Learn the core concepts of Open Banking

What is Open Banking?

Learn the key concepts behind Open Banking, its stakeholders, and the technologies involved.

Open Banking

The global financial services market is oligopolistic in nature. A few key players get to define market dynamics and the rate of innovation. Banks have the sole ownership of the customer data and they have the power to decide on the quality of services that the customer experiences.

Open banking advocates the revised Payment Service Directive (PSD2) and promotes greater financial transparency. It allows third parties to securely and rapidly build financial services with the use of open APIs.

Payment Service Directives

The Payment Services Directives, also known as PSD and PSD2, are two pieces of legislation (European Union directives) administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union and European Economic Area (EEA).


PSD2 is the revised Payment Service Directive, which was mandated in 2016. It stems from PSD1, which was mandated in 2009. PSD2 requires Europe's banks to give regulated third-party providers (TPPs) access to customers' account information and payment initiation with the customers' permission and consent.

Some of the benefits of PSD2 include:

  • The customers can manage their finances using third-party applications, e.g.- pay your bills using social media accounts.
  • More consumer choices and better online and mobile payment methods.
  • More opportunities for the financial technology companies to introduce new and innovative banking services.
  • Enhanced payment security.
  • Ability to standardize the payment systems and impose limits on transaction fees to ensure lower costs for the consumers.


There are six categories of stakeholders that actively participate in Open Banking.

  • PSU: Payment Service User (PSU) is a person who makes use of a payment service in the capacity of either a payer, payee, or both, i.e.- bank customer.
  • PSP/TPP: PSPs, also known as Third-Party Providers (TPPs), are authorized third-parties that allow merchants to accept payments through a single channel/third-party application and manage the entire transaction process from start to finish. TPPs can be categorized into three types AISPs, PISPs and ASPSPs.
  • AISP: Account Information Service Providers (AISPs) provide an aggregated view of the accounts a customer maintains with numerous banks along with their transaction details. To provide this facility AISPs should be authorized by the customer to view the corresponding transaction and balance information. The AISPs can also provide the facility to analyze the customer's spending patterns, expenses, and financial needs. The following diagram depicts a generic AISP flow.

    To view a live demo of the AISP flow of events, see AISP demo.
  • PISP: Payment Initiation Service Providers (PISPs) initiate credit transfers on behalf of a bank's customer. To provide this facility PISPs should be authorized by the customer to proceed with the payment. PISPs are responsible for the transaction flow starting from the moment a customer inputs the credit card details to the moment the funds appear in the merchant's bank account. The following diagram depicts a generic PISP flow.

    To view a live demo of the PISP flow of events, see PISP demo.
  • ASPSP: Account Servicing Payment Service Provider (ASPSP) is a PSP that provides and maintains a payment account for a payer, e.g.- banks and credit card issuers. The ASPSPs are obligated to grant access to the account and transaction data on their customersā€™ payment accounts through APIs.
  • Fintech: Fintech is another name for financial technology and is used to refer to a business that offers new and innovative financial services using software and modern technology. Fintechs have become quite a competitive challenge to banks that have more rigid, process-oriented structures in terms of adopting open banking.

TPP Onboarding

TPPs can create third-party applications to facilitate banking services exposed via APIs by banks.

Before getting TPPs connected with the Banks and onboard, they are subjected to a thorough verification. This verification includes a comprehensive sign-up process at the API Store, the developer portal of WSO2 Open Banking. For a TPP to start providing open banking services, it has to be registered under a Competent Authority, which is a regulatory body that authorizes and supervises the open banking services delivered by the TPP.