Open Banking Glossary

June 15,2021

Open Banking Glossary


What is Open Banking? It is a relatively new concept revolutionising the finance industry - with the express aim of empowering consumers, creating a more competitive market, and encouraging innovation.

To make navigating this topic easier, we’ve put together an Open Banking glossary for you to use.

For more information, please also visit our Open Banking guide.

Account Information Services (AIS)

What are Account Information Services (AIS)?

Service providers use AIS to access customer accounts and financial data - provided consent has been given. It gives financial providers better insight into customer behaviour and improves analysis.

Bank balances, direct debits, and savings accounts are just three examples of information a financial company could use to assess its customers this way.

AIS is a much fairer way to assess applicants. Instead of basing its decision on a credit score, a provider benefits from detailed overview of that individual’s finances.

Account Information Service Provider (AISP)

What is an Account Information Service Provider (AISP)?

An AISP is a provider or company authorised to access an individual's or business’s account information - as long as permission has been given. 

Under Open Banking rules, banks have a legal requirement to provide AISPs with requests for information

Current technology allows AISPs to access months or years of transactional data in a matter of seconds.

Account Servicing Payment Service Providers (ASPSPs)

What is an Account Servicing Payment Service Provider?

An ASPSP is any bank or financial body that provides a payment account with online access. The term could refer to a range of institutions - including building societies and banks.

ASPSPs have to give trusted third party providers access to customer account information and let them initiate payments.

This is because of Payment Services Directive Two (PSD2), which is a type of legislation created to protect consumers and make online payments safer.

ASPSPs are also known as PSUs. PSUs create Application Programming Interfaces (APIs), which are software programs (apps) that can exchange information.

Application Programming Interface (API)

What is an Application Programming Interface?

An API is a software program created by developers. It’s programmed with code that lets it access a customer’s financial information - for example, their bank statement, or direct debits.

Because APIs can share data, they provide insight into consumer behaviour. This, in turn, allows the industry to adapt by creating services that respond to a changing market.

Berlin Group

What is the Berlin Group?

The Berlin Group defines technical terms for Open Banking. By creating a common language all parties understand and agree on, it is able to improve communication - while ensuring payment systems work effectively.

Card Based Payment Instrument Issuer (CPBII)

What is a Card Based Payment Instrument Issuer (CPBII)?

The term ‘CPBII’ refers to third party providers that can issue card-based payment instruments - for example, a handheld payment terminal (which you’ve probably used when paying for your shopping at the checkout).

This means that a third party provider could initiate a transaction from an account owned by a different service provider.

Competition and Markets Authority (CMA)

What does the Competition & Markets Authority Do?

The role of the CMA is to regulate industry competition in the UK and protect users of financial products. To do this, it might investigate mergers that limit competition or create issues for consumers. The CMA might also look into potential breaches of EU or UK law. 

CMA9

What does CMA9 mean?

CMA9 refers to the UK’s nine largest banks – including well-known names  like Lloyds, Barclays, and Santander. A legal order was issued by the CMA which meant these institutions had to offer and finance Open Banking in the UK.

CMA Order

What was the CMA Order?

In 2017, the CMA gave the UK’s nine biggest banks 12 months to create an Open Banking API interface - so that customer data could be shared. This was with the express aim of improving competition within the market.

Competent Authority

Who or What Is a Competent Authority?

Within Open Banking, a Competent Authority can be:  (i) a government body; (ii)  or supervisory or regulatory body responsible for its participants. 

In the UK, the Financial Conduct Authority (FCA) would therefore be classified as a Competent Authority.

Electronic Authentication and Trust Services (eIDAS) Certificates

What is an eIDAS Certificate?

A bank will issue an eiDAS certificate to prove to a third party that it’s legally entitled to access a customer’s account. An eIDAS certificate can only be issued by a Qualified Trust Service Provider - who will already have been assessed and approved by a relevant government body.

European Banking Authority (EBA)

What is the European Banking Authority (EBA)

The EBA is an impartial regulator and authority that enforces Open Banking rules within the European banking system. 

Financial Conduct Authority (FCA)

What is the Financial Conduct Authority (FCA)?

The FCA regulates the financial industry by policing the 59,000 markets and firms operating in the UK. It also protects consumers by championing competition and promoting integrity – so they benefit from more choice and get a fairer deal.

General Data Protection Regulation (GDPR)

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a legal framework. It sets out guidelines for organisations or businesses that process or collect information from anyone living in the European Union.

In Open Banking terms, GDPR is important – because it limits how long banks and providers can hold customer data for. 

Under GDPR rules, customers must be told what data a site collects from them and be given the option to refuse by clicking a button.

Know Your Customer

What Does Know Your Customer mean?

To minimise risks posed by unlawful activities like money laundering, banks and providers are required by law to ‘know their customers’ by verifying their identities.

Open APIs

What is an Open API?

Sometimes referred to as a public API, it is a programme published freely on the internet. Developers can download Open APIs and customise them - then use those apps to provide a service to consumers.

APIs let different software programs talk to another and share information - which is what Open Banking is all about.

Open Banking

What is Open Banking?

UK regulated banks must give their customers the option to share their  financial data with trusted apps or authorised providers. This could be information about their savings, credit card balance or spending patterns.

Open Banking was introduced to make the financial services industry more competitive and forward-thinking. This would bring better products into the market and give customers more choice.

It’s now possible to link your bank account with an app that can analyse spending habits - then recommend a suitable financial product (like a savings account or credit card).

Would you like to join up with a provider that lets you view all the accounts you have in one easy location? Open Banking lets you do that too.

Open Banking Directory (OBD)

What does the term Open Banking directory mean?

The Open Banking directory is an approved list of third-party providers who’ve been certified under terms of the CMA Order.

Open Banking Implementation Entity (OBIE)

What is the Open Banking Implementation Entity?

OBIE was created by the CMA to roll out Open Banking in the UK. Working with various stakeholders and the CMA9 (the UK’s top nine banks) it created a framework for the sector - setting standards and definitions for apps, security, and other key aspects of Open Banking.

Open Banking Working Group (OBWG)

What is the Open Banking Working Group?

The UK Treasury set up the OBWG in 2015 to review how shared data could be used in the finance industry. To do this, it consulted customers, third-party providers, and banks who agreed on the best practice rules which now form the principles of Open Banking.

Open Data

What does Open Data mean?

Open data is information anyone can use or access. This is what Open Banking is about: providing a method for sharing open data.

Open Finance

What does Open Finance mean?

Open Banking only allows third party providers access to customers' financial information. Open Finance proposes a situation where a provider could, with permission, perform actions on a customer’s behalf - for example, applying for a loan, or investing money.

Payment Initiating Service (PIS)

How does a Payment Initiating Service Work?

A Payment Initiation Service (PIS) allows third-party providers to transfer credit for their clients. Once credit arrives in a customer’s account, it is held there by an APSPS (a financial institution, like a bank, that provides a payment account with online access).

Payment Initiation Service Provider (PISP)

What do Payment Initiation Service Providers do?

With a PISP, you can use your bank account to pay companies directly - instead of through your credit or debit card. A PISP must have a customer’s consent before providing this service.

Premium APIs

What are Premium APIs?

Unlike Open APIs, Premium APIs must be paid for. Banks can offer paid APIs as a service to access certain types of financial data and accounts.

The Second Payment Services Directive (PSD2)

What is the Second Payment Services Directive?

In order to encourage a competitive European payments system, the European Payment Services Directives was created to provide regulation and structure. 

Under PDS2 rules, banks must share financial information about their customers (provided consent is given) with third party providers – for example: payment initiation and account information services. 

Payment Services User (PSU)

Who can be a Payment Services User?

Any legal body or individual that sends or receives money using a payment service is a PSU. 

A PSU can share its account information with third party providers – and withdraw its consent at any time.

Qualified Trust Service Provider (QTSP)

What is a Qualified Trust Service Provider?

A Qualified Trust Service Provider is responsible for creating digital certificates. These certificates can be used to create verified electronic signatures. A QTSP must be assessed and approved by an appropriate government body before it can provide this service. 

For security reasons,  eIDAS requires the European Union to maintain a qualified Trust List. If a provider is not on this list, it is not legally entitled to offer a qualified trust service.

Qualified Website Certificate (QWAC)

What are Qualified Website Certificates (QWACs)?

A QWAC is a verified digital certificate that can only be issued by Qualified Trust Service Providers (QTSPs). These certificates authenticate information exchanged between a website and a user. The offer reassurance that the site in question is safe to use for business.

Regulatory Technical Standards (RTS)

What are the Regulatory Technical Standards?

The RTS is  a series of compliance standards used within Open Banking. It was created by the European Banking Authority and covers a broad range of topics - including legal accountability and data security - that participating members must adhere to.

STET

What does STET do?

STET is a technology platform that caters to the needs of the payment industry. It performs an important role, providing APIs for many high-profile banks – and is deeply involved in defining Open Banking standards. 

Strong Customer Authentication (SCA)

What is meant by Strong Customer Authentication?

SCA is regulation that affects service providers in Europe. It states that multi-factor authentication must be used to perform electronic payments - thereby making the process more secure for customers.

Although it sounds complicated, multi-factor authentication means you need to verify yourself in more than one way - for example, by supplying your pin and answering a security question.

Third Party Providers (TPPs)

Who are Third Party Providers (TPPs)?

A TPP is an online service provider. It could be a business, organisation, or individual within Open Banking which is involved in your transactions - but not connected to your bank.

There are two types of TPP:

  • Account Information Service Providers (AISP) - a company or provider that can access your financial information with consent.
  • Payment Initiation Service Providers (PISPs) - a provider that allows you to make payments without using a debit or credit card.

Learn More by Contacting the Salad Money Team

Contact Salad Money for more information about Open Banking and how we use  it to provide small, short loans for NHS and public sector employees. You can also apply quickly and easily using our free online service.