Open banking glossary | TrueLayer

Open banking glossary

Open banking concepts

Account verification
The process of ensuring that only the authorised bank account owner can permit account access. This is vital for preventing fraud. TrueLayer simplifies this process with a verification layer that links to its Data API.
AIS agents
This is a model offered by some open banking providers like TrueLayer. Under our agent model, a company can be classed as an ‘agent’ for TrueLayer, meaning that the company can provide account information services on behalf of TrueLayer, without being regulated itself. This makes it easier – and faster – for companies to get up and running with open banking. It doesn’t affect the rights of the consumer or the security of open banking.
API
Application programming interface, a way of connecting two software systems together, such as a bank’s account database and a Third Party Provider’s app.
Authentication
The process where a consumer provides online banking credentials to their bank in order to create a secure connection between their bank and a third party provider.
Re-authentication
Open Banking rules in the UK and EU currently states that Third Party Providers (TPPs) must re-authenticate to their bank the user’s consent periodically, a minimum or every 90-days to maintain the connection between their bank and third party provider.
Consent
To use apps and services that are based on open banking, you need to give your trusted providers explicit consent to access your account information or make payments on your behalf.
Conversion (of open banking payments)
The proportion of online purchases that are completed when open banking is the chosen payment method. Conversion rates can be measured from different start and end points, but payment conversion for open banking is often higher than payment methods like cards.
Data aggregation
The process of collecting data from a number of sources and combining it. In the context of open banking, a digital banking app, like Revolut for example, may collect information from a customer’s multiple bank accounts and present that information in a single dashboard. This helps the customer to understand their finances better, budget effectively and save money.
Open banking
Providing secure, limited, authorised access to consumer and business bank accounts to trusted companies, so that those companies can provide new, useful services to customers.
Open banking payments / open payments
The use of open banking to make fast, secure, easy payments directly from one bank account to another.
Open finance
Open finance takes the concept of open banking further. It means providing secure, limited, authorised access to a wider range of your financial data and finance accounts, for example savings, pensions, mortgages and investments. This is for the same purposes as open banking – so that trusted companies can provide new, useful services to you.
Payment success
The completion of a payment / transfer of funds. Card payments have lower payment success rates than payments made by open banking. This is because users make mistakes while inputting details, fraud checks can be overzealous, payments are subject to spending limits and cards can expire or get cancelled. With open banking, payments are authenticated directly with the bank and funds are pushed from the consumer account straight to the merchant account, leading to higher payment success rates (95%+).
Personal Finance Management (PFM)
A type of tool or app that gives consumers more control over their personal finance, including spending, savings and investments. Potential benefits include helping consumers to save money, grow their investments and manage their finances
Sweeping
Sweeping enables the transferring of money between two accounts belonging to the same person. They are also referred to as ‘me-to-me’ payments. As part of the CMA’s requirement for the nine biggest UK banks to build variable recurring payment (VRP) APIs, open banking will be able to support sweeping by January 2022.
Transaction / purchase categorisation
Using machine learning to automatically classify bank account transactions into groups. For example: utilities, work expenses, travel or groceries. This can save time, effort and money for small businesses and their accountants, as it automates the process of identifying tax-deductible expenses.
Variable recurring payments (VRPs)
Variable recurring payments (VRPs) are an additional Open Banking API that the CMA has required the nine biggest UK banks to build by January 2022. With VRPs come functionality that enables third party providers (TPPs) like TrueLayer, to initiate a series of payments for a customer at variable amounts and intervals with the customers permission. The customer will agree the payment parameters with the TPP, and authenticate the payment mandate with their bank upfront. From then on, payments will be initiated without the customer having to take any action.

Regulatory terms

AIS
Account Information Services is the name of the Open Banking service which gives regulated providers access to a customer’s bank account data, for the provision of services to that customer (and only with that customer’s permission).
AISP
Account Information Service Provider, a company regulated by the FCA to provide account information services.
AML
Anti-Money Laundering, a legal requirement for any organisation offering financial or banking services.
ASPSP
Account Servicing Payment Service Provider, including banks and other payment service providers that are required to enable customers to access their data and initiate payments via third parties.
GDPR
The General Data Protection Regulation, an EU data protection and privacy directive that safeguards users’ data. All companies processing EU citizens’ data must adhere to this.
KYC
Know Your Customer/Client, the process of verifying the ID of an account owner or customer. This is a legal requirement as part of AML legislation, and must be carried out whenever an account is opened and at certain other times.
PSD2
The Revised Payment Services Directive is an EU law that paved the way for open banking. It gives customers the right to access their payment accounts via third party providers. In the UK it was implemented in law as the Payment Services Regulations.
PIS
Payment Initiation Services is the name of the Open Banking service which gives regulated providers authorised access to a customer’s bank account for making payments out of that account on the customer’s behalf (and only with that customer’s consent).
PISP
Payment Initiation Service Provider, a company regulated by the FCA to carry out PIS operations.
SCA
Strong Customer Authentication, a security requirement introduced to cut down on payment fraud online. It requires that all payments where the payer is not present, must go through an authentication process that proves the payer is who they say they are and is authorised to use the account in question. This process must confirm two of the three criteria: something only the user knows (eg a password), something only the user possesses (eg their phone via their mobile phone number) and something the user is or has (eg via touch or face ID).
TPPs
Third Party Providers, is the collective name for account information and payment initiation service providers that are authorised by the FCA.
TSPs
Technical Service Providers, companies that work with TPPs to deliver open banking services or products.

Open banking protocols and standards

Open Banking
The UK's Open Banking standards, developed by the Open Banking Implementation Entity (OBIE).
PolishAPI protocols
The open banking standard for Polish banks, created by the Polish Bank association and based on PSD2.
STET
An API and set of open banking standards commonly used in Europe to comply with the PSD2 regulations (the European equivalent of Open Banking).
XS2A
Short for Access to Account, the process of giving Third Party Providers authorised access to a bank customer’s account, usually via an API.

Organisations

CMA
The UK’s Competition and Markets Authority, part of whose role is to encourage increased competition in order to improve choice, service and pricing for UK consumers.
EBA
The European Banking Authority which oversees and regulates banking in the EU.
FCA
The Financial Conduct Authority is the conduct regulator for financial services firms and financial markets in the UK and the prudential supervisor for firms. The FCA authorises, supervises and monitors Open Banking providers in the UK.
OBIE
The Open Banking Implementation Entity, a UK company set up by the CMA to develop an open banking standard in the UK.

Technical terms in open banking

API uptime
The percentage of time during which an API is available. 99.999% uptime (“five nines”) is considered the gold standard.
App 2 App / App-to-App authentication
A mechanism that allows open banking enabled services, to offer a much simpler and faster authentication flow to users, via their mobile device.
Consent flows
The online journey/flow that a user goes on in order to give consent to a Third Party Provider to access their account information or make payments on their behalf, via open banking. There are three types of consent flow in the UK & Europe:
Redirect
This is the most common. The end user is redirected to the bank’s own interface to complete the flow, either via App 2 App or through the bank’s website.
Decoupled
The user is sent to an app outside of the web flow to authenticate. This can be the bank's own app or a third party authentication service.
Embedded
Here the authentication flow is presented within the TPP journey.
oAuth 2.0
The industry-standard protocol for authorisation. OAuth 2.0 focuses on client developer simplicity while providing specific authorisation flows for web applications, desktop applications, mobile phones, and living room devices.
Refresh and Access tokens
Access tokens
These carry the necessary information to access a resource directly. In other words, when a client passes an access token to a server managing a resource, that server can use the information contained in the token to decide whether the client is authorised or not. Access tokens usually have an expiration date and are short-lived.
Refresh tokens
These carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived. Refresh tokens are usually subject to strict storage requirements to ensure they are not leaked. They can also be blacklisted by the authorisation server. Basically, they are a long-lived code used to obtain a new access_token.
Sandbox
A testing environment in which new fintech apps and services can be developed and tested without causing disruption to ‘live’ bank accounts.

TrueLayer products and features

Auth journey analytics
A way of tracking the authentication journey using TrueLayer’s Auth Analytics API. This helps improve conversion by understanding how far through the authentication journey a user has progressed.
Data API
An API provided by TrueLayer that permits companies to access authorised account data in a standardised way, from any participating bank.
Merchant Dashboard
A TrueLayer tool that allows clients to view reports about their ingoing and outgoing payments, for internal monitoring or reporting purposes.
Payments API
An open banking API provided by TrueLayer that permits companies to make authorised payments from their customers’ bank accounts.
Payouts
Instant, secure payments made from a merchant to a user’s bank account. Open banking is a one-way rail and does not permit Third Party Providers to make instant payouts or refunds. TrueLayer has built on top of open banking to provide payouts for its customers.
PayDirect
TrueLayer payments product which combines one-click registration with instant payments and withdrawals – all within your app.

Stay up to date on open finance

Get open finance insights straight to your inbox, every month.

Contents