Financial data, as well as personal data in general, always require a lot of protection and security, but this often creates a lot of bureaucracy and redundant data exchange processes that could be avoided. In this article, we’ll talk about open banking APIs and how they change the business world.
Consider two scenarios:
- You decide to purchase a car so you go to a local dealership, look around, talk with a few salespeople, and decide on the car you like. Next, you have to fill out numerous forms on proof of insurance, credit score, history, payments, financial status, utility bills, etc. Finally, exhausted from all the paperwork, you get your car.
- You decide to purchase a car so you go to a local car dealership website, choose a car you want, authorize this dealership to securely access the financial information necessary for the purchase, and you get your car.
What scenario is easier for you? Which of the scenarios will make your life and purchase more pleasant? The choice is quite intuitive – the second scenario frees up a lot of time and reduces the amount of paperwork since most of the time all this information is available in the bank that services you.
Open banking technology is exactly what makes the second scenario possible. Simply speaking,
Open banking technology provides a way for non-banks to offer banking features securely.
In this article, we’ll talk about open banking and what’s important to keep in mind when you either use these solutions as an end-user or when you want to implement this functionality in your business to simplify life for your customers (and effectively reduce your paperwork.)
What is open banking?
As we mentioned above, open banking is a technology and a set of legislative acts for access to financial information of the person from his/her bank account with his/her deliberate consent and authorization that simplifies payment infrastructure (see graph below on how open banking API works.)
For example, in the European Union (EU), a Revised Payment Services Directive (PSD2) was launched and came into force on September 14, 2019, which regulates payment services (especially online payment aspects) and what’s done with financial information. In a way, it is similar to the General Data Protection Regulation (GDPR) that affects personal data in general.
Is Open Banking Different from Banking as a Service (BaaS)?
Short answer: Yes.
These technologies look like twins at first. But, just like twins – when you look closely, you find that they are, in fact, different people. Same with open banking and BaaS.
The difference is this:
- Open banking provides access to the financial data of existing bank customers to third parties.
- Banking as a Service (BaaS) provides access to the bank functionality to third parties and non-bank organizations, allowing them to connect users who might not otherwise have a bank account.
How does Open Banking work?
The simpler the payment process is the higher are chance that people don’t just browse, but purchase something or pay for their utilities or decrease their credit debt. Yes, we realize that whether the transaction will be a success still greatly depends on the client’s payment ability, but in general, the rule is pretty much: less paperwork = less headache.
Open banking is a collaborative model that makes it possible to share banking information via API (Application Programming Interface) between two or more parties that aren’t affiliated with each other.
Check out the diagram below for a visual explanation of the concept:
As you can see, the first option (on the left) is focused on the customer, which might seem like a great idea. But then, for the customer, this setup (while being secure) is full of hassles and unnecessary combinations of actions to perform in order, for example, to pay for utilities.
The option on the right, however, is centered around a TPP (third-party payment provider) that acts as a hub. These TPPs, once authorized by the customer, use open banking APIs to access the customer’s banking information.
What is the advantage of this process for the end-user? It simplifies and streamlines the process of payments for various things and it’s secure since TPPs cannot process data in non-standard or non-secure ways (hello again, PSD2 and numerous other legislations and rules.)
Types of data available via open banking API & Business Use Cases
Financial institutions and banks collect a lot of information about their customers and TPPs can (with consent and authorization from the client) get access to it via open banking APIs. What kind of data is available via API and how can you use it for your business?
- Direct Debits
- Scheduled Payments
- Standing Orders
If you are a business that considers integration with open banking API, you have to explain in detail what kind of financial data will be used for what type of operation. For example,
- Credit Scoring: to provide credit scoring information, we need to analyze your income, spending, and saving patterns.
- Cashflow analysis: in order to provide a cash flow analysis for your finances, we need to analyze your income, spending, and saving patterns.
- Payment tracking: in order to provide a payment tracking service, we need access to your income patterns and scheduled payments for analysis.
- Discounts and offers: in order to notify you about the relevant offers for your specified bank accounts, we need access to your bank details.
- Personal finance management: to provide you with a personalized finance management service, we need access to your saving, income, and spending patterns.
For more information on the customer journey, as well as tips on dos and don’ts for implementing open banking API, check out the official open banking standard website.
Open Banking examples in Europe and the world
Open banking APIs have been around for a few years and there are numerous examples of successful collaboration between fintech companies (which TPPs are) and banks.
One of the most well-known FinTech examples is PayPal, which is an online payment portal that often is used as a third party in various transactions. Among the startups, there are hundreds of FinTech representatives that have built their business on an open banking framework by being third-party payment providers. For example, here are three:
- Mint is a mobile app with a web interface that helps users track their financial well-being. Whenever a person transfers money into or out of an account or makes a purchase, Mint tracks this transaction using open banking APIs and visualizes the finances.
- Coconut is a cloud-based solution that helps small businesses, self-employed people, and freelancers track the taxes they owe by unifying the financial data across various accounts.
- Credit scoring and decision-making are also important features for people, especially since a lot of things like real estate and purchasing cars require financing solutions. Zopa is a credit decision tool that removes the need for clients to manually verify personal income by uploading bank statements. Instead, thanks to open banking API, they can authorize Zopa to access their transaction data straight from the bank.
Below are a few other examples of open banking companies, collected by McKinsey:
Who are third-party payment providers (TPPs)?
We briefly mentioned TPPs above, but let’s take a closer look at third-party payment providers.
Simply speaking, TPPs are FinTech companies and startups that allow their customers to make and receive payments directly from their bank accounts and make better use of their financial transaction information.
Open banking is the future (and already a current reality) of the FinTech industry because it streamlines the processes with banking APIs and regulates user financial data processing. It removes the bottlenecks from the path of efficient payment services and opens up numerous other opportunities.
What’s in it for small businesses? Many businesses, for one reason or another, cannot go through the entire process of getting their own merchant account because it requires a lot of paperwork and very strict data processing and storage procedures in place. However, with the help of a third-party payment provider service, they are able to accept and process online payments because TPPs use their own merchant account for that which opens numerous doors for these businesses.
Since more and more people are using online payments instead of traditional cash or checks, businesses have to move online, and using a TPP is a simple way to become available to more customers.
What are the most important features of third-party payment providers?
Okay, we have figured out what is open banking and that third-party payment providers are key players in the open banking sphere.
Let’s focus on the features that should be a part of a trustworthy TPP to minimize the possibility of fraud and the list is rather small:
- Data Security
- Customer Authentication
- Deliberate Consent
Data security regulations abound. Most reliable include the Revised Payment Services Directive (PSD2), Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), etc. Companies that have passed the checks for these standards can be trusted in terms of the data security infrastructure. Whether you are a merchant or a customer, you can look for official logos of these standards on the TPPs’ websites.
Customer authorization and authentication are also critically important to make sure that the financial information is not stolen and that there is no identity theft.
What can be used for healthy strong passwords and multi-factor authentication options? It is recommended to use a combination of at least two of the following:
|Something you know||Something you have||Something you are|
|Pin or password||Device or phone||Facial scan or fingerprint|
Finally, there is deliberate consent to use the financial data for purposes that are required by the services. This point is interesting because one of the major problems is that people don’t like to read a lot of text. They say “I have read and understood the terms of service” which is the biggest lie on the Internet.
Banking secret belongs to the end customer, not banks and the customer has the right to share his or her financial information with anyone they please. However, it’s always important to know what you consent to (especially when it concerns your finances.)
Open banking is a very convenient instrument for simplifying our daily lives as end customers as well as our accounting and financial processes as business owners. Understanding how TPPs work helps to understand their benefits and calm the worries about the proper handling of financial transaction data.
Need to evaluate your client’s financial status? Let’s integrate open banking APIs to simplify your business processes and reduce routine operations. This integration would be a great value-added for numerous types of businesses, to name a few: insurance companies, car dealerships, real estate credit companies, etc.
Do you need to find and integrate a reliable third-party payment provider or develop a software solution for your business to offer your services online?
Book a call with our experts
Feel free to drop us a message regarding your project – we’re eagerly looking forward to hearing from you!
Open Banking List of Terms
What is open banking (OB)?
What is a TPP?
TPP is a Third Party Provider. In the case of OB, TPP is a FinTech service or product that uses open banking API to access the bank’s digital infrastructure and data to provide required services.
What is an ASPSP?
ASPSP stands for Account Servicing Payment Service Provider. In the case of open banking, ASPSP is the bank that provides access to financial information to third-party providers.
What is a PSD2?
PSD2 stands for Second (or Revised) Payment Services Directive and is the fundamental set of standards for the open banking regulated providers must adhere to in order to provide services.
What is GDPR?
GDPR is a General Data Protection Regulation active in the European Economic Area (EEA) and European Union (EU) that was launched in 2018 and is aimed at regulating the use of personal data. Open banking APIs have to be compliant with GDPR requirements.