Last editedSep 20239 min read
As a concept, open banking has ignited a revolution in the financial industry, allowing users to finally take full advantage of their financial data. With the possibility of third-party access to bank accounts, financial data that was until now exclusively managed by banks can be used by third-party providers to offer a new range of products and services.
Open banking is regulated in the European Union by the revised Payments Service Directive (PSD2), and OBIE (Open Banking Implementation Entity) in the UK.
What is an open banking provider?
Essentially, open banking providers act as a middleman in the banking industry, allowing access to user interfaces designed to meet customer requirements to access their financial data efficiently and securely.
All third-party providers (TPPs) must be licensed and registered as digital service providers with the FCA (UK Financial Conduct Authority) in the UK and the respective designated entity in each EEA country.
TPP in open banking explained
Open banking third-party providers facilitate interaction between the bank and the customer. While typically consumers communicate directly with the bank, with a TPP, consumers communicate with their TPP who then interacts with the bank. It, therefore, functions as a kind of liaison.
What types of TPP are there, and what can they do?
There are two main types of TPPs:
Account Information Service Provider (AISP)
Payment Initiation Service Provider (PISP)
There are two types of TPPs offering specific services: Account Information Service Providers (AISP) and Payment Initiator Service Providers (PISP).
AISPs act on behalf of the bank to access customer information. They are authorised to view bank account information, but cannot initiate payments or transfers. Credit bureaus, for example, may use AISPs to check a customer’s credit history and creditworthiness.
PISPs, meanwhile, act on a consumer’s behalf to initiate payments. A PISP allows you to carry out online payments without the need for credit or debit card details.
How open banking works
With open banking, regulated TPPs are permitted access to your bank account data and can initiate payments. This access to your account, however, is only granted with your consent, which can be withdrawn at any time and keeps you in control.
Open banking can be used with any payment account that is accessible online. This includes but is not limited to, current accounts, credit cards and even some savings accounts.
Open banking, by way of TPPs, offers users the following feature:
Access to all account information in one place
Tools for managing debt
Apps for making bank payments via TPP
Tools for budgeting
To provide these features, TPPs will use software which operates either online or via a mobile app which interacts with the bank. Providers will also use the login information to access your bank account to obtain information for the bank. Naturally, for TPPs to be granted permission to do this, you will need to provide your explicit consent.
Open Banking TPPs: are they secure?
Any TPP offering open banking services must be regulated by the Data Protection Act in the UK.
A full list of regulated third-party providers can be found on the Open Banking website, where GoCardless is listed. All companies listed are enrolled in the OBIE’s Directory and therefore permitted to provide secure open banking-enabled services.
To remain extra safe while using open banking, however, you should implement the following strategies:
Always be cautious when receiving phone calls, emails, or messages claiming to be from your open banking service provider. Often fraudsters pose as legitimate providers, so make sure you don’t give away your financial information unless certain of the caller’s validity.
Ensure you thoroughly understand and agree with the level of access you are permitting to TPPs, as well as how your personal details will be used.
Always be sure that the TPP you opt for is authorised on the Open Banking website.
What is an Account Information Service Provider (AISP)?
An authorised AISP can access a user’s bank account data via their financial institution, but this only happens when the user provides explicit consent.
This access is, however, defined as “read-only”, which means that they can only see the information but cannot access the account. Therefore, it is not possible for the AISP to, for example, move money from that account.
A company that has an AISP licence also relies on other regulated companies that offer accounts. These are known as Account Servicing Payment Service Providers (ASPSPs) and include banks, credit card providers, payment institutions or building societies.
In the United Kingdom (UK), these types of companies have to register with the Financial Conduct Authority (FCA) to provide Account Information Services and are referred to as Registered Account Information Service Providers UK (RAISP UK).
How do AISPs work?
AISPs access financial data — provided that the user has consented to share that information — and use it to offer personalised and innovative financial products and services.
From savings insights to ethical investment, AISPs use advanced machine learning algorithms and data analytics to offer recommendations that are suited to the specific needs of a particular user.
This helps streamline financial processes, both for consumers and businesses. Consumers can, for example, access simplified tools to manage their personal finances, while businesses can have a clear financial overview from multiple sources — dramatically improving the decision-making process.
What is a Payment Initiation Service Provider (PISP)?
A Payment Initiation Service Provider (PISP) is able to access read-only data from a bank account, and they are also authorised to initiate payments on a customer’s behalf. PISPs can therefore be used to make payments directly from a bank account, removing the need for a debit or credit card.
Naturally, this lends itself well to retailers and other businesses that want to initiate bank-to-bank payments. However, PISPs are also used by financial management tools. These can move money between accounts automatically to ensure that the user does not incur overdraft fees by moving, for instance, money from a savings account into a current account.
PISPs can be very useful in simplifying buyer journeys, allowing businesses to connect directly with the bank accounts of frequent shoppers. This saves time and effort for the customer as payment information does not need to be repeatedly entered manually.
How do PISPs work?
A PISP uses open banking APIs to initiate bank account transactions. The customer no longer needs to log into their account to arrange a transaction; instead, it’s set up automatically like a card payment. As with a card payment, the customer authorises the transaction but instead of a PIN code, biometric data might be used or another secure form of login.
Benefits of using open banking PISPs
PISP providers are independent of any single bank, which means customers can use them regardless of where their current account is located. The payment process is streamlined and simple, with transactions easily authenticated using a mobile device or biometric log-in.
There are multiple benefits for businesses as well.
User-friendliness: making payment easier for customers helps build brand loyalty while reducing abandoned shopping cart rates.
Security: Bank transfers require tools like Strong Customer Authentication (SCA) to cut down on fraud. Only the customer can authenticate the transaction without passing any payment details to the merchant or provider. In turn, this reduces your business’s liability and risk.
Efficiency: while other types of bank payments can take several days to settle, PISP open banking payments are collected and settled on the same day. Payments can even arrive in your merchant account in a matter of seconds.
Reduced chargebacks: card payment carries the risk of chargebacks when a customer disputes a payment. PISP open banking payments prevent this from happening because the buyer is the one who ‘pushes’ the payment and makes the request.
Affordability: when compared to traditional payment gateways and banking services, PISP providers offer more transparent and affordable pricing models. Credit card charges often involve a list of small fees, not to mention the risk of fraud or chargeback costs.
Open banking enables businesses like yours to accept a broader range of payments from customers. So they can pay using the method that is easiest and most convenient for them. What’s more, open banking can enable businesses to avoid the extensive fees and confusing charges that can come with accepting credit and debit card payments.
This quick, easy and secure payment method facilitates bank-to-bank payments powered by open banking. Payment confirmation is instant, so you and your customer have complete peace of mind.
Because the process is carried out via payment request links, it’s super easy for businesses to get paid. The customer simply needs to click the link and follow the simple prompts.
Common benefits of PISP uses:
Financial management tools: many more modern PISP open banking solutions enable tools that transfer funds between accounts on the customer’s behalf to avoid fees.
Faster checkout: authorised PISPs can connect to the bank faster and automatically re-enter card details for every transfer. This allows customers to checkout faster.
Business solutions: PISP tools can also integrate fully with back-office systems, facilitating secure payment management and collections and allowing for real-time bank transfers.
Improved visibility: open banking is a more transparent platform that allows for greater payment visibility.
What is the difference between AISP and PISP?
One of the main differences between these services is that AISPs only manage data. A company with an AISP licence is limited to collecting data and presenting it and, therefore cannot provide services that lead to transactions.
An AISP’s main goal is to democratise access to financial data, aiding customers in taking control of their financial lives. Data is consolidated with user convenience in mind, usually by offering a single unified interface.
PISPs are service providers that can process payment transactions on behalf of a customer. These companies can withdraw money directly from your bank account but have to get your consent first.
What are the roles of AISPs and PISPs in open banking?
Good examples of AISP use cases
Money management tools: AISPs allow for personal finance management applications (PFMs) to be built. These applications allow customers to view information from multiple bank accounts from a single dashboard, whilst offering a multitude of features such as creating budgets, alerts for subscriptions, savings planning, etc.
Lending applications: unlike traditional lending companies, AISPs allow businesses to assess loan applications in a much faster manner and with higher precision. Open banking also allows lending companies to access detailed and up-to-date information about customers’ financial situations.
Good examples of PISP use cases
Financial management tools: payment initiation service providers can take PFMs to another level by allowing applications to allocate funds to savings accounts automatically, move money between accounts to avoid overdraft fees, and many other features.
Business solutions: PISPs allow the development of new tools that merge seamlessly with business frameworks, helping them manage and collect payments. Real-time bank account transfers can also be a great addition brought by PISPs.
Open banking API providers
An API, or Application Programming Interface, is a set of definitions and protocols for building and integrating software applications. Essentially, they allow developers to make their applications’ data and features available to other developers.
To know more about how they work and how they can be used, we’ve produced a detailed guide to APIs.
What is an API provider?
Open banking API providers are all the companies that, in one way or another, provide third-party access to bank accounts.
API providers are both AISPs and PISPs, since they provide APIs to facilitate their customers' access to open banking.
What are the basic security rules API providers need to follow?
All third-party providers need to be regulated and licensed to be active members of the open banking industry. Since the implementation of PSD2, payment services need to ensure compliance with a very specific set of regulations.
One of the main pillars of PSD2 regarding security and fraud reduction is the implementation of strong customer authentication, also known as SCA.
If you want to know more, we’ve produced a detailed guide to SCA. You can find below all the basics to understand how it works and why it is important.
Strong Customer Authentication has two main goals: reduce fraud and make online payments more secure. The application of SCA is done by using two-factor authentication (2FA), where customers need to provide two independent pieces of information to confirm their identity:
Something they own (e.g., smartphone)
Something they know (e.g., PIN code)
Something they are (e.g., fingerprint)
With this regulation, customers can be sure that no one will be able to impersonate them, and their financial information will be secure.
Some important API providers available in the UK
GoCardless — aggregates regulated bank APIs with major European banks in a single API. One can access the account holder's name, bank account number and historic transactions with their consent, for free.
Afterbanks — their technology is a key piece in scoring and account ownership verification processes for real-time loans. They also process payments by creating a single, standardized interface for all PSD2 APIs in Europe.
Token.io — allows financial institutions and other players in the payments ecosystem, such as merchants and payment processors, to build bank-direct payment methods and data aggregation solutions for their customers. The platform aims to raise security and reduce fraud and disintermediation. Unlike in-house developed solutions, Token supports the same API across all banks.
Saltedge — aggregate users’ bank accounts with their consent and get balances, and transaction data and verify their identity. Initiate payments and transfers from users’ accounts across Europe.
Tink — their open banking platform enables banks, fintechs, and startups across Europe to develop data-driven financial services. Through one API, Tink allows customers to access aggregated financial data, initiate payments, enrich transactions and build personal finance management tools.
Truelayer — enables companies to capitalise on new Open Banking initiatives in the UK, and the broader, European-wide PSD2 rules by providing secure, clear and simple access to banking infrastructure.
Budget Insight — provides APIs to access accounts on more than 300 European banks and 200 invoice providers.
Bud Financial — brings together data from multiple financial institutions via its proprietary aggregation technology. Bud’s machine learning capability uses lines of transactional data to understand users and to help highlight where they spend, how they can save and which financial services might be relevant for a user via the marketplace.
We Can Help
Payment solutions should be global, and GoCardless facilitates payment collection automation.
Features like Instant Bank Pay, a simple and convenient way of collecting one-off payments, allow GoCardless to harness the open banking infrastructure and regulations to enhance cash flow, decrease customer churn and provides a detailed overview of your company’s finances.
But don’t just take our word for it. Shane Williams, Customer Experience Director at Gravity Active Entertainment, says GoCardless’s Instant Bank Pay has improved both customer and employee experience: