Jason Bloomberg, profile picture
Uploaded byJason Bloomberg
PPTX, PDF1,871 views

PSD2: Open Banking with APIs

The document discusses PSD2, a European regulation enhancing consumer protection and security in payment services, allowing direct API connections between merchants and banks. It outlines new business opportunities for third-party payment service providers and highlights the technological requirements for compliance including secure API connectivity and two-factor authentication. The presentation promotes Fiorano's solutions for facilitating this new regulatory landscape in the financial sector.

Downloaded 108 times
Jason Bloomberg Atul Saini • A leading industry analyst and expert on agile architecture • Advises on Digital transformation initiatives • Popular books by Jason - “The Agile Architecture Revolution” - “Service Orient or Be Doomed! How Service Orientation Will Change Your Business” Speaker Introduction • Founded Fiorano Software in 1995, Currently CEO & CTO • Been at the forefront of integration, SOA & peer- to-peer distributed processing • One of the first entrepreneurs to realize the power of Microservices
PSD2: Open Banking with APIs Jason Bloomberg President jason@intellyx.com @theebizwizard Copyright © 2017, Intellyx, LLC
About Jason Bloomberg • President of industry analyst firm Intellyx • Latest book The Agile Architecture Revolution • Published the Agile Digital Transformation Roadmap poster Copyright © 2016, Intellyx, LLC3
What is PSD2? • Payment Services Directive (PSD) – EU Directive, in force since 2007 – Regulates payment services & providers in Europe • PSD2 – Revises PSD, in the works since 2013 – Better consumer protection & security – Incorporates emerging payment methods – Direct connection between merchants & banks via APIs Copyright © 2016, Intellyx, LLC4 PhotoCredit:CharlesClegghttps://www.flickr.com/photos/glasgowamateur/
Global Impact • PSD2 one of many examples worldwide • Modern payment mechanisms must be global – Smartphone-based payments must work anywhere! • Regulations mandate change but require compliance with safeguards Copyright © 2016, Intellyx, LLC5 PhotoCredit:jasonWilsonhttps://www.flickr.com/photos/hive/
PSD2 Introduces & Regulates Third Parties • Third-party payment service providers (TPPs) – Payment Initiation Services Providers (PISPs) – Account Information Service Providers (AISPs) • New business opportunities • More parties to integrate with • TPPs will all be SaaS Copyright © 2016, Intellyx, LLC6
Direct Connection via APIs? • Transactions between merchants and banks have always gone through intermediaries • With PSD2, retailers get permission from consumer, interact directly with bank – API support on both sides – Raises bar on security – Consumer permission essential to compliance – Transactions in real-time, high performance, resilient Copyright © 2016, Intellyx, LLC7 PhotoCredit:GarfieldAnderssenhttps://www.flickr.com/photos/78855484@N03/
A New World • The old way: – B2B financial transactions over highly secure, closed networks – Point-to-point, proprietary formats • The new way: – Open APIs – RESTful, Internet-based interactions – Modern security protocols Copyright © 2016, Intellyx, LLC8 Regulators Expect APIs to work & be fully secure
Compliance Still Paramount • Never forget, PSD2 is a set of regulations – Compliance is mandatory – Compliance must be verifiable – If you experience a breach, you are out of compliance Copyright © 2016, Intellyx, LLC9 Blaming the Hackers Isn’t Good Enough! PhotoCredit:TnarikInnaelhttps://www.flickr.com/photos/tnarik/
Every Interaction Must Be Secure & Verifiable Copyright © 2016, Intellyx, LLC10 AISP Customer’s Bank MerchantPISP Merchant Web Site Merchant’s Bank Merchant Mobile Back End Customer
Jason Bloomberg President, Intellyx jason@intellyx.com @theebizwizard Download poster at AgileDigitalTransformation.com Thank You! Copyright © 2016, Intellyx, LLC
PSD2:Open Banking withAPIs Fiorano Webinar Entire Contents © 2010-17, Fiorano Software Inc. All rights reserved By: Atul Saini CEO & CTO Fiorano Software Inc.
Technology required for PSD2 Compliance APIs are the pivotal technology in the PSD2 regulation
Impact on Banks Before PSD2 Post PSD2 Banks need a secure gateway to expose customer account data and payment processes to 3rd parties.
What Fiorano can do for Banks Open up bank’s systems to provide access to 3rd party players of PSD2 ecosystem API Exposure Simplify the flow of transactions and payments bypassing manual entry of customer details Streamline Payments Provide added services to customers by wearing hats of PISP and AISP Value Added Services
Fiorano PSD2 Interface List of Banks List of Beneficiaries
System Architecture  Banks need API Management for interaction with PISP and other banks  PISP packages the transaction information from the user and sends it out to the banks PISP Bank 1 Bank 2 Bank 3 APIs APIs APIs
Key PSD2 Flow (Step 1) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Consumer consolidates all Bank accounts with PISP • Transfers can be from any Bank account to any Beneficiary in a single interface
Key PSD2 Flow (Step 2) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Secure, time-bound API tunnel created from PISP to Bank • CryptographicTrace, with ISO messages The PISP initiates the payment from customer bank to beneficiary bank <PIAN 1 message> ISO20022
Key PSD2 Flow (Step 2…) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Before transfer, customer reviews Exchange rates,Transfer fees,Time- guarantees, etc. • Transaction can be reversed if consumer is not satisfied with guarantees/rates The PISP initiates the payment from customer bank to beneficiary bank <PIAN 1 message> ISO20022 <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment
Key PSD2 Flow (Step 3) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • For each transaction over a certain limit (35-45 Euro), the Bank performs a 2-factor authentication over a range of devices/methods (mobile phones, email, etc.) • Overall timebound for complete transaction maintained <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment 2 Factor Authentication
Key PSD2 Flow (Step 4) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • After Bank executes transfer, confirmation sent to PISP via one-way messaging • PISP updates ‘front-office’ transaction record and maintains cryptographic trace <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment 2 Factor Authentication Post authentication the customer bank transfers the amount to the beneficiary’s bank
Key PSD2 Flow (Step 5) Customer The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Additional aknowledgements from Benefiary banks also recorded by both PISP and AISP 2 Factor Authentication Post authentication the customer bank transfers the amount to the beneficiary’s bank <1 way asynchronous message> Bank updates AISP & PISP with payment acknowledgement <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment Beneficiary’s Bank
Fiorano PSD2 Solution: Features Secured API connectivity via 256 bit encryption Security 2 factor authentication via email and mobile Complete view of financial accounts in a single view Transparency End-to-end visibility of transaction history Out of the box core banking integration Interoperability Fully customizable solution to promote innovation
PSD2 Requirements  Single view of entire financial account status of an individual  Complete financial transactional history for increased transparency  Strong authentication mechanism that allows 2 factor authentication  Enhanced security as confidential data is exposed to 3rd parties  Sandbox for banks to start exploring new business models under PSD2 compliance  Complete control on APIs to provide restrictive and selective permission access to different 3rd parties
Pre-requisites Customer has already authorized PISP to initiate payment on his behalf and the required information (includingSecurity Tokens, etc.) is available with the customer’s bank for verification The Merchant has the requiredCustomer Credentials / Security Token(s) (provided by Customer and Customer Bank during the setup process) to initiate payment via PISP Execution Flows (with PISP) PSD2 Execution Flows (PISP)
Execution Flows (with PISP) PSD2 Execution Flows (PISP) Customer Customer Bank Merchant/ Amazon Step 1: Customer places order on merchant website Step 2: Merchant contacts PISP which has been authorized by customer Step 3: PISP initiates the payment at customer’s bank via a secure Oauth connection Step 4: Customer Bank verifies PISP’s request, debits customer account and wires money to Merchant TransferWise (PISP) AISP Step 5: The Bank NotifiesAISP, PISP, and Merchant via one-way messages Step 6: AISP (optionally) sends notification to Customer
Single Portal for accessing your banks Banks Balance Bank A $ 2500 Bank B $ 4500 Bank C $ 1000 Beneficiary Bank ABC Bank A XYZ Bank B PQR Bank C Step 1: Customer chooses one of his banks from PISP to transfer money to a Beneficiary $ 500 Transaction Details Amount Beneficiary Customer Accounts Beneficiaries Transaction History
2 Factor Authentication PISP Step 2: PISP contacts Bank A via API Bank A Customer Step 3: CustomerAuthorizes the transaction via 2 factor authentication Bank C Step 4: Bank A completes the transaction by transferring $500 to PQR’s account in Bank C
Transaction History & Updated Balance Banks Balance Bank A $ 2000 Bank B $ 4500 Bank C $ 1000 Beneficiary Bank ABC Bank A XYZ Bank B PQR Bank C Step 5: Customer sees the updated account status and transaction history Transaction Details Amount Beneficiary Bank A to Bank C $ 500 PQR Customer Accounts Beneficiaries Transaction History
The presentations are now concluded. Please stand by for the Q&A session Atul Saini CEO & CTO Fiorano Software Inc. ©Copyright FioranoSoftware, Inc, and its affiliates. Fiorano ESB, Fiorano Middleware Platform SOA, FioranoMQ,Fiorano JMS server and Fioranologo are trademarks or registered trademarks of Fioranoand its affiliates. The data and information contained herein may not be reproduced, published or distributed to, or for, any third parties without the express prior written consent of Fiorano. Products and names, if mentioned in the presentation are the property of their respective owners and the mention of them does not constitute an endorsement by Fiorano. www.fiorano.com ThankYou To find out more about Fiorano solutions, please visit www.fiorano.com or Email us at sales@fiorano.com.
NextSteps… Please type in your questions using the Chat Q&A windowQ&ASession in Progress To find out more about Fiorano solutions, please visit www.fiorano.com or Email us at sales@fiorano.com.
ThankYou for joining us today To find out more about Fiorano solutions, please visit www.fiorano.com or Email us at sales@fiorano.com. AMERICA’S Fiorano Software, Inc. 230 S. California Avenue Suite 103 Palo Alto, CA 94306 USA Tel: +1 650 326 1136 Fax: +1 646 607 5875 Toll-Free: +1 800 663 3621 Email: info@fiorano.com EMEA Fiorano Software Ltd 3000 Hillswood Drive Hillswood Business Park Chertsey Surrey KT16 0RS UK Tel: +44 (0) 1932 895005 Fax: +44 (0) 1932 325413 Email: info_uk@fiorano.com APAC Fiorano Software Pte. Ltd. Level 42, Suntec Tower Three 8 Temasek Boulevard Singapore 038988 Tel: +65 68292234 Fax: +65 68292235 Email: info_asiapac@fiorano.com ThisWebinar has now concluded. We will appreciate if you can complete the feedback form displayed at the end of the webinar

More Related Content

PPTX
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
PDF
PSD2 - An Open Banking Revolution
byKillian Clifford
 
PPTX
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
byapidays
 
PDF
Psd2 in a nutshell
byInitio
 
PDF
PSD2 & Open Banking
bysenakafdo
 
PPTX
APIdays Singapore 2019 - Introduction to essential elements of Open Banking F...
byapidays
 
PDF
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
byWSO2
 
PDF
[Workshop] Business Benefits and Digital Transformation through Open Banking
byWSO2
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
byRogue Wave Software
 
PSD2 - An Open Banking Revolution
byKillian Clifford
 
APIdays Singapore 2019 - Global Open Banking Frameworks and Standards: Luca F...
byapidays
 
Psd2 in a nutshell
byInitio
 
PSD2 & Open Banking
bysenakafdo
 
APIdays Singapore 2019 - Introduction to essential elements of Open Banking F...
byapidays
 
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
byWSO2
 
[Workshop] Business Benefits and Digital Transformation through Open Banking
byWSO2
 

What's hot

PPTX
PSD2: Implementing APIs that interoperate with ISO 20022
byXMLdation Ltd
 
PPTX
Psd2 challenges
byGoran Angelov
 
PPTX
Webinar: Technology Insights - PSD2
byUlla Kenttä
 
PPTX
APIdays Singapore 2019 - Securing Value in API Ecosystems, Ajay Biyani, Head ...
byapidays
 
PPTX
Open Banking - Opening the door to Digital Transformation
byWSO2
 
PPTX
Open Banking APIs with case studies for senior stakeholders
byMimi Ajayi, PMC
 
PPTX
APIdays Singapore 2019 - Promoting Financial Inclusion with an Open Banking M...
byapidays
 
PPTX
Open banking-Future of Banking
byfarhan ali
 
PPTX
The Global Influence of Open Banking, API Security, and an Open Data Perspective
byRogue Wave Software
 
PDF
APIdays Singapore 2019 - Open Banking is Here to Stay: How Will You Benefit f...
byapidays
 
PDF
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
PDF
API is the New Black
byPaymentComponents
 
PDF
PSD2: Making it actionable
byBackbase
 
PDF
Holos psd2 open-api
byCapgemini
 
PPTX
Webinar materials | PSD2: Ensuring a seamless payments journey - connecting A...
byXMLdation Ltd
 
PDF
Big Data Helsinki v 3 | "What you should know about PSD2 APIs?" - Joonas Tomperi
byDataconomy Media
 
PDF
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
byWSO2
 
PDF
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
byFinTechLabs.io
 
PDF
APIs as a new Banking Channel
byPaymentComponents
 
PSD2: Implementing APIs that interoperate with ISO 20022
byXMLdation Ltd
 
Psd2 challenges
byGoran Angelov
 
Webinar: Technology Insights - PSD2
byUlla Kenttä
 
APIdays Singapore 2019 - Securing Value in API Ecosystems, Ajay Biyani, Head ...
byapidays
 
Open Banking - Opening the door to Digital Transformation
byWSO2
 
Open Banking APIs with case studies for senior stakeholders
byMimi Ajayi, PMC
 
APIdays Singapore 2019 - Promoting Financial Inclusion with an Open Banking M...
byapidays
 
Open banking-Future of Banking
byfarhan ali
 
The Global Influence of Open Banking, API Security, and an Open Data Perspective
byRogue Wave Software
 
APIdays Singapore 2019 - Open Banking is Here to Stay: How Will You Benefit f...
byapidays
 
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
API is the New Black
byPaymentComponents
 
PSD2: Making it actionable
byBackbase
 
Holos psd2 open-api
byCapgemini
 
Webinar materials | PSD2: Ensuring a seamless payments journey - connecting A...
byXMLdation Ltd
 
Big Data Helsinki v 3 | "What you should know about PSD2 APIs?" - Joonas Tomperi
byDataconomy Media
 
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
byWSO2
 
Open Banking: Lessons from the UK #fapisum - Japan/UK Open Banking and APIs S...
byFinTechLabs.io
 
APIs as a new Banking Channel
byPaymentComponents
 

Similar to PSD2: Open Banking with APIs

PPTX
Fintech workshop Part II - Law Society of Hong Kong - Xccelerate
byHenrique Centieiro
 
PDF
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
PDF
ACI Universal Payments for a Real-Time Payments Hub - product flyer - US
byDomenico Scaffidi
 
PDF
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
byAccenture Italia
 
PDF
APIdays London 2019 - PSD2 Solutions, What we have learnt and what lies ahead...
byapidays
 
PDF
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
byStarttech Ventures
 
PDF
Sibos 2016 - Access to Account
byAya El Mernissi
 
PDF
Psd2 infography
byinfosistema
 
PDF
Le monde des paiements à l'ère de PSD2 - Défis et opportunités
byForums financiers de Wallonie
 
PDF
aplonAPI Product Presentation
byPaymentComponents
 
PDF
Pytch psd2 compliance pack
byCemal Hamitogullari
 
PDF
Pytch psd2 compliance pack
byCemal Hamitogullari
 
PDF
The Human Chain Open Banking - The Future of Payments White Paper V1.1
byBrendan Jones
 
PDF
JF Delorme - DXC
byJean-François Delorme
 
PPTX
PSD2: The Advent of the New Payments Market in Europe
byTransUnion
 
PPTX
Agile and Adaptable Technology Platforms - Easing the Insanity of the Post PS...
byWSO2
 
PDF
Go Beyond PSD2 Compliance with Digital Identity
byForgeRock
 
PDF
EPA PSD2 Presentation 23 February 2016
byJohn Pauley
 
PPTX
PSD2: It’s Open Banking, not just Open Payments by Paul Rohan - FinTech Belgi...
byFinTech Belgium
 
PDF
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 
Fintech workshop Part II - Law Society of Hong Kong - Xccelerate
byHenrique Centieiro
 
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
ACI Universal Payments for a Real-Time Payments Hub - product flyer - US
byDomenico Scaffidi
 
PSD2 e Instant payments: l’evoluzione attesa dei pagamenti online, in store e...
byAccenture Italia
 
APIdays London 2019 - PSD2 Solutions, What we have learnt and what lies ahead...
byapidays
 
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
byStarttech Ventures
 
Sibos 2016 - Access to Account
byAya El Mernissi
 
Psd2 infography
byinfosistema
 
Le monde des paiements à l'ère de PSD2 - Défis et opportunités
byForums financiers de Wallonie
 
aplonAPI Product Presentation
byPaymentComponents
 
Pytch psd2 compliance pack
byCemal Hamitogullari
 
Pytch psd2 compliance pack
byCemal Hamitogullari
 
The Human Chain Open Banking - The Future of Payments White Paper V1.1
byBrendan Jones
 
JF Delorme - DXC
byJean-François Delorme
 
PSD2: The Advent of the New Payments Market in Europe
byTransUnion
 
Agile and Adaptable Technology Platforms - Easing the Insanity of the Post PS...
byWSO2
 
Go Beyond PSD2 Compliance with Digital Identity
byForgeRock
 
EPA PSD2 Presentation 23 February 2016
byJohn Pauley
 
PSD2: It’s Open Banking, not just Open Payments by Paul Rohan - FinTech Belgi...
byFinTech Belgium
 
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 

More from Jason Bloomberg

PPTX
The customer journey, digital transformation, and you
byJason Bloomberg
 
PPTX
The cyber house of horrors - securing the expanding attack surface
byJason Bloomberg
 
PPTX
Effective Management of Docker Containers
byJason Bloomberg
 
PPTX
Avoiding the Bimodal Disaster - New Life for Enterprise Architecture
byJason Bloomberg
 
PPTX
How the Cloud Fixes Bimodal IT
byJason Bloomberg
 
PPTX
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
byJason Bloomberg
 
PPTX
The Rise of the Open Source ESB
byJason Bloomberg
 
PPTX
Removing roadblocks to digital transformation
byJason Bloomberg
 
PPTX
Restarting enterprise architecture in the age of digital transformation
byJason Bloomberg
 
PPTX
Open source containers built for real time interactions
byJason Bloomberg
 
PPTX
Unleashing the power of machine learning for it ops management
byJason Bloomberg
 
PPTX
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
byJason Bloomberg
 
PPTX
Innovation processes in the age of digital transformation
byJason Bloomberg
 
PPTX
Are microservices 'soa done right'?
byJason Bloomberg
 
PPTX
Innovation in the age of digital transformation
byJason Bloomberg
 
PPTX
Digital and the api economy - don't forget your systems of record
byJason Bloomberg
 
PDF
Four considerations when monitoring microservices
byJason Bloomberg
 
PPTX
Avoiding the perils and pitfalls of cloud based integration
byJason Bloomberg
 
PPTX
Certes webinar securing the frictionless enterprise
byJason Bloomberg
 
PPTX
Digital transformation & dev ops - two sides of same revolution
byJason Bloomberg
 
The customer journey, digital transformation, and you
byJason Bloomberg
 
The cyber house of horrors - securing the expanding attack surface
byJason Bloomberg
 
Effective Management of Docker Containers
byJason Bloomberg
 
Avoiding the Bimodal Disaster - New Life for Enterprise Architecture
byJason Bloomberg
 
How the Cloud Fixes Bimodal IT
byJason Bloomberg
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
byJason Bloomberg
 
The Rise of the Open Source ESB
byJason Bloomberg
 
Removing roadblocks to digital transformation
byJason Bloomberg
 
Restarting enterprise architecture in the age of digital transformation
byJason Bloomberg
 
Open source containers built for real time interactions
byJason Bloomberg
 
Unleashing the power of machine learning for it ops management
byJason Bloomberg
 
WEBINAR: API Clouds for Faster APIs: Leveraging Existing Assets for the API ...
byJason Bloomberg
 
Innovation processes in the age of digital transformation
byJason Bloomberg
 
Are microservices 'soa done right'?
byJason Bloomberg
 
Innovation in the age of digital transformation
byJason Bloomberg
 
Digital and the api economy - don't forget your systems of record
byJason Bloomberg
 
Four considerations when monitoring microservices
byJason Bloomberg
 
Avoiding the perils and pitfalls of cloud based integration
byJason Bloomberg
 
Certes webinar securing the frictionless enterprise
byJason Bloomberg
 
Digital transformation & dev ops - two sides of same revolution
byJason Bloomberg
 

Recently uploaded

PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
PDF
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PDF
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
PDF
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
MathML Core in WebKit
byIgalia
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
OpenObserve as a replacement for Elasticsearch
byAlireza Kamrani
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
MathML Core in WebKit
byIgalia
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
WebXR in Android and Linux with OpenXR
byIgalia
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 

PSD2: Open Banking with APIs

  • 1.
    Jason Bloomberg AtulSaini • A leading industry analyst and expert on agile architecture • Advises on Digital transformation initiatives • Popular books by Jason - “The Agile Architecture Revolution” - “Service Orient or Be Doomed! How Service Orientation Will Change Your Business” Speaker Introduction • Founded Fiorano Software in 1995, Currently CEO & CTO • Been at the forefront of integration, SOA & peer- to-peer distributed processing • One of the first entrepreneurs to realize the power of Microservices
  • 2.
    PSD2: Open Banking withAPIs Jason Bloomberg President [email protected] @theebizwizard Copyright © 2017, Intellyx, LLC
  • 3.
    About Jason Bloomberg •President of industry analyst firm Intellyx • Latest book The Agile Architecture Revolution • Published the Agile Digital Transformation Roadmap poster Copyright © 2016, Intellyx, LLC3
  • 4.
    What is PSD2? •Payment Services Directive (PSD) – EU Directive, in force since 2007 – Regulates payment services & providers in Europe • PSD2 – Revises PSD, in the works since 2013 – Better consumer protection & security – Incorporates emerging payment methods – Direct connection between merchants & banks via APIs Copyright © 2016, Intellyx, LLC4 PhotoCredit:CharlesClegghttps://www.flickr.com/photos/glasgowamateur/
  • 5.
    Global Impact • PSD2one of many examples worldwide • Modern payment mechanisms must be global – Smartphone-based payments must work anywhere! • Regulations mandate change but require compliance with safeguards Copyright © 2016, Intellyx, LLC5 PhotoCredit:jasonWilsonhttps://www.flickr.com/photos/hive/
  • 6.
    PSD2 Introduces &Regulates Third Parties • Third-party payment service providers (TPPs) – Payment Initiation Services Providers (PISPs) – Account Information Service Providers (AISPs) • New business opportunities • More parties to integrate with • TPPs will all be SaaS Copyright © 2016, Intellyx, LLC6
  • 7.
    Direct Connection viaAPIs? • Transactions between merchants and banks have always gone through intermediaries • With PSD2, retailers get permission from consumer, interact directly with bank – API support on both sides – Raises bar on security – Consumer permission essential to compliance – Transactions in real-time, high performance, resilient Copyright © 2016, Intellyx, LLC7 PhotoCredit:GarfieldAnderssenhttps://www.flickr.com/photos/78855484@N03/
  • 8.
    A New World •The old way: – B2B financial transactions over highly secure, closed networks – Point-to-point, proprietary formats • The new way: – Open APIs – RESTful, Internet-based interactions – Modern security protocols Copyright © 2016, Intellyx, LLC8 Regulators Expect APIs to work & be fully secure
  • 9.
    Compliance Still Paramount •Never forget, PSD2 is a set of regulations – Compliance is mandatory – Compliance must be verifiable – If you experience a breach, you are out of compliance Copyright © 2016, Intellyx, LLC9 Blaming the Hackers Isn’t Good Enough! PhotoCredit:TnarikInnaelhttps://www.flickr.com/photos/tnarik/
  • 10.
    Every Interaction MustBe Secure & Verifiable Copyright © 2016, Intellyx, LLC10 AISP Customer’s Bank MerchantPISP Merchant Web Site Merchant’s Bank Merchant Mobile Back End Customer
  • 11.
    Jason Bloomberg President, Intellyx [email protected] @theebizwizard Downloadposter at AgileDigitalTransformation.com Thank You! Copyright © 2016, Intellyx, LLC
  • 12.
    PSD2:Open Banking withAPIs Fiorano Webinar EntireContents © 2010-17, Fiorano Software Inc. All rights reserved By: Atul Saini CEO & CTO Fiorano Software Inc.
  • 13.
    Technology required for PSD2 Compliance APIs arethe pivotal technology in the PSD2 regulation
  • 14.
    Impact on Banks Before PSD2Post PSD2 Banks need a secure gateway to expose customer account data and payment processes to 3rd parties.
  • 15.
    What Fiorano can dofor Banks Open up bank’s systems to provide access to 3rd party players of PSD2 ecosystem API Exposure Simplify the flow of transactions and payments bypassing manual entry of customer details Streamline Payments Provide added services to customers by wearing hats of PISP and AISP Value Added Services
  • 16.
    Fiorano PSD2 Interface List ofBanks List of Beneficiaries
  • 17.
    System Architecture  Banks needAPI Management for interaction with PISP and other banks  PISP packages the transaction information from the user and sends it out to the banks PISP Bank 1 Bank 2 Bank 3 APIs APIs APIs
  • 18.
    Key PSD2 Flow (Step1) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Consumer consolidates all Bank accounts with PISP • Transfers can be from any Bank account to any Beneficiary in a single interface
  • 19.
    Key PSD2 Flow (Step2) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Secure, time-bound API tunnel created from PISP to Bank • CryptographicTrace, with ISO messages The PISP initiates the payment from customer bank to beneficiary bank <PIAN 1 message> ISO20022
  • 20.
    Key PSD2 Flow (Step2…) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Before transfer, customer reviews Exchange rates,Transfer fees,Time- guarantees, etc. • Transaction can be reversed if consumer is not satisfied with guarantees/rates The PISP initiates the payment from customer bank to beneficiary bank <PIAN 1 message> ISO20022 <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment
  • 21.
    Key PSD2 Flow (Step3) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • For each transaction over a certain limit (35-45 Euro), the Bank performs a 2-factor authentication over a range of devices/methods (mobile phones, email, etc.) • Overall timebound for complete transaction maintained <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment 2 Factor Authentication
  • 22.
    Key PSD2 Flow (Step4) Customer Beneficiary’s Bank The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • After Bank executes transfer, confirmation sent to PISP via one-way messaging • PISP updates ‘front-office’ transaction record and maintains cryptographic trace <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment 2 Factor Authentication Post authentication the customer bank transfers the amount to the beneficiary’s bank
  • 23.
    Key PSD2 Flow (Step5) Customer The customer asks the PISP to transfer X amount to a beneficiary PISP Customer’s Bank AISP • Additional aknowledgements from Benefiary banks also recorded by both PISP and AISP 2 Factor Authentication Post authentication the customer bank transfers the amount to the beneficiary’s bank <1 way asynchronous message> Bank updates AISP & PISP with payment acknowledgement <PIAN 2 message> ISO20022 - Exchange Rate - Transfer Fee - Time required for payment Beneficiary’s Bank
  • 24.
    Fiorano PSD2 Solution: Features Secured API connectivity via256 bit encryption Security 2 factor authentication via email and mobile Complete view of financial accounts in a single view Transparency End-to-end visibility of transaction history Out of the box core banking integration Interoperability Fully customizable solution to promote innovation
  • 25.
    PSD2 Requirements  Single viewof entire financial account status of an individual  Complete financial transactional history for increased transparency  Strong authentication mechanism that allows 2 factor authentication  Enhanced security as confidential data is exposed to 3rd parties  Sandbox for banks to start exploring new business models under PSD2 compliance  Complete control on APIs to provide restrictive and selective permission access to different 3rd parties
  • 26.
    Pre-requisites Customer has alreadyauthorized PISP to initiate payment on his behalf and the required information (includingSecurity Tokens, etc.) is available with the customer’s bank for verification The Merchant has the requiredCustomer Credentials / Security Token(s) (provided by Customer and Customer Bank during the setup process) to initiate payment via PISP Execution Flows (with PISP) PSD2 Execution Flows (PISP)
  • 27.
    Execution Flows (withPISP) PSD2 Execution Flows (PISP) Customer Customer Bank Merchant/ Amazon Step 1: Customer places order on merchant website Step 2: Merchant contacts PISP which has been authorized by customer Step 3: PISP initiates the payment at customer’s bank via a secure Oauth connection Step 4: Customer Bank verifies PISP’s request, debits customer account and wires money to Merchant TransferWise (PISP) AISP Step 5: The Bank NotifiesAISP, PISP, and Merchant via one-way messages Step 6: AISP (optionally) sends notification to Customer
  • 28.
    Single Portal for accessing yourbanks Banks Balance Bank A $ 2500 Bank B $ 4500 Bank C $ 1000 Beneficiary Bank ABC Bank A XYZ Bank B PQR Bank C Step 1: Customer chooses one of his banks from PISP to transfer money to a Beneficiary $ 500 Transaction Details Amount Beneficiary Customer Accounts Beneficiaries Transaction History
  • 29.
    2 Factor Authentication PISP Step 2: PISPcontacts Bank A via API Bank A Customer Step 3: CustomerAuthorizes the transaction via 2 factor authentication Bank C Step 4: Bank A completes the transaction by transferring $500 to PQR’s account in Bank C
  • 30.
    Transaction History & Updated Balance Banks Balance Bank A$ 2000 Bank B $ 4500 Bank C $ 1000 Beneficiary Bank ABC Bank A XYZ Bank B PQR Bank C Step 5: Customer sees the updated account status and transaction history Transaction Details Amount Beneficiary Bank A to Bank C $ 500 PQR Customer Accounts Beneficiaries Transaction History
  • 31.
    The presentations arenow concluded. Please stand by for the Q&A session Atul Saini CEO & CTO Fiorano Software Inc. ©Copyright FioranoSoftware, Inc, and its affiliates. Fiorano ESB, Fiorano Middleware Platform SOA, FioranoMQ,Fiorano JMS server and Fioranologo are trademarks or registered trademarks of Fioranoand its affiliates. The data and information contained herein may not be reproduced, published or distributed to, or for, any third parties without the express prior written consent of Fiorano. Products and names, if mentioned in the presentation are the property of their respective owners and the mention of them does not constitute an endorsement by Fiorano. www.fiorano.com ThankYou To find out more about Fiorano solutions, please visit www.fiorano.com or Email us at [email protected].
  • 32.
    NextSteps… Please type inyour questions using the Chat Q&A windowQ&ASession in Progress To find out more about Fiorano solutions, please visit www.fiorano.com or Email us at [email protected].
  • 33.
    ThankYou for joining us today Tofind out more about Fiorano solutions, please visit www.fiorano.com or Email us at [email protected]. AMERICA’S Fiorano Software, Inc. 230 S. California Avenue Suite 103 Palo Alto, CA 94306 USA Tel: +1 650 326 1136 Fax: +1 646 607 5875 Toll-Free: +1 800 663 3621 Email: [email protected] EMEA Fiorano Software Ltd 3000 Hillswood Drive Hillswood Business Park Chertsey Surrey KT16 0RS UK Tel: +44 (0) 1932 895005 Fax: +44 (0) 1932 325413 Email: [email protected] APAC Fiorano Software Pte. Ltd. Level 42, Suntec Tower Three 8 Temasek Boulevard Singapore 038988 Tel: +65 68292234 Fax: +65 68292235 Email: [email protected] ThisWebinar has now concluded. We will appreciate if you can complete the feedback form displayed at the end of the webinar