Open banking glossary
Open banking is revolutionizing the financial services industry. The number of open banking users worldwide "is expected to grow at an average annual rate of nearly 50 percent between 2020 and 2024."
So what is open banking?
Open banking allows consumers to permit third-party providers to access their financial information and handle transactions through application programming interfaces (APIs). Open banking is a secure way to share financial data with third-party companies, usually in the fintech space, to use their services without logging in with their bank account providers repeatedly.
Open banking is already transforming the financial and banking industry in Europe and countries like the UK and Australia—it reimagines how consumers think about financial products and services, in a way that ultimately can benefit consumers.
Open banking key terms
The basis of the open banking model is transparency, where users get a clear insight into where their transaction data is being shared. But many don't fully understand open banking and the terms around it, considering it's so new to the market. That's why this handy glossary on all things open banking exists.
Account-to-account (A2A) payments
A2A payments allow consumers to directly transfer funds from their bank accounts to the merchant's account, avoiding the inefficiencies of using an intermediary like a card. Since the money goes straight from one bank to another, the process reduces the risk of fraudulent transactions that can happen while sharing sensitive payment information and benefit from faster transactions, lower costs, and improved security. Examples of A2A include direct transfers, instant payments, and pay by bank.
Account information services provider (AISP)
An AISP brings together all of a consumer's financial information from different institutions to be viewed in one place, online, or through a mobile app. The term AISP originated in Europe in PSD2, and isn’t legally defined in the US yet. An AISP is usually a third party who has been granted access to retrieve and view consumer financial information, allowing them to manage their finances more efficiently. Examples of AISP include money management tools that will enable them to budget and track expenses using one dashboard, such as Revolut, KOHO, and Mint. AISPs are a crucial part of open banking as they allow financial services to be more competitive and transparent.
Application programming interface (API)
APIs are a framework or set of protocols used to develop and integrate software, so they can interact without learning how they're implemented. APIs allow various software to work together to share functions or data. As a result, they enable developers to create new software applications without duplicating the work, saving time and money while offering flexibility. Open banking APIs can enable data sharing as well as payments. The three most common types of APIs include Representational State Transfer (REST), Remote Procedure Call (RPC), and Simple Object Access Protocol (SOAP). Popular API uses include Google Maps, Paypal, and Twitter bots.
Automated clearing house (ACH)
ACH refers to a network through which electronic fund transfers from one bank to another are processed in the US. For example, when a sender initiates a payment through their bank using account and routing numbers, the ACH network transfers the funds from one financial institution to another.
The Federal Reserve and National Automated Clearing House Association (NACHA) process ACH payments and handle the rules and regulations for these transactions. Examples of transfers through ACH include direct deposits, payroll, tax refund deposits, and bill payments. In the US, most open banking payments utilize the ACH network.
Biometric authentication relies on a person’s unique physical or behavioral characteristics to confirm and authenticate identity, especially on a digital device. When a device is first used, biometric data (like a fingerprint) is registered, and subsequent attempts to access the device are compared against the registered data.
Unlike passwords, which can allow remote access if a hacker obtains the password, biometric authentication requires the person to be physically present and help make financial services more secure. It’s like using a key: you need to be standing in front of the lock, holding the key, to open the door. Except that each key is unique to the individual.
Clearing house interbank payments system (CHIPS)
CHIPS is a private payment network in the US that handles clearing and settlement transactions for domestic and international transactions between financial institutions. Owned by the Clearing House, an association representing the country's largest banks, CHIPS handles high-value transactions in real time, allowing institutions to transfer funds efficiently.
The Clearing House states, "CHIPS is the largest private sector USD clearing system in the world, clearing and settling $1.8 trillion in domestic and international payments per day." CHIPS is utilized by financial institutions for interbank transfers and is therefore not a strong candidate for open banking.
Data access networks (DAN)
A DAN is a computer network made up of software, servers, and storage devices that allow users to connect their data with third-party applications transparently and securely. A DAN aggregates data and offers a centralized location to store data, increasing efficiency and privacy, offering more control to users, lowering costs, and improving data accuracy through a single source of truth for various users.
In the US open banking context, DANs build authorized, secure connections to the partnered banks, and fintech startups like Link Money build services, such as pay by bank, with these API connections. In addition, a DAN must ensure secure access to data and compliance with regulations that safeguard privacy and security, for instance, through data encryption. Examples of DANs are Akoya and Fincity.
The Dodd-Frank Act
The Dodd-Frank Act was a financial regulation implemented in 2010 in response to the financial crisis in 2008. The Dodd-Frank Act was 2,300 pages and specified more than 400 new financial rules and mandates, including the creation of the Consumer Financial Protection Bureau (CFPB).
Section 1033 of the Dodd-Frank Act, signed in 2020, provided the legal basis for open banking in the US by stipulating that consumer financial service providers must make consumer information in their control easily available. Section 1033 provides no other guidance, though, in 2023 the CFPB announced it would provide a stronger regulatory framework in 2024.
In finance, data aggregation refers to the collection and analysis of financial information from sources such as credit cards, investment portfolios, and bank accounts to gather a holistic view of the customer's financial health. Account aggregation is one of the main use cases of open banking. Fintech companies typically use APIs to collect and analyze consumer data in a single dashboard, usually simplifying financial management and supporting better planning.
Embedded finance is the placement of financial products in a non-financial setting to enhance customer experience. Examples include white-labeled credit cards used by specific brands, such as Target and Walmart, a cafe's app with one-click payments, or a retail seller offering insurance. Open banking may be used as part of an embedded finance strategy to sync accounts or to facilitate payments.
The FedNow system is a real-time payment system being developed by the Federal Reserve Bank in the United States. It's designed to allow individuals and financial institutions to make instant transactions 24 hours a day, seven days a week. FedNow will compete with Zelle, creating a faster, more inclusive, and more accessible payment system for individuals and businesses. FedNow will be "push only" which means it's scope is limited and it will likely be a poor contender for consumer-to-business, especially subscription, payments. FedNow is expected to launch in mid-2023.
Financial data exchange (FDX)
The FDX is a nonprofit organization aimed to increase open banking initiatives and adoption across the US and Canada. FDX exists for the "broad adoption of the FDX API technical standard and is dedicated to five core principles of user-permissioned data sharing: Control, Access, Transparency, Traceability, and Security." In the absence of a strong regulatory framework governing US open banking, FDX offers an interoperable technical standard called the FDX API. The FDX has international members, including financial institutions, fintech, payment networks, data aggregators, and consumer groups.
Know your business (KYB)
KYB is part of a bank's onboarding process to assess the business's risks when a company becomes the bank's customer. KYB typically involves the bank collecting information from the business about the size of transactions, frequency, country of operation, legal structure, ownership, and financial history. Like KYC, KYB is an ongoing process to identify suspicious activity and ensure compliance with the USA PATRIOT Act.
Know your customer (KYC)
KYC in banking is a part of customer onboarding. It involves collecting and verifying a customer's identity to assess risk and ensure the bank complies with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. In the US, KYC aims to prevent financial crimes by detecting suspicious activity and ensuring compliance with the USA PATRIOT Act.
Open authorization 2 (OAuth2)
OAuth2 is an authorization protocol that allows users to share data with an application securely while keeping usernames, passwords, or other identifying information private. The flow is called an implicit grant flow, where a third-party application requests permission to access specific resources. The third-party application redirects the user to authenticate and grant approval, giving the user an access token to use the protected resources. This process provides users security and privacy while accessing resources—they can revoke access anytime. One example of OAuth2 is logging into a third-party application like Spotify using Facebook and choosing what information to share with Spotify. OAuth2 is the gold standard for open banking APIs and becoming more common.
Broadly, open finance refers to data sharing between a wide range of financial products and services including digital wallets, loan platforms, retirement accounts, and more. Open finance is more broad than open banking. By making financial data accessible across multiple financial platforms, open finance can create a more holistic view of the consumer.
Payment initiation service provider (PISP)
PISP refers to third-party service providers that are granted access to initiate payments on behalf of consumers in open banking. The term PISP originated in Europe in PSD2 and isn’t legally defined in the US yet. PISP makes financial transactions faster and more efficient by initiating payments directly from the bank account and eliminating the need for checks or credit cards. An example of a PISP includes Link Money, which allows fast, secure payments straight through a bank account.
Payment rails refer to the network that allows the digital transfer of funds from one institution to another. Payment rails can singularly serve one currency or country or operate cross-border in different currencies and countries. Payment rails often comprise intermediaries like banks, payment processors, and gateways that work collaboratively to process and settle transactions. Some common payment rails include ACH, credit cards, wire transfers, and even blockchain.
Personally identifiable information (PII)
PII in banking refers to any information that can be used to identify an individual, such as name, address, phone number, social security number, bank details, and driver's license number. In the US, the Gramm-Leach-Bliley Act (GLBA) requires banks to protect customers' data. Banks cannot use a customer's PII without explicit permission for specific instances, such as fraud prevention. PII is also protected by various U.S. state privacy laws.
Pull payments are when the payee requests the payer to send the money. While the payee has control over the payment and requests the funds, the payer must provide authorization for the funds to be debited. Once the transfer has been authorized, the payer can’t modify or cancel the transaction. Examples include ACH Debits, automatic bill payments, and credit cards.
In a push payment, the payer takes the initiative to send money to the payee. This means that the payer has full control over the payment, including the amount of money being sent, the recipient of the payment, and the timing of the payment. Examples of push payments include peer-to-peer (P2P) transfers like Venmo or Paypal, ACH Credits, Direct Deposit, and Cash.
Second Payment Services Directive (PSD2)
Launched in 2020, is a set of regulations for payment services and payment service providers in the European Union (EU). PSD2 was developed to foster competition and innovation in the EU’s financial services market; support a single, integrated payment system; enhance security; and bolster consumer data protection—particularly with the rise of open banking and third-party payment providers in the financial space.
Real-time payments (RTP)
Real-time payments are the instantaneous transfer of money between banks instead of the typical two or three-day period. There are different RTP networks throughout the world. In the US, there is the RTP network, operated by the Clearing House, and FedNow which will be rolled out in 2023. Other real-time payment networks around the world include Faster Payments Service in the UK, SEPA Instant Credit Transfer in the EU, Pix in Brazil, New Payments Platform in Australia, and UPI in India.
Third-party payment service providers (TPP)
TPP refers to third-party providers authorized to access customer accounts and conduct transactions, such as initiating payments, on their behalf. The term TPP originated in Europe in PSD2 and isn’t legally defined in the US yet. Types of TPP include AISP and PISP, and eligible third parties must comply with various regulations such as the General Data Protection Regulation (GDPR) in Europe.
Screen scraping is when a consumer shares their bank login information with a third-party application but the third-party stores the login credentials and then signs in as the consumer to share data and allow the app's services. This puts consumers and the merchants who use these third parties at risk, especially if the third-party apps aren't secure. Screen scraping is sometimes used by open banking providers, but as mentioned, it’s not a secure approach.
Strong customer authentication (SCA)
SCA is a European Union regulation intended to secure online and offline transactions and prevent fraud. SCA increases the security of customers' data and digital transactions by requiring two-factor authentication, either through a password, PIN, fingerprint, face ID, or mobile phone. The two-step verification intends to lower the risk of financial crimes surrounding customer data access and reduce the chances of unauthorized transactions.
Open banking is the natural evolution of the financial industry
Open banking is the natural progression of the financial services industry. With competitive financial offerings, it improves the customer experience through more choices, lower costs, and enhanced security. Moreover, open banking makes financial services companies more accessible, creating an inclusive financial environment in the industry's best interest. Want to see open banking in action? Contact us to see how open banking services can help your business.