Getting your API Management Strategy on Point for PSD2 Compliance

WSO2 Open BankingGetting your API Management Strategy on Point for PSD2

Compliance

Lalaji SureshikaTechnical Lead, Financial Solutions

Agenda

● Recap on PSD2

● EBA Mandated Requirements for API Management in a Compliance

Solution

● An API Management Checklist for PSD2 Compliance

● API Management Capabilities of WSO2 Open Banking

● Demo

Payment Services Directive 2 EU Directive that applies to all Banks operating in the EU that regulates payment services throughout the EU, with a compliance deadline of January 2018

What does PSD2 change?

Bank A

Bank B

Bank C

Merchant

TPP(PISP/AISP)

PSD2

Bank A

Bank B

Bank C

Merchant

XS2A - Access to Account

Now Now

EBA Mandated PSD2 Requirements

● Article 27 -

Communication Interface

● Article 28 - Obligations for

dedicated interface

● Article 29 - Certificates

● Article 30 - Security of

communication session

● Article 31 -Data

exchanges

RTS SCA

Assess and notify operational &

security incidents based on ;

● Transactions Affected

● Service Downtime

● Payment Service Users

Affected

● Economic Impact

● Other payment services

affected

more..

GL on Incident Reporting

Guidelines for Payment Service

Providers [PSPs]

● Risk Assessment

● Protection

○ Data and Systems

Integrity &

Confidentiality

○ Access Control

● Detection

GL on Security Measures

API Management Checklist for PSD2 Compliance

Implement API

● Integration points with core-banking

system

Design & Manage API

● Design and manage capabilities of an API

● Interactive documentation support

● Analytics on API usage , API availability &

performance measures

● API Security

API Governance

● API lifecycle management

● API versioning

Consume API

● Third Party Provider (TPP) registration

● Secured API access by TPP

● Business insights on usage

● Notifications for TPPs

WSO2 Open Banking provides all the technology requirements that Banks need to create an “Open Banking” platform to

be PSD2 compliant and as a result become a Digitally Transformed Bank.

API Specification

○ API Definitions○

WSO2 Open Banking

Customer

TPP (AISP/PISP)

FinTech

Merchants

Core Banking

Internal Payment Services

Bank Internal NetworkISO 8583 (TCP/IP)

HTTP

HTTPS

Other Banks

HTTPS

WSO2 Open Banking - API Management Capabilities

● API Specifications

Predefined API templates for :

○ Open Banking UK specification

○ STET API specification

○ Berlin Group NextGenPSD2

Or

○ Any custom API specification

WSO2 Open Banking - API Management Capabilities

● Support for Different API Types○ Private APIs - Within the bank

○ Partner APIs - Establish with the bank and a specific TPP

○ Open APIs - Open APIs to all trusted TPPs

● API Lifecycle Management

● API Security - OAuth2

● Define API Policies - Throttling ,Access Control, Transport, API

resources

● Trigger alerts based on abnormal TPP usage, API health , backend

core banking system issues

WSO2 Open Banking - API Management Capabilities● TPP Accessible Developer Portal

○ TPP Onboarding

○ Explore APIs

○ Consume APIs with swagger

○ Provide access to sandbox and production API environments

● Integration points with core banking systems and other internal

banking services○ Supports different message protocols [ HTTP, TCP] , message types [REST/JSON]

and message formats [ISO 8583, ISO 20022]

● API Monetization to create various revenue models

● API Analytics & Business Insights with dashboards

WSO2 Open Banking Offerings for TPPs

● Onboarding Process

● Establish Secure Communication

● Explore and try out bank APIs

● Setting up sandbox testing

● Setting up production

● Acknowledge new API versions

● Business Insights

Demo

Login & Add Bank

Login Page

2 Factor Authentication

Customer Consent

Initiationaccount info

1

2

3

4

302

5Token 6

Get Accounts Information

AISP

Account Initiation -Process Flow

Payment Initiation -Process Flow

Credits to Dinosoft Labs from Noun Project

Checkout Item

Login Page

2 Factor Authentication

Customer Consent

Initiationpayment info

1

2

3

4

PISP

302

5Token 6

Payment Complete

7

Settlement

WSO2 Open Banking

● API Manager

● API Security + SCA

● API Analytics

● API Monetization

PSD2 Compliance

● API Integration

● Federated Authentication

● Fraud Detection

● API Analytics

● Dashboards

TPP Provider

● Web/Mobile App Suite

● Insight Sales

● Required Integration

Digital

Transformation

Resources

More Information - http://wso2.com/solutions/financial/open-banking/

Try out WSO2 Open Banking - https://openbanking.wso2.com

On Demand Webinars -

https://wso2.com/library/webinars/2017/09/open-banking-moving-banks-beyond-the-norm/

http://wso2.com/library/webinars/2017/08/wso2-open-banking-digital-transformation-through-

psd2/

Open Banking Whitepaper -

http://wso2.com/whitepapers/digital-transformation-through-psd2-and-open-banking/

Thank You!