigating the world of open banking becomes much simpler. As open banking continues to evolve, these terminologies will become more mainstream, making financial services more accessible and user-friendly for everyone.