WSO2 Open Banking completed its second anniversary on the 3rd of August. Since its inception, WSO2 Open Banking has set out to do three things: 1) Provide technical efficiency for banks who need to comply with PSD2 and Open Banking, 2) Stay relevant in the wake of the constant changes in the open banking world, and 3) Contribute to the global open banking movement. The latest release of WSO2 Open Banking ticks all three check boxes. This blog discusses each of the above mentioned points and how WSO2 Open Banking helps in more detail.
Support for Global Open Banking Standards
Open Banking API standards have revolutionized how effective API programs can be built for open banking. Open Banking UK API Standard and the NEXTGEN PSD2 API Standard (created by the Berlin Group) are two of the most commonly used standards. The Open Banking UK API standard is globally recognized, with countries like Australia and even some parts of Asia using it as the starting point to build their own specifications.
These API standards release a new version about every 6-8 months. A key priority of WSO2 Open Banking’s roadmap is to stay in line with these API Standards. Why? To help banks using WSO2 Open Banking to easily migrate to the updated versions, without having to spend cycles on implementing version updates themselves. But the benefit is not just for existing customers. Any bank who is looking at using WSO2 has the assurance that the solution’s technical capabilities are in sync with the regulatory demands.
Here are some of the improvements that have come about with this release:
- Support for the UK v3.1.1 read-write API standard which mandates how Accounts, Payments, and Confirmation of Funds requests are handled.
- Support for Dynamic Client Registration (DCR) v3.2 - To mandate the mechanism where a Third Party Provider (TPP) client should be able to register with the Account Servicing Payment Service Provider (ASPSP) using DCR.
- Authorization endpoint support for Berlin API v1.3 NEXTGEN PSD2 API.
- Transaction Risk Analysis (TRA) to help identify the right conditions to implement strong customer authentication (SCA.)
Meeting the September Deadline for Regulatory Technical Standards (RTS)
By September 14 of this year, all banks in Europe and the UK are expected to have several security measures in place to ensure that customers get to enjoy the benefits of open banking with no security compromises. Having basic identity and access management capabilities do not make the cut for PSD2 compliance and Open Banking. This is one of the key reasons why WSO2 Open Banking has always focused heavily on augmented security capabilities such as strong customer authentication and comprehensive consent management.
As such, this release supports:
- Electronic Identification, Authentication, and Trust Services (eIDAS) to ensure secure electronic transactions.
- SCA for electronic payment transactions.
- Rule-based fraud detection and dashboards for monitoring fraudulent transactions.
Giving Developers the Experiences They Deserve
Much of the interaction between WSO2 Open Banking and a bank’s technical infrastructure is facilitated by the bank's development team. The following feature implementations will allow a bank’s development team with greater flexibility and creativity when working with WSO2 Open Banking. Some of the developments include:
- Externally deployable authentication endpoint to allow banks to deploy the authentication endpoint in a separate environment.
- Extendable consent retrieval and consent persist steps to help banks to conduct their own customizations to the flow seamlessly and elimination duplicated efforts.
- Transaction Risk Analysis (TRA) implementation has been moved to Open Banking Business Intelligence to help developers easily track and monitor TRA patterns.
More information on the technical capabilities can be found in this blog. If you are interested in getting an even deeper understanding of these features, do register for our webinar.
If you are interested in getting WSO2 involved with your open banking or PSD2 compliance projects, do reach out via our web page. We would love to be a part of your journey.