Opening up for third parties via APIs in accordance with PSD2 - challenges and opportunities for financial institutions
The EU directive PSD2 stipulates that banks must provide interfaces through which third parties can read account information and initiate payments. The introduction of this directive aims to promote innovation in the banking sector and make online payments safer, more convenient and cheaper for customers.
Third-party access via APIs
To achieve this goal, banks must provide third parties with a pre-defined set of public APIs.
The API minimum set that PSD2 prescribes for banks includes the following points:
Account Information Services (AIS) to enable third parties to read data from different accounts in multibanking.
Payment Initiation Services (PIS) to enable third-party providers to trigger payment
Confirmation on the Availability of Funds (CAF) so that third parties can determine whether there is sufficient liquidity available
We offer Public APIs for the entire banking product portfolio, covering all PSD2 requirements and also providing banks with further opportunities to introduce new services and business models.
Data security - the most important aspect of open banking
In open banking, it is essential for banks to manage access control and authorisation processes according to the highest banking security standards in order to minimise the risk of fraud.
All CREALOGIX Public APIs follow the latest digital banking security standards and allow third parties access via OAUTH2. Our Identity Provider offers the OAUTH2 standard and is also secured by additional mechanisms such as dual authentication or an extra certification process for third party vendors.
The CREALOGIX Identity Provider is an independent solution that can be easily integrated into your system landscape and can work with any database.
The CREALOGIX approach for public APIs
As pioneers in digital banking, we see the introduction of public APIs not only as fulfilling the EU PSD2 directive, but also as an opportunity for banks to position themselves as attractive partners for their customers and differentiate themselves in the market through the provision of new services. In addition to the OAuth2 solution required by the EU and the API Store, our public API solution also offers banks an API management system that enables them to control and orchestrate their interfaces, including monitoring, tracking and monetisation.
The four pillars of the CREALOGIX Public API solution
Authorisation using the market standard for public APIs – OAUTH2
API domains as functional grouped interfaces which abstract technical dependencies
API management for banks and customers, including administering the on-boarding process, monitoring interfaces and their use, and monetisation models
API Store for presenting APIs to third-party vendors so that they can integrate them