About the Author: Tom Eggleston (CEO)

Tom Eggleston (CEO)



Categories: Blog

In January 2018, the EU’s second Payment Services Directive (PSD2) and Open Banking came into force. PSD2 is the second iteration of regulation governing banking services, and requires banks across the EU to provide open APIs to allow third party organizations to access their customer’s banking details. PSD2 covers all banks, but also other Account Servicing Payment Service Providers (ASPSPs) including building societies and credit unions.

In the UK, the Open Banking initiative takes PSD2 a step further, providing a detailed PSD2 compliant specification for APIs which will allow third parties to access UK bank accounts for retrieving account information and initiating payments.

Open Banking is set to revolutionise the sector in terms of the way that customers will be able to interact with their banks. A range of new innovative services are expected which will allow customers to manage their money securely across multiple banking providers and to pay retailers directly for goods and services. Open Banking provides a secure and repeatable methodology for achieving this, with security and customer consent at the heart of the specification.

Although initially only mandated for the ‘big 9’ banks, Open Banking is expected to widely adopted by the entire UK banking sector other governments such as Australia are also looking to adopt similar measures and base this on the same set of controls. Beyond that, Open Banking is highly relevant to the large number of Third Party Providers (TPPs) which will want to access banking information on behalf of their customers, either as Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs), or both. For example, lending organizations will be able to use Open Banking to streamline affordability checks and process applications faster; retailers will be able to use Open Banking to allow customers to pay for goods directly.

ProofID has a deep understanding, developed through years of delivering IAM solutions into the Finance and Banking sector, of the technical components required to support Open Banking, whether on the banking side, for ASPSPs, or on the third-party side, for AISPs and PISPs. ProofID recommends Ping Identity’s technology stack to provide an end-to-end solution, incorporating user registration, strong authentication, access management and API security. Under ProofID’s IAM Managed Service, Open Banking can be deployed in your organization as a turnkey solution, accelerating provision of the seamless customer experience required in the newly competitive banking environment.


For TPPs

Strong authentication

Adaptive. Contextual multi-factor authentication, compliant with PSD2 RTS SCA specification.

Customer registration

Customizable registration workflows allowing customers to register for your service with a secure and seamless experience.

API security

Standards based security layer for Open Banking and other APIs, ensuring that only authenticated users can access the API.

Multi-factor authentication

Comprehensive user authentication capabilities, with brandable MFA incorporated into your platform or app.

Consent management

Incorporate collection, storage and management of consent for financial transactions directly into the user authentication flow.

Open access

Security enforcement for your service, limiting access to authenticated users and enabling contextual multi-factor authentication.

Risk based authentication

Out-of-the-box connectors for leading risk and fraud detection services including Threatmetrix and iovation.

Account linking

Highly scalable and flexible platform for storage and retrieval of linked bank account information for TPP end customers.

API gateway

Abstract the management of Open Banking and other APIs away from the core banking platform.

Consent management

Capture and manage customer consent for the TPP acting on the customer’s behalf.

Policy decision point

Decouple definition of rules from the core banking platform and evaluate and manipulate rule on the fly to comply with the PSD2 SCA requirements.