WSO2 Open Banking Getting your API Management Strategy on Point for PSD2 Compliance Lalaji Sureshika Technical Lead, Financial Solutions
WSO2 Open BankingGetting your API Management Strategy on Point for PSD2
Compliance
Lalaji SureshikaTechnical Lead, Financial Solutions
Agenda
● Recap on PSD2
● EBA Mandated Requirements for API Management in a Compliance
Solution
● An API Management Checklist for PSD2 Compliance
● API Management Capabilities of WSO2 Open Banking
● Demo
Payment Services Directive 2 EU Directive that applies to all Banks operating in the EU that regulates payment services throughout the EU, with a compliance deadline of January 2018
What does PSD2 change?
Bank A
Bank B
Bank C
Merchant
TPP(PISP/AISP)
PSD2
Bank A
Bank B
Bank C
Merchant
XS2A - Access to Account
Now Now
EBA Mandated PSD2 Requirements
● Article 27 -
Communication Interface
● Article 28 - Obligations for
dedicated interface
● Article 29 - Certificates
● Article 30 - Security of
communication session
● Article 31 -Data
exchanges
RTS SCA
Assess and notify operational &
security incidents based on ;
● Transactions Affected
● Service Downtime
● Payment Service Users
Affected
● Economic Impact
● Other payment services
affected
more..
GL on Incident Reporting
Guidelines for Payment Service
Providers [PSPs]
● Risk Assessment
● Protection
○ Data and Systems
Integrity &
Confidentiality
○ Access Control
● Detection
GL on Security Measures
API Management Checklist for PSD2 Compliance
Implement API
● Integration points with core-banking
system
Design & Manage API
● Design and manage capabilities of an API
● Interactive documentation support
● Analytics on API usage , API availability &
performance measures
● API Security
API Governance
● API lifecycle management
● API versioning
Consume API
● Third Party Provider (TPP) registration
● Secured API access by TPP
● Business insights on usage
● Notifications for TPPs
WSO2 Open Banking provides all the technology requirements that Banks need to create an “Open Banking” platform to
be PSD2 compliant and as a result become a Digitally Transformed Bank.
API Specification
○ API Definitions○
WSO2 Open Banking
Customer
TPP (AISP/PISP)
FinTech
Merchants
Core Banking
Internal Payment Services
Bank Internal NetworkISO 8583 (TCP/IP)
HTTP
HTTPS
Other Banks
HTTPS
WSO2 Open Banking - API Management Capabilities
● API Specifications
Predefined API templates for :
○ Open Banking UK specification
○ STET API specification
○ Berlin Group NextGenPSD2
Or
○ Any custom API specification
WSO2 Open Banking - API Management Capabilities
● Support for Different API Types○ Private APIs - Within the bank
○ Partner APIs - Establish with the bank and a specific TPP
○ Open APIs - Open APIs to all trusted TPPs
● API Lifecycle Management
● API Security - OAuth2
● Define API Policies - Throttling ,Access Control, Transport, API
resources
● Trigger alerts based on abnormal TPP usage, API health , backend
core banking system issues
WSO2 Open Banking - API Management Capabilities● TPP Accessible Developer Portal
○ TPP Onboarding
○ Explore APIs
○ Consume APIs with swagger
○ Provide access to sandbox and production API environments
● Integration points with core banking systems and other internal
banking services○ Supports different message protocols [ HTTP, TCP] , message types [REST/JSON]
and message formats [ISO 8583, ISO 20022]
● API Monetization to create various revenue models
● API Analytics & Business Insights with dashboards
WSO2 Open Banking Offerings for TPPs
● Onboarding Process
● Establish Secure Communication
● Explore and try out bank APIs
● Setting up sandbox testing
● Setting up production
● Acknowledge new API versions
● Business Insights
Login & Add Bank
Login Page
2 Factor Authentication
Customer Consent
Initiationaccount info
1
2
3
4
302
5Token 6
Get Accounts Information
AISP
Account Initiation -Process Flow
Payment Initiation -Process Flow
Credits to Dinosoft Labs from Noun Project
Checkout Item
Login Page
2 Factor Authentication
Customer Consent
Initiationpayment info
1
2
3
4
PISP
302
5Token 6
Payment Complete
7
Settlement
WSO2 Open Banking
● API Manager
● API Security + SCA
● API Analytics
● API Monetization
PSD2 Compliance
● API Integration
● Federated Authentication
● Fraud Detection
● API Analytics
● Dashboards
TPP Provider
● Web/Mobile App Suite
● Insight Sales
● Required Integration
Digital
Transformation
Resources
More Information - http://wso2.com/solutions/financial/open-banking/
Try out WSO2 Open Banking - https://openbanking.wso2.com
On Demand Webinars -
https://wso2.com/library/webinars/2017/09/open-banking-moving-banks-beyond-the-norm/
http://wso2.com/library/webinars/2017/08/wso2-open-banking-digital-transformation-through-
psd2/
Open Banking Whitepaper -
http://wso2.com/whitepapers/digital-transformation-through-psd2-and-open-banking/