Open Banking Log   (O B L og)

The KYP (Know Your Provider) tool in your pocket.
Third Party Providers (TPPs) licensed by National Regulators are allowed to provide banking Account Information, Payment Initiation and Card related services across EU.

This means -- More providers, more services, better apps and user experience. Easier and faster payments. And thats all great!
... but, how could you gain confidence, that your money and data are in good hands?

Meet O B L og
OBLog mobile application is free!
Now available for Android from Google Play Store.

PSD2 and Open Banking

"Open banking" is the worldwide accepted term, used to address the fact that the banks can provide electronic access to their customers accounts.

In some countries the banks "opened" their data tresors on their own will, drived by digitalization and new business models based on API economy.

In other countries however, the "wind of change" came through a regulatory act. In the EU and the UK in particular, it was the "Directive (EU) 2015/2366 of the European Parliament and of the Council" or the well known PSD2.

At the beginning of PSD2, people were used to put equal sign between the PSD2 regualtion and Open Banking. Soon it became obvious that while PSD2 triggered the "revolution", it does not allow for true openness:
  • Dificult to fulfil regualtory criteria
  • Unclear regulatory guidance
  • Missing technical standards
  • etc., etc, etc,
Later some banks understood the inevitability and the oportunity of financial data sharing and started building partnerships and aliances with so called FinTechs.
Now the finance world is slowly entering the age of Openin Banking by providing even more than is required by the regulator.

Read more on Open banking and Open Finance on our extended information site.

Under PSD2 directive all banks which are servicing payment accounts (that's why in the context of PSD2 they are called ASPSP - Acount Servicing Payment Services Provider) MUST allow any licensed third parties to access their customers' transaction data.

This of course is only possible with the explicit and revokable customer consent granted individually to each application and service, which the user might decide to use.

At the same time the ASPS must ensure that the customers give the consent and the right to access their bank accounts only to authorized and trustworthy Third Party Providers (TPP). Banks also must make sure that only the bank account owners can utilize the third party sofware or services to access and manipulate their accounts and fiancial data. Shall the ASPS fail to implement a Strong Customer Authentication (SCA) or to establish Common and Secure Communication (CSC) with the Third Party Providers, it must in case of proved customer's loss, to compensate them accordingly without unnecessary delays and conditioning.

Pretty tough for the banks, isn't it. Of course banks have tools which when applied consistently can minimize the risks. First of all an authorized TPP must own a EIDAS certificate, which encyphers data which can and should be validated with every single request from that very Third Party Servicec provider. Sounds easy. Well it is not. Forget about the technical difficulties. While not trivial, it isn't a rocket science either. Many companies master thid kind of algorithms and most of the banks belong to this category of IT houses. The problems is the complexity of the European regulatory framework and fragmentation of the data spread accroos EU member states financial markets regulators. The single source of truth about validity of TPP authorization is the NCA (National Competent Authority) of the respective country, where the TPP head quarters are located. Banks must then implement connections to all 31 EU countries (including some participants outside of the EU but part of the EEC), and thes connections must be always operational and in sync. Not an easy task at all.

Some banks actually implement this connectors, while some others perorm the necessari TPP valiations using aggregation regualtory services provided by several (although not many) companies accross EU.

EBA

OBLOG

TPPs are legal entities licensed by EU members national banks aka NCA or the regional regulators.

They are entiteled to provide to their users a limited set of services like Account Information or Payment Initiation.

Learn more ...TPPs
PSU (Payment Services User) security is a key. PSD2 defines rules for SCA (Secure Customer Authentication) and CCA

Know Your Provider (KYP)


Open Banking Log   (O B L og)

The KYP (Know Your Provider) tool in your pocket.

The primary goal of OBLog is to facilitate transparency in the complex world of Open Banking.

Currently OBLog offers an API service and a Mobile application, which can be used to search and display registration data and statistics of PSD2 companies authorized to offer payment account related services in the European Union.

Foundational source of data are the official registers of EBA (Europena Banking Authority). Additionaly OBLog collects and federates several other sources to enhance the data and make it even more precise.

The mobile application (currently on Android mobile platform) allows to search and filter the registers in multiple ways, those making it a snap to check the status of any PSD2 authorized TPP. Different statistics can be calculated on the fly per several categories of data as well as for different time intervals. You can now use your mobile phone to check how many companies were registered in the last day, week or month. You can even find their names and registration details. The data sets are updated several times a day, so we to hav the most recent information available.

O B L og is brought to you by Applego

- an independent software vendor developing smart and secure solutions for the open economy.

Contacts
Visit us at: https://applego.com, or at our social network corners:
You can also directly:
call us on +420 776076123 or
drop us a line at info@oblog.org.
Writing Bachelor's Thesis