OP's PSD2 APIs up and running in production
PSD2 - what’s all the fuss about? How can developers, FinTechs and other companies take advantage of the regulation? Read a quick recap about the hottest initialism in the financial industry.
Promoting innovation in Europe
September 14, 2019, is a date that’s been on the lips of many in the financial industry for a good while now. That’s when the so called PSD2 (the Second Payment Services Directive) regulation enters fully into force in EU and the transition period is over. But what exactly does PSD2 regulate?
At its core, PSD2 is about strengthening consumer rights and security: from September 14th, electronic payments (with a few exceptions) require strong customer authentication. Other noteworthy improvements include a ban on extra fees for using Visa or Mastercard and a decreased consumer liability for card abuse, from 150 to 50 euros in the case of minor or ordinary negligence.
Alongside consumer rights, PSD2 is aimed at promoting innovation and competition in the banking sector. All banks must provide Third-Party Providers (TPPs) a method for accessing transaction and account data, as well as for initiating payments on behalf of consumers.
These TPPs are called Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP). They will be able to offer completely new kinds of services to consumers, such as aggregating consumer’s account information from different banks into one single application. Naturally, a TPP always needs to acquire appropriate licenses and the customer’s consent before getting access to anyone’s data.
To meet the requirements of the regulation, OP provides three PSD2 API Products: Payment Initiation Service (PIS), Account Information Service (AIS) and Confirmation of Funds service (CoF). The sandbox environment is available free of charge to all developers. Production access requires valid licenses as well as appropriate eIDAS certificates. You can read more about the requirements and instructions at the end of this article.
PSD2 is shifting mindsets in banking
Of all the changes brought about by PSD2, allowing access to transaction and payments is likely to impact the industry the most. Even if we don’t immediately see dozens of new banking applications, the regulation has ushered in a new way of thinking: the world of financial services is transforming into a platform economy at a new pace.
Traditionally, banking has had high barriers to entry, and a few giant corporates have dominated the industry. PSD2, together with other recent regulation and legislation, has forced banks to rethink their business models and assess how and with whom to collaborate to provide increased value to customers in a transforming market.
OP sees open banking as a great opportunity to boost our innovation by collaborating with third-party developers. This will result in a win-win-win situation. Firstly, consumers get new, innovative services. Second, our partners benefit from accessing our vast customer base and our diversified offering of API Products that open new business opportunities. Finally, we at OP will be able to secure our place in the digital ecosystems of the future, while providing better services for our customers.
For all of these reasons, our API offering goes beyond the scope of PSD2 regulation. You can browse all our API Products on our Docs page – and the list keeps growing: we released our first premium API, Accounts V3.0, in February 2019, and we followed up with sandbox releases for Corporate Accounts and Corporate Payments in June 2019.
Enough talk – How can I get started?
Want to get your hands on our PSD2 APIs and try them for yourself? Follow these step-by-step instructions to access the sandbox environment:
- Sign up at OP Developer and create a new sandbox application with the PSD2 APIs of your choice.
- Get certificates. In case you don’t have valid eIDAS certificates yet at this point, you can use our TPP certificate generation API, which is enough in our sandbox environment.
- Finally, register as a TPP and you’re good to go.
Once you’re done with testing, you may want to move on to production. You don’t need to create a new developer application, as when testing the APIs in sandbox.
- First, apply for an AISP/PISP license at your national financial authority (e.g. FIN-FSA in Finland).
- Get QWAC and QSEAL certificates from a trust service provider.
- When you have the necessary licenses and certificates, send us an email at email@example.com, and we will take you from there.
To make your work easier, we have created tons of resources for you. Firstly, we offer detailed workflows for each of the three PSD2 APIs: Payment Initiation Service, Account Initiation Service and Confirmation of Funds service. We also provide a TPP Demo App that guides you through the deployment of the PSD2 APIs. The source code is available on GitHub. And finally, there’s a command line app for TPP registration which we highly recommend using, as it will help you with your app integration.
In case you need any support, don’t hesitate to contact us at firstname.lastname@example.org. Happy developing!