All posts by Kushlani De Silva

WSO2 Open Banking: Reaching Many Milestones in August 2019

WSO2 Open Banking completed its second anniversary on the 3rd of August. Since its inception, WSO2 Open Banking has set out to do three things: 1) Provide technical efficiency for banks who need to comply with PSD2 and Open Banking, 2) Stay relevant in the wake of the constant changes in the open banking world, and 3) Contribute to the global open banking movement. The latest release of WSO2 Open Banking ticks all three check boxes. This blog discusses each of the above mentioned points and how WSO2 Open Banking helps in more detail.

Support for Global Open Banking Standards

Open Banking API standards have revolutionized how effective API programs can be built for open banking. Open Banking UK API Standard and the NEXTGEN PSD2 API Standard (created by the Berlin Group) are two of the most commonly used standards. The Open Banking UK API standard is globally recognized, with countries like Australia and even some parts of Asia using it as the starting point to build their own specifications.

These API standards release a new version about every 6-8 months. A key priority of WSO2 Open Banking’s roadmap is to stay in line with these API Standards. Why? To help banks using WSO2 Open Banking to easily migrate to the updated versions, without having to spend cycles on implementing version updates themselves. But the benefit is not just for existing customers. Any bank who is looking at using WSO2 has the assurance that the solution’s technical capabilities are in sync with the regulatory demands.

Here are some of the improvements that have come about with this release:

  • Support for the UK v3.1.1 read-write API standard which mandates how Accounts, Payments, and Confirmation of Funds requests are handled.
  • Support for Dynamic Client Registration (DCR) v3.2 – To mandate the mechanism where a Third Party Provider (TPP) client should be able to register with the Account Servicing Payment Service Provider (ASPSP) using DCR.
  • Authorization endpoint support for Berlin API v1.3 NEXTGEN PSD2 API.
  • Transaction Risk Analysis (TRA) to help identify the right conditions to implement strong customer authentication (SCA.)

Meeting the September Deadline for Regulatory Technical Standards (RTS)

By September 14 of this year, all banks in Europe and the UK are expected to have several security measures in place to ensure that customers get to enjoy the benefits of open banking with no security compromises. Having basic identity and access management capabilities do not make the cut for PSD2 compliance and Open Banking. This is one of the key reasons why WSO2 Open Banking has always focused heavily on augmented security capabilities such as strong customer authentication and comprehensive consent management.

As such, this release supports:

  • Electronic Identification, Authentication, and Trust Services (eIDAS) to ensure secure electronic transactions.
  • SCA for electronic payment transactions.
  • Rule-based fraud detection and dashboards for monitoring fraudulent transactions.

Giving Developers the Experiences They Deserve

Much of the interaction between WSO2 Open Banking and a bank’s technical infrastructure is facilitated by the bank’s development team. The following feature implementations will allow a bank’s development team with greater flexibility and creativity when working with WSO2 Open Banking. Some of the developments include:

  • Externally deployable authentication endpoint to allow banks to deploy the authentication endpoint in a separate environment.
  • Extendable consent retrieval and consent persist steps to help banks to conduct their own customizations to the flow seamlessly and elimination duplicated efforts.
  • Transaction Risk Analysis (TRA) implementation has been moved to Open Banking Business Intelligence to help developers easily track and monitor TRA patterns.

More information on the technical capabilities can be found in this blog. If you are interested in getting an even deeper understanding of these features, do register for our webinar.

If you are interested in getting WSO2 involved with your open banking or PSD2 compliance projects, do reach out via our web page. We would love to be a part of your journey.

Australia Passes Consumer Data Right Legislation. It’s Go Time for Open Banking!

Photo credits: Catarina Sousa via Pexels

After much anticipation, the Consumer Data Right Legislation is finally passed! Just after a month since the original open banking deadline for the Big 4, the real race begins. It’s time for banks to lay out their open banking playbooks and start implementing open APIs.

A Quick Overview of the Timelines

Even before you consider the technical aspects of open banking, you should understand the regulation. Our article answers some common questions around open banking in Australia. A summary of the approaching deadlines is included below:

  • February 2020: Credit and debit card, mortgage, deposit, and transaction data by the Big 4 banks
  • July 2020: Account data for all banks aside of the Big 4
  • February 2021 for mortgage data: Account data for all banks aside of the Big 4
  • July 2021 for all other products

How to Get Started

With less than a year to go, banks have a lot of prep work to do. Here are a few simple steps to kick start your technology implementation for open banking:

Create open banking evangelists: Even if it is just 3 people, it is important that there is a part of your organization that lives and breathes open banking. That way, they align every aspect of the business – customer value, profitability, and even vision towards a pro open banking model.

Budget for efficiency: Open banking doesn’t have to cut through a hole in your annual budget. An efficient open banking implementation is one that will not cost you a ton of money. And in order to budget for efficiency, always think about what you can re-use and re-purpose. As banks, most of the technology required for open banking should already be within reach. What matters is how you adapt it to fit open banking specific needs. Our article has more details.

Evaluate existing technology: Open banking does not require you to reinvent the wheel. You would already have banking APIs and data security mechanisms in place, and most of it can be modernized to fit open banking requirements. Our white paper covers this in detail. You just need to identify the gaps. And pay close attention to security. Features like customer authentication and consent management are crucial to the success of open banking.

Fill out the missing pieces: This is where you get creative. Once you know what is missing, always look at working with technology that is easy to integrate with current systems (so it doesn’t take much time), meets open banking specific customizations (so your teams don’t have to spend cycles implementing them), and finally invest in technology that gives you the flexibility to scale as you go. That way, you lower the risk in the technology investments that you make.

Test like your life depends on it: Once your open API environment is set up, make sure to test all of the functionalities are meeting requirements. When testing, think like a data recipient and envision the experience you want them to have. Remember, the better your API portal, the more data recipients you attract and the better you serve your customers.

We are excited to participate in the open banking journey in Australia and we are keen to share our experiences with banks like Société Générale with you. If you are just starting your open banking implementation or have made progress but need more technical or regulatory guidance, do get in touch with us.

Everything you need to know about WSO2 Open Banking is here.

The Basics of Open Banking

Open banking has grown overnight. It started with the PSD2 regulation for Europe in 2018. Open banking is now adopted in Australia, several parts of Asia, Latin America, and many other regions.

Here are a few facts to understand what open banking is and why you should consider building a strategy around it.

What is Open Banking and Why Was It Created?

Open banking requires all financial institutions (deposit taking institutions) to open up customer and/or payment data to third party providers. Open banking breaks up the monopolies of financial services and allows more players to enter the market. This increases competition and results in better products and services for customers.

As time went on, non regulated regions started to accept that open banking was the best way to become more digitally agile. Therefore, they started taking measures to open up their APIs. Regions like Mexico are looking at open banking for larger financial inclusion agendas.

How Does Open Banking Work?

The “opening up” of this data is done via Application Programming Interfaces (APIs). APIs, which are essentially an integral part of any technology infrastructure, provide a secure and effective way to expose this data. In the past, banks have used screen scraping to expose data. This comes with a compromise on security with a high chance for fraudulent transactions.

How is Data Protected in Open Banking?

Security is of utmost importance in open banking. While security at an API management level is essential, banks must take extra steps to ensure that data does not fall into the wrong hands. Mechanisms like Strong Customer Authentication (SCA) and Consent Management are vital. SCA ensures that a two step authentication mechanism is followed, but without hindrance to user experience.

Consent management puts the user in control of who they share their data with. When you implement identity and access management for open banking, these two elements should be a top priority. It also helps to have fraud detection mechanisms in place, as a way of identifying fraudulent transactions.

Are There Technology Standards to Meet?

Since the APIs used for open banking need to follow certain protocols and adhere to specific requirements, there are a few open banking API standards available. Open Banking UK API Standard, the NEXTGEN PSD2 API Standard (created by the Berlin Group), and the STET API specification are three of the most commonly used standards.

How Do You Integrate an Open Banking Architecture with a Legacy System?

One of the biggest challenges banks face is bringing together what seems to be two different worlds — open API architectures and legacy systems. In reality, it doesn’t have to be so difficult. The first thing to do is to add an integration layer which will mediate between the legacy system and Open APIs. This allows you to expose the required services to the open banking solution, which will in turn expose them as APIs with the required security measures in place. More details are available in this white paper.

Why an Open Banking Vision is Important

The availability of data and various methods to compare and contrast services create high expectations for consumers.This means banks need to go the distance — being a supporter of a person’s financial ecosystem is not enough. They need to think about improving consumer lifestyles too.

Open banking is the best way to start this journey. The openness it creates gives way to a tremendous amount of data. This data helps you understand how your consumers, eat, shop, travel, and more. With more players in the financial services ecosystem, banks should aim for collaboration over competition.

These collaborations can go a long way in delivering superior products and services to customers, and helping your bank identify as a true contributor to consumer well being.

In conclusion, open banking is here to stay. So regardless of what the regulatory status is, banks need to be proactive about open banking and make it a boardroom topic. The sooner you start, the better placed you are when it reaches your region.

Ask an Expert: Catching up with Seshika Fernando

Women in engineering are unicorns (almost) and that’s probably why #Ilooklikeanengineer became a thing. But WSO2, with a 30% female representation, tells you a different story. Plus, we consider everyone at WSO2 a handpicked lot. So is Seshika Fernando. She’s a Chevening scholar, a speaker at conferences around the world, backed by both finance (London School of Economics) and computer science. Outside her workspace she’d be playing basketball as if it were rugby or making sure her son Ezra is getting enough sleep.

We caught up with Seshika recently to speak to her about her transition from the WSO2 analytics team to financial solutions, why open banking is taking over the world, and why she encourages more girls to join the IT industry.

1. How have your experiences at WSO2 been so far?

It’s been great! I was originally involved in data analytics while in the Research team. Now I manage the financial solutions initiative at WSO2 where I am able to capitalize on my background in Finance and create specialized solutions on top of WSO2 products, catered towards the specific business requirements of the financial industry.

I’ve had great experiences at WSO2. From being able to speak at atleast half a dozen international conferences a year, to interacting with some of the largest brands in the world, to playing basketball. WSO2 has been a great place to work irrespective of the team I belonged to.

2. How did the idea for building an open banking solution come about?

Open banking is taking over the banking world – not only in Europe but globally. And our open banking solution, built on top of the battle hardened WSO2 products, is proving to be very useful in all these markets.”

WSO2 gave me a challenge – “create solutions for the Financial Services industry using WSO2 products.” With a background in Computer Science as well as Finance, I took this up with open arms. At the time we started this initiative, PSD2 was taking over every conversation in the European banking sector.

With many of our existing customers coming to us with the PSD2 requirement, we forged ahead and created WSO2 Open Banking. Now in retrospect, this was the best decision we made. Open banking is taking over the banking world – not only in Europe but globally. And our open banking solution, built on top of the battle hardened WSO2 products, is proving to be very useful in all these markets.

3. This leads us to believe that the market for PSD2 solutions is open to many forms of competition. How did you formulate a technical and sales and marketing strategy to ensure WSO2 stands out?

Yes, there was stiff competition when we started. However, thanks to the vast capabilities of WSO2 products, surviving and thriving within this landscape have been easy.

There was stiff competition when we started. However, thanks to the vast capabilities of WSO2 products, surviving and thriving within this landscape have been easy.”

First of all, even though we entered the race late, we realized that most of the requirements of the PSD2 regulation can be serviced through the existing WSO2 products. Technically, all we had to do was wire everything together, add any missing features, and package an end to end solution which enabled banks to achieve full compliance very quickly.

We had to go for a very aggressive sales and marketing strategy in order to gain traction in a market that was full of different types of competition (not just our usual middleware competition). So we planned different types of campaigns to first create awareness and then engage with banks that were outside our usual customer base. Once we did the first few implementations, word got around and we were getting a large number of requests from both European and non-European banks.

4. Can you tell us about your experiences with customers who are trying to become PSD2 compliant? What are the key challenges they face?

Security is the utmost concern for all banks. Since it is sensitive customer data that is being exposed, banks that engage with us emphasize the importance of the ability to secure data and its access, above all other requirements. The WSO2 Open Banking solution overcomes all security challenges, since it incorporates WSO2’s very strong and proven IAM offering.

Most of our customers are also looking for ways to make their regulatory investment worthwhile, by being able to earn some revenues from their implementation of PSD2. With a digital transformation focused open banking implementation, our open banking customers are easily able to achieve this.

5. It seems obvious that banks will need to think beyond API when planning a technology strategy for compliance. How difficult/easy is to convince them to do so?

When we look beyond the regulation and discuss implementation details with each bank, the need to integrate with existing internal systems, the requirement for comprehensive Identity and Access management, the capability to onboard third party providers, and the necessity to have a strong analytics component to achieve regulatory reporting requirements comes to light. These requirements are usually enough for customers to understand the necessity for an overall technology strategy rather than just an API strategy.

However, we don’t just stop there. We understand that each customer (big or small) is making an investment to extend their technology platforms in order to satisfy these requirements. We help the customer identify ways that they can reuse the technology they are investing in, to further digitize and optimize their existing processes in a way that promotes market expansion and create new revenue streams.

6. What are your thoughts on how open banking will be adopted globally?

It’s only a matter of time before open banking becomes a must have for all banks globally.”

Well, all regions are moving towards open banking albeit at different paces. Australia is next in line to implement open banking through regulation and there are many other regions such as New Zealand, Hong Kong, Japan, etc., that have stated their intentions to mandate open banking through regulation.

In the meantime in all other parts of the world, even without regulatory pressure, individual banks are adopting open banking due to the many benefits they can achieve especially in an environment where they could be the first movers to a new ecosystem. Therefore, it is only a matter of time before open banking becomes a must have for all banks globally. WSO2 is excited and ready to work with each region on their specific open banking journeys.

7. Finally, as a woman playing a leadership role in a technology company, what is your advice to other women in the field on how they can reach the highest pillars of success?

I’d encourage more and more girls to join the IT industry, and contribute towards development of great products that are created by a diversified workforce for a diversified consumer base.”

I believe that being female does not have any disadvantages for a career in IT. Since women are the minority in this industry, it provides women a superb opportunity to easily standout within a male dominated workforce. Furthermore, the IT industry’s flexible working arrangements really enable us to balance work life and family life.

I would encourage more and more girls to join the IT industry not just to profit from its various benefits but also to reverse the gender imbalance and contribute towards development of great products that are created by a diversified workforce for a diversified consumer base. In fact, I’ve even written a blog post on the subject for the World Bank.

Seshika, 2nd from the right, Winner of the Young Engineer of the Year award for 2017 by IET Young Professionals-Sri Lanka

Three Months in to PSD2 – Confessions of the WSO2 Open Banking Team

It’s been 3 months since the PSD2 compliance deadline and the dust is settling in. Or is it really? Just like when it started, the post PSD2 landscape is viewed from different angles. It has been called everything from a ticking time bomb to a slow burn to a never ending honeymoon period. We think the biggest surprise was that everyone thought that January 13 was the end. It wasn’t, it was the beginning.

When we created WSO2 Open Banking, we knew customer needs would be diverse and every technology experience we deliver would be unique. Turns out we were right. Our journey with WSO2 Open Banking has unraveled some interesting experiences while working with different stakeholders in this compliance ecosystem. Here’s what we learned.

Confession #1: (Almost) Everyone was late to the party

Everyone (including us) started counting down to PSD2 from 6 months to 3 months to 1 month. But the reality was, January 13 was just the date when PSD2 was implemented by the EU parliament as a European-wide regulation.

Several regions across Europe chose to deal with imposing PSD2 in their own way. We’ve been tracking the country-specific deadlines quite closely and about 46% are yet to set an official deadline for compliance. We believe that the final date for compliance will be when the Regulatory Technical Standards (RTS) come into effect in September 2019. That’s good news for us because there’s still a large viable market for compliance technology! ;)

Confession #2: Compliance confusion did not discriminate

Over the past several months, we’ve worked with many banks of different sizes across Europe and they all had similar questions:

This led us to believe that banks, regardless of size, require a lot of guidance in the compliance process. It’s a good thing we have a team of experts to do just that!

Confession #3: They came, they saw, they vanished

When PSD2 first started gaining traction in 2016, the knee-jerk reaction of every API management and integration vendor was “this is a goldmine of opportunity we cannot miss”. So they went head on into the market with an existing product. Come 2018 when the need for compliance technology has evolved, these “first mover” technology vendors have gone quiet.

It remains uncertain whether it was the lack of a well thought out strategy to keep consistent market demand, fintech domination, or not giving the compliance market the attention it deserved. One thing is for sure, this is a highly competitive market for technology vendors like us. But no complaints, we love a challenge and are pretty good at winning them!

Confession #4: API standards (and the organizations writing them) are a solution providers BEST friends

A lot of shade gets thrown at not having a common API standard across Europe (version 1.1 of the Berlin Group API specification is yet to come, we’ve got our eyes peeled for that). However, Open Banking UK has got this in the bag by having a comprehensive API specification that WSO2 Open Banking supports.

When we first started out, these standards really helped set the base for building our solution. Our development team continues to spend a good couple of hours every week identifying latest improvements in the specifications and contributing to their development by participating in working groups.

Confession #5: Compliance is not a back breaker…it just needs a well thought out strategy

A lot of banks think of compliance as a major headache and seek a “quick fix” to compliance just so they can tick off the checkbox. The reality is, quick fixes can do more damage than good. PSD2 compliance is a big deal and if you go into it without a strategy, that’s cause for alarm. Even if you don’t have a dedicated open banking or compliance team you can still get the job done.

You just need to rally the right members, set your goals for compliance and figure out what you need from a technology vendor. Then you need to pick the technology that gives you value for money and won’t take eons to work with your systems and deliver compliance. It’s a matter of working closely with a solution provider towards a common goal.

Confession #6: Do your research or go home – The learning never stops

There is a minimum of 3 articles written a week on open banking. Everything from thought leadership material, opinion pieces (like this one), and publications from standards continue to explore and discuss this ecosystem. And what we learn from our conversation with customers is an invaluable source of research to keep abreast of where the market is heading. We treat each of these as a unique source of intelligence and they continue to nurture our product management, sales, and marketing strategies. It’s the only way to survive in an ecosystem as dynamic as this one.

It’s been a great ride so far and we can’t wait to see what comes up next! No doubt there will be plenty more surprises and exciting developments to look forward to!

The WSO2 Open Banking Team