getting your api management strategy on point for psd2 compliance
TRANSCRIPT
WSO2 Open BankingGetting your API Management Strategy on Point for PSD2
Compliance
Lalaji SureshikaTechnical Lead, Financial Solutions
Agenda
● Recap on PSD2
● EBA Mandated Requirements for API Management in a Compliance
Solution
● An API Management Checklist for PSD2 Compliance
● API Management Capabilities of WSO2 Open Banking
● Demo
Payment Services Directive 2 EU Directive that applies to all Banks operating in the EU that regulates payment services throughout the EU, with a compliance deadline of January 2018
What does PSD2 change?
Bank A
Bank B
Bank C
Merchant
TPP(PISP/AISP)
PSD2
Bank A
Bank B
Bank C
Merchant
XS2A - Access to Account
Now Now
EBA Mandated PSD2 Requirements
● Article 27 -
Communication Interface
● Article 28 - Obligations for
dedicated interface
● Article 29 - Certificates
● Article 30 - Security of
communication session
● Article 31 -Data
exchanges
RTS SCA
Assess and notify operational &
security incidents based on ;
● Transactions Affected
● Service Downtime
● Payment Service Users
Affected
● Economic Impact
● Other payment services
affected
more..
GL on Incident Reporting
Guidelines for Payment Service
Providers [PSPs]
● Risk Assessment
● Protection
○ Data and Systems
Integrity &
Confidentiality
○ Access Control
● Detection
GL on Security Measures
API Management Checklist for PSD2 Compliance
Implement API
● Integration points with core-banking
system
Design & Manage API
● Design and manage capabilities of an API
● Interactive documentation support
● Analytics on API usage , API availability &
performance measures
● API Security
API Governance
● API lifecycle management
● API versioning
Consume API
● Third Party Provider (TPP) registration
● Secured API access by TPP
● Business insights on usage
● Notifications for TPPs
WSO2 Open Banking provides all the technology requirements that Banks need to create an “Open Banking” platform to
be PSD2 compliant and as a result become a Digitally Transformed Bank.
API Specification
○ API Definitions○
WSO2 Open Banking
Customer
TPP (AISP/PISP)
FinTech
Merchants
Core Banking
Internal Payment Services
Bank Internal NetworkISO 8583 (TCP/IP)
HTTP
HTTPS
Other Banks
HTTPS
WSO2 Open Banking - API Management Capabilities
● API Specifications
Predefined API templates for :
○ Open Banking UK specification
○ STET API specification
○ Berlin Group NextGenPSD2
Or
○ Any custom API specification
WSO2 Open Banking - API Management Capabilities
● Support for Different API Types○ Private APIs - Within the bank
○ Partner APIs - Establish with the bank and a specific TPP
○ Open APIs - Open APIs to all trusted TPPs
● API Lifecycle Management
● API Security - OAuth2
● Define API Policies - Throttling ,Access Control, Transport, API
resources
● Trigger alerts based on abnormal TPP usage, API health , backend
core banking system issues
WSO2 Open Banking - API Management Capabilities● TPP Accessible Developer Portal
○ TPP Onboarding
○ Explore APIs
○ Consume APIs with swagger
○ Provide access to sandbox and production API environments
● Integration points with core banking systems and other internal
banking services○ Supports different message protocols [ HTTP, TCP] , message types [REST/JSON]
and message formats [ISO 8583, ISO 20022]
● API Monetization to create various revenue models
● API Analytics & Business Insights with dashboards
WSO2 Open Banking Offerings for TPPs
● Onboarding Process
● Establish Secure Communication
● Explore and try out bank APIs
● Setting up sandbox testing
● Setting up production
● Acknowledge new API versions
● Business Insights
Demo
Login & Add Bank
Login Page
2 Factor Authentication
Customer Consent
Initiationaccount info
1
2
3
4
302
5Token 6
Get Accounts Information
AISP
Account Initiation -Process Flow
Payment Initiation -Process Flow
Credits to Dinosoft Labs from Noun Project
Checkout Item
Login Page
2 Factor Authentication
Customer Consent
Initiationpayment info
1
2
3
4
PISP
302
5Token 6
Payment Complete
7
Settlement
WSO2 Open Banking
● API Manager
● API Security + SCA
● API Analytics
● API Monetization
PSD2 Compliance
● API Integration
● Federated Authentication
● Fraud Detection
● API Analytics
● Dashboards
TPP Provider
● Web/Mobile App Suite
● Insight Sales
● Required Integration
Digital
Transformation
Resources
More Information - http://wso2.com/solutions/financial/open-banking/
Try out WSO2 Open Banking - https://openbanking.wso2.com
On Demand Webinars -
https://wso2.com/library/webinars/2017/09/open-banking-moving-banks-beyond-the-norm/
http://wso2.com/library/webinars/2017/08/wso2-open-banking-digital-transformation-through-
psd2/
Open Banking Whitepaper -
http://wso2.com/whitepapers/digital-transformation-through-psd2-and-open-banking/
Thank You!