Glossary

Account Information

When used in Open Banking, ​Account information​ refers to an API that gives access to account and transaction information. To gain that access there needs to be two types of authorisation. On one side, the entity accessing the API must be an authorised institution (known as an AISP). On the other side, the person or business that owns that account (called the PCU) must give the AISP permission to access that specific account.

AISP

An AISP (Account Information Service Provider) is authorised by a competent authority to access the account and transaction information of individuals and businesses who have given it permission do so. An AISP might use this access to provide a aggregation service, for example, allowing people to see several of their bank accounts in one place.

AML

Anti-money laundering processes, regulations and laws.

ASPSP

The ASPSPs (Account Servicing Payment Service Providers) are the account providers, such as Santander, that offer read/write APIs. These APIs provide access to customer account information (for example, to AISPs) and also allow third-party providers (TPPs) to initiate payments from the account provider’s customers’ accounts.

The customer must give specific permission to the entity that wants to access their account information and initiate payments on their behalf.

There are two types of ASPSP:

Mandatory: in the UK, these are the initial nine banks that are taking part in Open Banking.
Voluntary: these are institutions that have chosen to take part in Open Banking.

CBPII

A card-based payment instrument issuer is a third-party card provider that enables a customer to make payments from a bank account held with an Open Banking account provider (an ASPSP).

CMA

The Competition and Markets Authority is the UK regulator responsible for the roll-out of Open Banking, which is the UK’s implementation of the European Union’s PSD2 regulation.

Competent Authority

In Open Banking, a Competent Authority is a regulator who can authorise entities to be ASPSPs, AISPs, TPPs and so on. The UK Competent Authority is the FCA but it’s important to note that a provider could be authorised by a Competent Authority based in another EU state.

Directory

The Open Banking Directory is the canonical list of providers who are authorised to take part in the Open Banking ecosystem. The directory handles authentication between registered providers.

Directory Sandbox

The Open Banking Directory Sandbox provides a test instance of the real directory so that providers can test their implementations before going live. You’ll need to registered with the Open Banking Directory Sandbox in order to use the Santander API sandbox.

EBA

The European Banking Authority sets the technical standards for Open Banking.

EBA RTS

The technical standards set for Open Banking (and PSD2 in general) by the European Banking Authority are called the Regulatory Technical Standards.

FCA

The Financial Conduct Authority is the UK regulatory responsible for authorising participants in Open Banking. It is the UK’s Competent Authority.

FCA Service Metrics

FCA Service Metrics is an Open Banking API, offered by Santander and other Open Banking institutions, that provides bank account product information to make it easier for people to compare the offerings of different banks.

KYC

Regulations designed to prevent money laundering require that financial institutions can prove the identity of their customers. Know Your Customer is the process of verifying the customer’s identity and evaluating potential risk for illegal activity.

OBIE

Open Banking Limited is the Open Banking Implementation Entity and it has been tasked with overseeing the delivery of Open Banking in the UK.

Open Banking

Open Banking is the consumer-friendly name for the UK’s implementation of the second edition of European Union’s Payment Services Directive. Open Banking oversees the regulatory and technical framework, based on the requirements of the directive, of PSD2 in the UK.

Open Data

Under Open Banking, the Mandatory ASPs, such as Santander, must provide certain data through APIs that are available for anyone to access. These Open Data APIs include data such ATM and branch locations, as well as production details.

Payment gateway

A payment gateway is an intermediary between a merchant services provider –– that facilitates the processing of payment cards –– and ecommerce software.

PSD2

The second edition of the European Union’s Payment Services Directive sets the framework for Open Banking and similar implementations across the EU.

PISP

A Payment Initiation Services Provider is a service that uses Open Banking APIs to make a payment from a person’s bank account held at another institution, at their request.

PSP

A Payment Service Provider is any of the regulated Open Banking providers, including ASPSPs (such as Santander), PISPs, AISPs and CBPIIs.

PSR

The Payment Service Regulations are the UK’s implementation of the second edition of the European Union’s Payment Service Directive (PSD2).

PSU

A Payment Services User is an individual or business using an Open Banking payment service.

PTC

The Primary Technical Contact is the person responsible for the management of the technical aspect of an entity’s implementation of Open Banking.

SCA

Strong Customer Authentication is the technical standard required by the EBA for PSD2 services.

TPP

Third-party providers are the people or institutions that are authorised by a Competent Authority to access customer account information (AISPs) or to initiate payments (PISPs).

Sandbox

An Open Banking sandbox provides an environment and data for testing an implementation without having to use real data or be authorised by a Competent Authority.

XS2A

Access to account –– a key principle in PSD2 –– is a provision that enables third-party access to the bank accounts of individuals and businesses.