OPEN BANKING RESOURCES

Overview

Regulatory & Market map

A clear view of initiatives that can be of support in the PSD2 journey.

The Access to Account lifecycle

The access to account lifecyle has five stages: registration and passporting, eIDAS certificates, setup, interfaces and Sca, revocation and disputes. We have analysed what is behind each of them compiling documents from different resources.

Infographic on TPPs

Some figures on TPPs in EU



Registration & Passporting

National Registers

The list of all national registers in one place.

Guide: Registration & Passporting

This guide summarises the terminology and processes set out in the revised Payment Services Directive (PSD2) that are required to enable regulated entities (Payment Service Providers) to provide payment services, including Access to Account (XS2A), across Europe.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here

Understanding the Rights of Credit Institutions

This document aims to clarify the understanding of the rights of Credit Institutions regarding Access to Accounts, given that National registers do not explicitly list the same information as for Payment Institutions.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here

NCA Data for QTSPs

The aim of this document is to provide QTSPs with details of how to confirm the data of PSP that request a certificate.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here


QTSPs & eIDAS

QTSPs and eIDAS

Qualified certificates are issued by QTSPs. Here you will find a list of QTSPs who are offering PSD2 certificates and more info on the certificate standards, requirements and timeline developed by ETSI as well as the official list of QTSPs in the EU.

eIDAS Qualified Certificates FAQ

The eIDAS Qualified Certificates Frequently Asked Questions (FAQ) document provides the answers to common questions about the use of Qualified certificates to support secure communications between payment services under PSD2 and their related Regulatory Technical Standards (RTS).

QTSPs offering eIDAS certificates

This document contains a list of QTSPs who are offering PSD2 certificates and are part of the OBE QTSPs Engagement group.

Guide: Understanding Internet Security & eIDAS Certificates

This guide focuses on the standardisation of Electronic Identification, Authentication & Trust Services Regulation (eIDAS) Qualified Certificates for PSD2.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here

Trust Anchors vs Commercial Root Certificates

This content has been restricted to authorized users only.
You don't have an account. Sign-up here


Security & Identity

Guide: TPP User-Management

This guide summarises the considerations and processes that are necessary to enable Account Servicing Payment Services Providers (ASPSPs) to provide secure and controlled Access to Accounts (XS2A) Services to those Third Party Providers (TPPs) who want to offer the new Payment Services available in Europe under PSD2. It focuses on Internet Security, Controlled Access and TPP Onboarding.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here

Security and Identification Standards for APIs & Communications

The “Identification and Security” model comprises five key elements or choices that ASPSPs can make when developing PSD2 APIs, leading to multiple combinations of implementation. This document describes the five key choices with reference to eIDAS certificates.

API Communities Survey on Communication Security Practices

This content has been restricted to authorized users only.
You don't have an account. Sign-up here

JSON Web Signature Profile Factsheet

JSON Web Signature Profile for Open Banking [Stable Draft]



Interfaces

API Functions Dictionary [DRAFT]

This document provides a dictionary of the common functions that have been identified by Open Banking Europe, from their analysis of the APIs being implemented by banks across Europe to provide TPPs with technical access to their customer accounts as part of PSD2.

This content has been restricted to authorized users only.
You don't have an account. Sign-up here


Other Resources

20200604 EBA Opinion on Obstacles Under Article 32(3) of the RTS on SCA and CSC

20200608 ETPPA Welcomes EBA’s Recognition of Obstacles

OBE Notes on the EBA Obstacles to PSD2