Open banking glossary: the ABCs of PSD2

7 min read|Published May 12, 2021
Open banking glossary: the ABCs of PSD2

This is the moment for TPPs. The EBA, PSD2, the OBIE, and the CMA mean RTS on SCA and CSC ensure TSPs use APIs with measures such as eIDAS, QSEAL, and QWAC – similar to SSL/TLS. Therefore, TPS as AISPs or PISPs, can truly bring both benefits and confidence to ASPSPs and PSUs alike.* *What?

TL;DR – Quick summary
  • Open banking uses a lot of acronyms.

  • With so many terms like RTS, SCA, TPPs, eIDAS and DCR floating around, it can be hard to keep track of what people are talking about.

  • We’ve compiled a list of acronyms to explain what it all means.

TL;DR – Quick summary
  • Open banking uses a lot of acronyms.

  • With so many terms like RTS, SCA, TPPs, eIDAS and DCR floating around, it can be hard to keep track of what people are talking about.

  • We’ve compiled a list of acronyms to explain what it all means.

Every industry has its own language, buzzwords, jargon, and acronyms known as industry-speak. This is because people in the industry use the same terms over and over again so they develop shortcuts to save time.

Industry-speak, especially acronyms, is a part of branding and a way to build a community. Just like simplifying solutions to help build the future of financial services, it is important to simplify the language we use when speaking about it. But overusing industry-speak means you run the risk of isolating others.

Many of the acronyms used in open banking were introduced in connection with the Revised Directive on Payment Services or PSD2, and frankly, they can be a little confusing. This means it’s important to explain them, otherwise, people might have a hard time following you.

With this in mind, we have compiled a list of the most common open banking acronyms to help you make sense of it all. Nice of us, right?

Deciphering the open banking alphabet soup

AISP, aka Account Information Service Provider – AISPs are authorised to fetch payment account information but cannot initiate payments. They enable consumers to share their account transaction data with third-party providers; in turn, third-party providers can initiate payments on their behalf.

API, aka Application Programming Interface – APIs are a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.

ASPSP, aka Account Servicing Payment Service Provider – Banks or similar institutions which provide payment accounts.

CSC, aka Common and Secure open standards of Communication – Promotes standardised connectivity and encryption when TPPs connect to payment accounts.

CMA, aka Competition and Markets Authority – A non-ministerial government department in the United Kingdom that is responsible for strengthening business competition and preventing and reducing anti-competitive activities.

DCR, aka Dynamic Client Registration – DCR allows trusted third parties to register themselves with the ASPSP dynamically.

EBA, aka European Banking Authority – The EBA is an independent European Union (EU) Authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector.

eIDAS, aka Electronic IDentification, Authentication, and trust Service – An EU regulation on a set of standards for electronic identification and trust services for electronic transactions in the European Single Market.

OBIE, aka Open Banking Implementation Entity – OBIE is the company (Open Banking Ltd) set up by the nine largest banks in the UK on behalf of the CMA in 2016 to deliver Open Data standards for PSD2 in the United Kingdom.

PISP, aka Payment Initiation Services Provider – A PISP provides an online service to initiate a payment order at the request of the payment service user for a payment account held at another payment service provider.

PSD2, aka Second Payment Services Directive/Revised Payment Services Directive – An EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the EU and European Economic Area (EEA).

PSU, aka Payment Service User – Any natural or legal person making use of a payment service in the capacity of payer, payee, or both. In other words, any user that has access to a payment account through the customer interface.

QSEAL, aka Qualified Certificate for Electronic Seals – The QSEAL is used for identity verification at the application layer to protect transactional information from potential attacks. This means that the person receiving digitally signed data can be certain about who signed the data and that it has not been changed. QSEAL certificates are used to sign API/HTTP requests.

QTSP, aka Qualified Trust Service Provider – An entity that's qualified to provide trusted digital certificates under the eIDAS regulation.

QWAC, aka Qualified Website Authentication Certificate – QWAC provides identification at the transport layer. QWAC is similar to SSL/TLS. It is used for website authentication so that ASPSPs and TPPs can be certain of each other’s identity.

RTS, aka Regulatory Technical Standard – a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability, and other processes.

SCA, aka Strong Customer Authentication – Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a fingerprint or iris pattern]) that are independent, [so] the breach of one does not compromise the others and is designed in such a way as to protect the confidentiality of the authentication data.

SSA, aka Software Statement Assertion – The items of proof that third parties will present to banks to onboard as verified participants.

TPP, aka Third-Party Provider – A commonly used term in the industry. TPPs are organisations or natural persons who use APIs developed to PSD2 standards to access customer’s accounts to provide account information services and/or to initiate payments. TPPs are either PISPs, AISPs, or both.

TSP, aka Technical Service Provider – TSPs are companies that are contracted by regulated institutions to deliver open banking products or services.

VRP, aka Variable Recurring PaymentsVRPs enable consumers to securely authorise third parties to initiate payments from their bank account on an ongoing basis.

XS2A, aka Access to Account –Allows ASPSPs using APIs secure access to accounts in order to offer open banking services.

*Because legislators set rules for technology use, third-party providers can bring benefits and confidence to both banks and consumers.

More in Open banking

Loan application with Tink

2024-10-08

6 min read

Lending essentials: how enriched data solutions help lenders tackle constraints

Enhancing your affordability assessment with Tink’s data-enriched solutions helps you put an end to inaccurate data, prevent fraud in loan origination and stay compliant – read on to explore the benefits.

Read more

Tink Pay by Bank

2024-09-24

4 min read

Why Pay by Bank fits luxury retail like a glove

Pay by Bank offers a solution that addresses the potentially higher transaction fees and fraud risks while enhancing the customer experience for luxury retailers.

Read more

Tink and Nordea

2024-09-03

5 min read

Customer interview – Nordea on consumer engagement

We spoke to Nordea Product Manager Sami Mikkonen about enhancing their mobile app using open banking technology, focusing on improving consumer engagement and financial management.

Read more

Get started with Tink

Contact our team to learn more about what we can help you build – or create an account to get started right away.

Rocket