Open banking is changing the way we think about and interact with our finances, making it easier than ever to access fairer financial services. However, open banking is also known for its overuse of acronyms and jargon that can make it feel unapproachable and difficult to navigate.
To help you explore open banking and better understand how you can leverage it as both a business and a consumer, we’ve compiled a jargon buster to make common-but-complex terminology easy for everyone to grasp.
Account Information Services (AIS)
Enable businesses and institutions to share data with other financial providers, banks, and Third-Party Providers (TPPs). AIS can be used to analyse financial information and gain insights into account ownership and financial behaviours.
e.g. We use account information services to easily verify potential customers’ identities.
Account Information Service Provider (AISP)
An online service provider that collects financial information from businesses and consumers, including account details, balances, and transaction information from their bank accounts with the user’s consent. This can be used to gain insight into financial behaviour to provide you with better insights and gain access to the right financial solutions tailored to you.
e.g. Thanks to Account Information Service Providers (AISP) like Emma, I can easily track my spending habits to save more money every month.
Account Servicing Payment Service Provider (ASPSP)
Similar to banks and financial institutions, ASPSPs enable payment initiation and access to account information for TPPs. As a result of PSD2, all ASPSPs are required to participate in open banking.
e.g. Account Servicing Payment Service Providers (ASPSP) provide and maintain payment accounts for anyone using payment services.
Agent of AISP/AISP agent
Because businesses aren’t legally allowed to access a user’s data from their bank, they rely on AISPs - which are regulated by the FCA under PSD2 - to access the data on their behalf.
e.g. Yapily Connect gives AISP agents secure, regulated access to open banking and data through its infrastructure platform.
Application Programming Interface (API)
A type of software interface that provides a set of definitions, communication protocols, and tools to help developers easily build applications. APIs offer a way for two or more computer programs to “talk” to each other (i.e. share data).
e.g. Yapily provides high-performance open banking APIs, helping third-party providers connect to banks.
Card-Based Payment Instrument Issuer (CBPII)
Payment service providers that issue cards, which can be used to make purchases online and in person. These payments are taken via the card from one account, and sent to another account held by the merchant.
e.g. When the user tries to make a card payment, the CBPII uses open banking to confirm available funds before processing the payment.
Competition and Market Authority (CMA)
The competition regulator is a non-ministerial government department responsible for strengthening business competition and preventing and reducing anti-competitive activities. The CMA conducted a retail banking market investigation to improve how banks serve businesses and consumers. Open banking was born as a result of the investigation to decentralise banking information and open up banking services to TPPs.
e.g. The CMA and the Treasury on the future of open banking regulation will set up a working group on account-to-account payments.
Abbreviated from Competition and Markets Authority 9 (CMA 9)
The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. The CMA 9 includes: AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland).
e.g. The CMA 9 are required to provide API access to third-party providers.
eIDAS certificates
A European regulation that oversees electronic identification, authentication, and trust services. To participate in the open banking ecosystem, banks and TPPs need to prove their identity using secure communication operations based on these certificates.
e.g. By adhering to the guidelines set for technology under eIDAS, organisations are pushed towards using higher levels of information security and innovation.
European Banking Authority (EBA)
Established in 2011, the EBA is a regulatory agency in the European Union. Its objective is to maintain EU financial stability and safeguard the banking sector.
e.g. The European Banking Authority (EBA) issued its newsletter covering the guidelines on the role and responsibilities of compliance officers.
European Banking Authority Regulatory Technical Standards (EBA RTS)
Regulatory Technical Standards are a set of detailed compliance criteria set for all parties involved in areas such as data security and legal accountability. One example is strong customer authentication (SCA) guidelines, which require extra security steps to protect open banking users against fraud.
e.g. The proposed Regulatory Technical Standards on strong customer authentication and secure communication are key to achieving the objective of the PSD2 of enhancing consumer protection.
Electronic Money Issuers (EMI)
Digital alternatives to banks that operate through online platforms and are licensed to manage transactions and issue debit cards. A number of household names are EMIs, including AirBnB, American Express, eBay, PayPal and, of course, Yapily.
e.g. Electronic Money Institutions (EMIs) are the digital alternative of banks, operating through an online platform and licensed to manage transactions and issue debit cards.
Electronic Money Regulations (EMR)
Regulations that affect electronic money issuers and their customers. They aim to encourage more firms to set up electronic money schemes and introduce new protections and safeguards for their customers.
E.g. Electronic money issuers need to ensure they are up-to-date and compliant with The Electronic Money Regulations 2011 to avoid issues with their governing body.
Financial Conduct Authority (FCA)
A financial regulatory body in the United Kingdom that operates independently of the UK Government and is financed by membership fees. The FCA regulates the financial services industry and updates regulation as and when required, including PSD2.
e.g. The FCA’s role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers.
General Data Protection Regulation (GDPR)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. GDPR was designed to “harmonise” data privacy laws across all of its member countries and provide greater protection and rights to individuals, altering how businesses and other organisations can handle the information of those that interact with them.
e.g. GDPR gives individuals, prospects, customers, contractors, and employees more power over their data and restricts how organisations can collect, process, and store data.
Know Your Customer (KYC)
During the onboarding process, banks are legally required to verify the identities of their customers to reduce the risk of illegal transactions such as money laundering. In some cases, TPPs are also required to conduct KYC to reduce those risks.
e.g. Yapily Validate can be used to speed up KYC and customer onboarding.
Open Banking Implementation Entity (OBIE)
Otherwise known as Open Banking Limited, the OBIE works with the CMA 9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Yapily works closely with the OBIE to ensure we are aligned with the latest standard, leading to the best possible experience for our customers.
e.g. The future entity would build on the significant progress made to date by the OBIE to encourage innovation and support competition.
Open Banking Working Group (OBWG)
Established in 2015 by the UK Treasury to explore shared data in finance, the OBWG includes stakeholders from all of the relevant parties in open banking, including banks, TPPs, consumers, and open data groups.
e.g. The OBWG set out open banking standards to guide how open banking data should be created, shared and used by its owners.
Primary Business Contact (PBC)
This is a formal business point of contact and senior member of staff nominated by an organisation to have access to the Open Banking Directory and is responsible for systems and controls related to open banking. These contacts keep information up-to-date and allow banks, infrastructure providers, and TPPs to operate securely within the open banking ecosystem.
e.g. We need to reach out to the PBC to ensure that details on the directory are up-to-date.
Personal Finance Management (PFM)
Software that helps users manage their money. PFM often lets users categorise transactions and add accounts from multiple institutions into a single view, and typically includes data visualisations such as spending trends, budgets, and net worth.
e.g. The rise in budgeting apps and PFM software like Emma benefit consumers by giving them more control of their finances.
Payment Initiation Services Provider (PISP)
Provides the ability to make account-to-account payments. Where payments may have been made via card or bank transfer in the past, PISPs simplify the process by initiating payments directly from the user’s bank account to another account, cutting out the middleman and reducing associated costs.
e.g. Yapily Payments is used by PISPs to offer account-to-account payments, while bypassing the middleman.
The Second Payment Services Directive (PSD2)
An updated piece of legislation that was designed to force payment service providers to improve the customer authentication process and regulate third-party involvement. PSD2 mandates that banks must make it possible for a third party to access financial information that was traditionally only available to the banks, resulting in the birth of open banking.
e.g. It was planned that PSD2 would reduce fraud and make payments easier.
Payment Services Provider (PSP)
A Payment services provider is an entity which carries out regulated payment services. Comma is an example of a payments service provider that enables small businesses to access bulk payments through open banking, a service banks traditionally only offered to larger organisations.
e.g. Rather than relying on your bank there are PSPs available that offer specific payment solutions.
Payment Services Regulations (PSR)
The Payment Service Regulations 2017 set out the rules relating to all payment services including the services provided by banks, building societies, and debit card providers. The regulations provide several outlines, including what consumers can expect their bank to do if there has been unauthorised use of their account details or debit card. PSR also brought PSD2 into UK law, providing rules that all service providers must follow.
e.g. PSPs must comply with conduct of business requirements set out in the PSRs.
Payment Services User (PSU)
More commonly known as customers, a PSU is a person or business that uses a payment service including AISPs, PISPs, CBPIIs and ASPSPs to view, send or receive money. (Confused? Definitions to all of these acronyms are included in this glossary!).
e.g. The PSU paid their credit card bill through open banking, without the need to remember their card details.
Primary Technical Contact (PTC)
An individual nominated by their organisation to have access to the Open Banking Directory, they are also able to nominate other Directory technical users. Unlike the PBC the PTC is the main technical contact for any matter that concerns the Open Banking Directory, whereas the PBC is the point of contact for any business query.
e.g. “Do you need access to the directory? Reach out to Dan, he’s our PTC”.
Strong Customer Authentication (SCA)
A form of two-factor authentication, involving extra steps to reduce card fraud.
e.g. Updated legislation now means that apps are only required to gather SCA every 180 days, half as frequent as the previous 90 day mark.
Third-Party Providers (TPP)
An organisation that is regulated to communicate between banks and consumers or businesses to either initiate payments or retrieve and analyse financial information through an API. Traditionally, consumers and businesses would have to rely on banks to do what’s best for them, but open banking has given rise to a range of providers that offer tailored solutions built to solve specific problems. Third-party providers fall into one of two groups: payment initiation service providers (PISPs) or account information service providers (AISPs). Sometimes they could be both. You can view the full list of TPPs on the Open Banking Directory.
e.g. There are a number of TPPs available to help businesses access more tailored financial solutions that better meet their needs than traditional solutions.
Technical Service Providers (TSP)
Companies that work with regulated providers to deliver open banking products and services.
e.g. TSPs collaborate with regulated providers to securely provision the financial data.
Access to Accounts (XS2A)
Access to account services enables third-party providers to gain access to the bank accounts of EU consumers.
e.g. The format of certain request fields are not matching the XS2A requirements.