Open Banking Flow: A Guide for Businesses

Open banking is a new framework that has revolutionised the financial industry. In open banking, traditional banks share financial data with third-party fintech companies, provided consumers have consented to this. This allows fintech firms to create better and more personalised products.

To date, open banking has resulted in numerous innovative solutions, from budgeting and investing apps to more efficient payment systems. Yet what is the open banking flow, and how can businesses implement it to streamline their payments?

What is Open Banking Flow?

Open banking flow is a series of steps to complete an open banking journey. These steps would depend on the open banking legislation and the consequent procedures in place. Typically, a flow would involve these steps:

1. Initiation: A user initiates an open banking journey within a third-party application.
2. Consent: A user has to consent to the sharing of their information. This is an essential step in the open banking process.
3. Bank Connection: The second step involves the user choosing the financial institution they want to share their data from. For example, in a budgeting app, users would choose what bank accounts they want to connect. This is done via open banking.
4. Authentication: The user would need to authenticate their bank account. In other words, they’d need to verify that they are who they say they are. This can be done via a password, phone message, or biometrics.

Open Banking Flow in Europe & PSD2

In Europe, PSD2 mandates open banking. PSD2 is a groundbreaking regulation that requires banks to share data with third-party providers (TPPs), putting a legal framework to the principle of open banking. Enacted by the European Commission in 2018, PSD2 marked the beginning of a new e­ra in the realm of finance.

PSD2 brought about a plethora of open banking actors, all of them active participants in the open banking flow.

• TPP: Third Party Providers (TPPs) are licensed fintech companies that access financial data from banks.
• PISP: Payment Initiation Service Providers (PISP) are TPPs that are licensed to initiate payments on behalf of clients. Think of payment processors, such as Noda.
• AISP: Account Information Service Providers (AISP) are TPPs that are licensed to aggregate information from different accounts. For example, budgeting apps that connect multiple accounts in a single platform fall into this category.
• ASPSP: Account Servicing Payment Service Provider (ASPSP) is a financial institution, such as a traditional bank, that offers a payment account. ASPSPs share data with TPPs under customer consent.
• PSU: A Payment Service User (PSU) is a legal individual who uses the payment services of TPPs to view, send or receive money. PSUs are the customers within the open banking ecosystem.

Banks (or ASPSPs) share data via application programming interfaces (APIs). APIs are sets of defined rules that enable entities to communicate with each other. In essence, they act as a software bridge to transmit data to fintechs (or TPPs) securely.

PISP vs AISP

As there are two types of licensed fintech under PSD2, the open banking flow would vary depending on the TPP involved.

PISPs can access read-only financial data shared by traditional banks with consumer consent and authorise payments without the need for users to insert card details. PISP services are often used by merchants who want to streamline their online payments.

Meanwhile, AISPs are authorised to view customer data, such as bank account information, but don’t have the payment initiation functionality.

Therefore, with PISP, the last step of the open banking payment flow would involve authorising a payment. Meanwhile, with AISPs, the final step of the flow would be connecting bank accounts to a platform.

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a cybersecurity measure legally required under the European PSD2. It mandates online and contactless payments to follow multi-factor authentication.

By following multi-factor authentication, users must implement at least two of the following three verification factors:

• Knowledge: This could be something a user knows, like a password or an answer to a security question.
• Possession: This includes their devices like a laptop or a mobile phone.
• Inherence: This is something a user has inherently, like their fingerprint or facial features.

SCA, therefore, is an essential step in the open banking flow in Europe. SCA is required for users to allow PISPs to authorise payments on customers’ behalf.

Future of Open Banking Flow in Europe

The upcoming regulation will define the future of the open banking flow in Europe.  In June 2023, the European Commission published the draft proposal of a Payment Services Regulation (PSR1) and the third Payment Services Directive (PSD3), the updated version of PSD2.

The key area of improvement is SCA within the open banking flow. According to the commission, new types of fraud emerged for which SCA has been insufficient for. For example, the so-called spoofing or impersonation fraud. It happens when scammers pretend to be someone else to access their accounts.

The new amendments extend SCA regulations and employ stricter rules on access to payment systems and account information. The SCA user flow is being simplified, too, with shorter authentication routes and fewer payment restrictions. The proposals will be finalised in late 2024.

Open Banking Flow in the UK

Another example of an open banking flow comes from the UK. The UK is no longer part of the European Union, yet it still follows a localised PSD2 regulation adopted before Brexit. Hence, the steps would look similar to those of the European open banking ecosystem.

1. Initiation: The flow is triggered by the user, who initiates the request within the application.
2. Connection: The application connects to the bank.
3. Consent: The user provides consent to share their data.
4. Authentication: The user verifies their identity for data access.

How to Implement Open Banking

Open banking has numerous benefits, from more efficient payments to innovative products. Businesses can take advantage of open banking by using a trusted provider like Noda. Our all-in-one platform prioritises customer understanding, efficient operations, and growth.

Noda is a worldwide payment and open banking provider for seamless business transactions. From payment facilitation to financial analytics for businesses, Noda has got you covered. Our platform uses cutting-edge AI and machine-learning technologies. Your payments are our priority.