Glossary

A handy list of most terms used in the open banking and finance ecosystem.

AIS (Account Information Services): services that provide access to account data from financial institutions, enabling a comprehensive view of financial positions across different accounts.

AISP (Account Information Service Provider): an entity authorized to access and consolidate account information from different financial institutions, usually to provide financial insights or aggregation services.

API (Application Programming Interface): a software that allows two applications to talk to each other.

API Marketplace: (similar to API Portal) a platform where API providers and consumers come together to discover, share, and trade APIs. It facilitates the exploration of various APIs for different purposes, allowing developers to find and integrate functionalities they need for their applications. Essentially, it acts as a centralized repository or "store" for APIs, promoting collaboration and innovation by connecting API publishers with potential users.

API Portal: (similar to API marketplace) a centralized hub that provides developers with access to resources, documentation, and tools necessary for integrating and working with a set of APIs. It serves as a bridge between API providers and developers, facilitating discovery, testing, and management of APIs, thereby enhancing the ease of use and adoption of the services offered by the API provider.

API Provider: an entity that offers APIs to enable the integration of different software applications.

ASPSP (Account Servicing Payment Service Provider): Financial institutions, like banks, that maintain customer payment accounts and provide payment services, including access to account information for AISPs under open banking regulations.

OAuth: a security protocol that enables applications to authenticate and authorize users without accessing their password details. It works by granting tokens to third-party applications, allowing them limited access to a user's data on another service, ensuring secure interactions between different systems.

BaaS (Banking as a Service): refers to a model where banks provide their banking infrastructure and services to third-party companies to use and incorporate into their own products and services. This means that non-traditional banking companies, such as FinTech’s, can leverage a bank’s existing core banking processes.

Berlin Group: a pan-European initiative, originated in Berlin in 2004, focusing on standardizing interoperability in the payments domain, particularly between creditor banks (acquirers) and debtor banks (issuers). It was established to create open, common, scheme- and processor-independent standards, complementing the efforts of entities like the European Payments Council.

Certificate (X509 public key certificate): A digital certificate that uses the X.509 standard to associate a public key with the identity of the entity that holds the corresponding private key, used in secure communications to ensure authenticity.

CFPB (Consumer Financial Protection Bureau): a regulatory agency in the U.S. tasked with overseeing financial products and services.

Consent Management: pertain to the processes and technologies that allow consumers to manage their consent for data sharing and processing, a crucial aspect of open banking.

CoP (Confirmation of Payee): a security feature used in banking to verify the recipient's name against account details for a transfer, reducing the risk of fraud or misdirected payments.

Customer Authentication, or Strong Customer Authentication (SCA): is a security requirement mandated by the EU's Revised Directive on Payment Services (PSD2). It is designed to enhance the security of electronic payments by requiring multi-factor authentication.

Digital Wallet: A digital service that allows users to perform electronic transactions and store payment information.

Embedded Finance: refers to the integration of financial services and products into non-financial platforms, such as e-commerce, social media, or mobile apps. This means that businesses that are not primarily in the financial industry, can offer financial services to their customers by partnering with financial institutions.

FDX (Financial Data Exchange):  FDX is a non-profit industry standards body operating in the US and Canada that is dedicated to unifying the financial services ecosystem around a common, interoperable and royalty-free technical standard for user-permissioned financial data sharing. Learn more at www.financialdataexchange.org.

FDX APIs: The APIs defined and released by FDX.

FinTech: Financial technology companies that use technology to enhance or automate financial services and processes.

GDPR (General Data Protection Regulation): is a regulation in EU law on data protection and privacy, impacting individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Neobank: A type of direct bank that operates exclusively online without traditional physical branch networks.

Open Banking: a regulatory (or market-driven, depending on the region) framework that enables consumers to share their financial data securely with third-party providers. It also aims to give consumers more control and ownership of their data.

OBIE (Open Banking Implementation Entity): a body which creates open API standards that enable firms throughout Europe to meet their relevant obligations under the second Payment Services Directive (Directive 2015/2366/EU) ("PSD2") for the provision of open banking services.

OBWG (UK Open Banking Working Group): was established to explore how data could be used to help people transact, save, borrow, lend, and invest their money.

Open Data: the extension of the Open Banking or Open Finance to any kind of data, openly accessible by anyone for any purpose. A good example is the genome.

Open API: an API made publicly available to software developers.

Open Finance: Open Finance is the extension of the Open Banking concept to all the financial industry. It encompasses more financial products and services, not just banking.

PI (Payment Institution): a type of financial institution authorized to provide certain payment services, including money transfers and electronic payments, under financial regulations.

PIS (Payment Initiation Services): services that allow the initiation of online payments from a user's account directly, offering an alternative to traditional card payments.

PISP (Payment Initiation Service Provider):  an entity authorized to provide PIS, enabling customers to make online payments through direct transfers from their bank accounts without using a card.

Private APIs: internal interfaces restricted to a specific organization or development team, not intended for external use.

Premium APIs: refers to APIs that offers additional functionality, or access compared to a standard or free version. These APIs may offer benefits such as higher data limits, faster response times, dedicated support, advanced features, or access to exclusive datasets or services.

PSD (Payments Systems Directive): an EU Directive that regulates payment services and payment service providers. It was first introduced as PSD1 (Directive 2007/64/EC) and aimed to create a single market for payments within the European Union, making cross-border payments as easy, efficient, and secure as national payments.

PSD2 (Directive(EU)2015/2366 (Revised Payment Services Directive)): replaced PSD1, with the goal of further integrating the European payments market. PSD2 introduced significant changes, such as enhancing consumer protection, promoting innovation and competition by allowing new payment service providers to enter the market, and improving the security of payment services. Officially took effect on January 13, 2018, with full implementation required by September 14, 2019. PSD2 supports the concept of open banking, where banks provide third-party providers access to their customers' accounts through APIs, thus fostering innovation and competition in the financial services sector.

PSD3 (Third Payment Services Directive): as of 2024, under consideration and aims to further regulate electronic payments and the banking ecosystem within the European single market, addressing areas such as Strong Customer Authentication (SCA) and open banking.

PSP (Payment Service Provider): a financial institution that offers services to facilitate electronic payments, such as credit card processing, direct debit, and electronic wallet services.

Public APIs: interfaces provided by services or systems that allow external users or developers to access certain functionalities or data. Public APIs are crucial for creating a connected, interoperable digital ecosystem, fostering innovation and collaboration across various platforms and services.

QWACs (Qualified Website Authentication Certificates): a type of digital certificate that falls under the trust services defined by the eIDAS Regulation in the European Union. It is used to authenticate the identity of a website to its visitors, providing assurance that the site is secure and managed by a legitimate entity.

REST (Representational State Transfer): a set of architectural principles used in the development of web services. It emphasizes stateless communication and the use of HTTP for all CRUD (Create, Read, Update, Delete) operations, making it a popular choice for API design due to its simplicity and how well it integrates with the web.

SCA (Strong Customer Authentication): see Customer Authentication.

Smart Data: refers to schemes enabled by legislation that allow for the secure sharing of customer data across different sectors, at the request of the customer, with authorized third parties. Smart Data extends beyond financial data to include sectors like energy and transportation, facilitating a broader scope of data mobility and innovation.

TPP (Third Party Provider): refers to companies that provide services by leveraging the open APIs created by banks, allowing them to offer financial services without needing to be banks themselves. TPPs are a crucial part of the open banking ecosystem, offering services such as payment initiation or account information services.

XS2A (Access to Accounts): a key component of open banking under PSD2, allowing TPPs to access bank accounts (with the account holder's consent) to provide various financial services.

1033 rule: often associated with the Dodd-Frank Wall Street Reform and Consumer Protection Act in the U.S., refers to consumers' rights to access their financial data electronically, promoting consumer choice and financial innovation.