Open banking glossary: the ABCs of PSD2

7 min read|Published May 12, 2021
Open banking glossary: the ABCs of PSD2

This is the moment for TPPs. The EBA, PSD2, the OBIE, and the CMA mean RTS on SCA and CSC ensure TSPs use APIs with measures such as eIDAS, QSEAL, and QWAC – similar to SSL/TLS. Therefore, TPS as AISPs or PISPs, can truly bring both benefits and confidence to ASPSPs and PSUs alike.* *What?

TL;DR – Quick summary
  • Open banking uses a lot of acronyms.

  • With so many terms like RTS, SCA, TPPs, eIDAS and DCR floating around, it can be hard to keep track of what people are talking about.

  • We’ve compiled a list of acronyms to explain what it all means.

TL;DR – Quick summary
  • Open banking uses a lot of acronyms.

  • With so many terms like RTS, SCA, TPPs, eIDAS and DCR floating around, it can be hard to keep track of what people are talking about.

  • We’ve compiled a list of acronyms to explain what it all means.

Every industry has its own language, buzzwords, jargon, and acronyms known as industry-speak. This is because people in the industry use the same terms over and over again so they develop shortcuts to save time.

Industry-speak, especially acronyms, is a part of branding and a way to build a community. Just like simplifying solutions to help build the future of financial services, it is important to simplify the language we use when speaking about it. But overusing industry-speak means you run the risk of isolating others.

Many of the acronyms used in open banking were introduced in connection with the Revised Directive on Payment Services or PSD2, and frankly, they can be a little confusing. This means it’s important to explain them, otherwise, people might have a hard time following you.

With this in mind, we have compiled a list of the most common open banking acronyms to help you make sense of it all. Nice of us, right?

Deciphering the open banking alphabet soup

AISP, aka Account Information Service Provider – AISPs are authorised to fetch payment account information but cannot initiate payments. They enable consumers to share their account transaction data with third-party providers; in turn, third-party providers can initiate payments on their behalf.

API, aka Application Programming Interface – APIs are a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.

ASPSP, aka Account Servicing Payment Service Provider – Banks or similar institutions which provide payment accounts.

CSC, aka Common and Secure open standards of Communication – Promotes standardised connectivity and encryption when TPPs connect to payment accounts.

CMA, aka Competition and Markets Authority – A non-ministerial government department in the United Kingdom that is responsible for strengthening business competition and preventing and reducing anti-competitive activities.

DCR, aka Dynamic Client Registration – DCR allows trusted third parties to register themselves with the ASPSP dynamically.

EBA, aka European Banking Authority – The EBA is an independent European Union (EU) Authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector.

eIDAS, aka Electronic IDentification, Authentication, and trust Service – An EU regulation on a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.

OBIE, aka Open Banking Implementation Entity – OBIE is the company (Open Banking Ltd) set up by the nine largest banks in the UK on behalf of the CMA in 2016 to deliver Open Data standards for PSD2 in the United Kingdom.

PISP, aka Payment Initiation Services Provider – A PISP provides an online service to initiate a payment order at the request of the payment service user for a payment account held at another payment service provider.

PSD2, aka Second Payment Services Directive/Revised Payment Services Directive – An EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the EU and European Economic Area (EEA).

PSU, aka Payment Service User – Any natural or legal person making use of a payment service in the capacity of payer, payee, or both. In other words, any user that has access to a payment account through the customer interface.

QSEAL, aka Qualified Certificate for Electronic Seals – The QSEAL is used for identity verification at the application layer to protect transactional information from potential attacks. This means that the person receiving digitally signed data can be certain about who signed the data and that it has not been changed. QSEAL certificates are used to sign API/HTTP requests.

QTSP, aka Qualified Trust Service Provider – An entity that's qualified to provide trusted digital certificates under the eIDAS regulation.

QWAC, aka Qualified Website Authentication Certificate – QWAC provides identification at the transport layer. QWAC is similar to SSL/TLS. It is used for website authentication so that ASPSPs and TPPs can be certain of each other’s identity.

RTS, aka Regulatory Technical Standard – a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability, and other processes.

SCA, aka Strong Customer Authentication – Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a fingerprint or iris pattern]) that are independent, [so] the breach of one does not compromise the others and is designed in such a way as to protect the confidentiality of the authentication data.

SSA, aka Software Statement Assertion – The items of proof that third parties will present to banks to onboard as verified participants.

TPP, aka Third-Party Provider – A commonly used term in the industry. TPPs are organisations or natural persons who use APIs developed to PSD2 standards to access customer’s accounts to provide account information services and/or to initiate payments. TPPs are either PISPs, AISPs, or both.

TSP, aka Technical Service Provider – TSPs are companies that are contracted by regulated institutions to deliver open banking products or services.

VRP, aka Variable Recurring PaymentsVRPs enable consumers to securely authorise third parties to initiate payments from their bank account on an ongoing basis.

XS2A, aka Access to Account –Allows ASPSPs using APIs secure access to accounts in order to offer open banking services.

*Because legislators set rules for technology use, third-party providers can bring benefits and confidence to both banks and consumers.

More in Open banking

VCA/Tink open finance report


1 min read

Commercialising open finance – a VCA report

Tink worked with Visa Consulting and Analytics on a new white paper which details the state of play, direction of travel, and best open finance practices from around the world.

Read more

Instant Payments Regulation


6 min read

How the Instant Payments Regulation will change the EU payments landscape

We explore the details of the Instant Payments Regulation, as well as its benefits for consumers and PSPs – such as increased convenience, more innovation in the market, and reduced costs.

Read more

This image depicts a woman at a desk, holding a phone in position to scan the QR code of a paper invoice.


6 min read

Smart moves with smart meters: how commercial VRP could support pay-as-you-use billing models

Discover how variable recurring payments can transform smart meter billing into a more flexible user experience – and utility providers more ways to support financially vulnerable customers.

Read more

Get started with Tink

Contact our team to learn more about what we can help you build – or create an account to get started right away.