AISP (Account Information Service Provider)
Any third-party provider (TPP) that wishes to aggregate online account information of one or more accounts held at one or ASPSPs (Financial Institutions; FIs). This service can be used in accounting or generation of dashboards for a single customer.
API (Application Programming Interface)
In computer programming, an application programming interface (API) is a set of subroutine definitions, protocols, and tools for building application software. A good API makes it easier to develop a computer program by providing all the building blocks, which are then put together by the programmer. An API may be for a web-based system, operating system, database system, computer hardware or software library. An API specification can take many forms, but often includes specifications for routines, data structures, object classes, variables or remote calls. POSIX, which stands for Portable Operating System Interface, Microsoft Windows API, the C++ Standard Template Library, and Java APIs are examples of different forms of APIs. Documentation for the API is usually provided to facilitate usage. The status of APIs in intellectual property law is controversial.
ASPSP (Account Servicing Payment Service Provider)
An ASPSP is any financial institution that offers a payment account with online access. PSD2 will mean ASPSPs will have to provide access to let regulated third parties initiate payments and access account information. APIs are currently considered the most practical way to do this.
CMA (Competition and Markets Authority)
The Competition and Markets Authority is a UK non-governmental body responsible for encouraging competition and reducing anti-competitive activity in UK banking. The CMA has pushed for reforms in retail banking that are in line with PSD2.
The nine largest FIs in the UK, based on the volume of personal and business current accounts. Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.
EBA (The European Banking Authority)
An independent EU authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector. Its overall objectives are to maintain financial stability in the EU and to safeguard the integrity, efficiency and orderly functioning of the banking sector.
EBA central electronic register
The EBA central register that will be an electronic central register that contains information as notified by NCAs.
The European Economic Area (EEA) unites the EU member states and the three EFTA States (Iceland, Liechtenstein and Norway). 31 countries are members. PSD2 is in force for payments within the EEA, from the EEA to outside countries and from outside countries into the EEA, in all currencies. Where one of the PSPs is situated outside the EEA these are known as one-leg transactions.
EU (European Union)
The European Union is a political and economic union of 28 member states that are located primarily within Europe.
eIDAS Certificates (e-IDAS public key certificates)
Public key certificates that conform to the e-IDAS framework and have been issued by a Qualified Trust Service Provider (QTSP).
FCA (Financial Conduct Authority)
The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.
FI (Financial Institution)
A generic term applied to banks, credit unions, building societies, Electronic Money Institutions (EMIs) and authorised payment institutions (APIs).
ISO27001 (ISO27001 Information Security Management)
Formally known as ISO/IEC 27001:2005, it is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
NCAs (National Competent Authorities - PSD2 related)
As per competent authority but often called National Competent Authority. A national competent authority is any person or organization that has the legally delegated or invested authority, capacity, or power to perform a designated function. For PSD2 the competent authority in each EU member state will have primary responsibility for monitoring compliance and enforcement of PSD2. In the UK the competent authority for PSD2 is the Financial Conduct Authority (FCA).
OWASP (Open Web Application Security Project)
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
PII (Personally Identifiable Information)
Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymising anonymous data.
PISP (Payment Initiation Service Provider)
A type of TPP offering a service that allows initiation of payments without the customer needing to directly access their FI account or use a debit or credit card.
PSD2 - Directive(EU)2015/2366 (second Payment Services Directive)
Provides the necessary legal platform and changes to the payments framework in order to better serve the needs of an effective European payments market, fully contributing to a payments environment which nurtures competition, innovation and security to the benefits of all stakeholders and consumers in particular.
PSP (Payment Service Provider)
A payment service provider (PSP) offers shops online services for accepting electronic payments by a variety of payment methods including credit card, FI-based payments such as Direct Debit, FI transfer, and real-time FI transfer based on online banking.
PSR (Payment Systems Regulator)
A subsidiary of the FCA, an independent economic regulator that ensures that payment systems are operated and developed in a way that considers and promotes the interests of all the businesses and consumers that use them and promotes effective competition in the UK market.
QTSP (Qualified Trust Service Provider)
An entity allowed to issue qualified digital certificates which can be used to create qualified electronic signatures.
SaaS (Software as a Service)
TPP (Third Party Provider)
Third-Party Providers (TPPs) are organisations or natural persons that use APIs developed to Standards to access customer’s accounts to provide account information services and/or to initiate payments. TPPs are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).
UK Open Banking Directory
The Open Banking Directory provides a “whitelist” of participants able to operate in the Open Banking Ecosystem, as required by the CMA Order. The Read/Write Directory also provides identity and access management services to provide identity information in order to participate in payment initiation and account information transactions through APIs.