WSO2 Open Banking

1. What is Open Banking?

For as long as we know, banks have maintained exclusive access to customer data. And while this data was shared with other service providers through piecemeal approaches, a system where external parties were able to access this data was unheard of. And with the oligopolies in financial services, there was no leeway for other financial service providers to enter the market and create innovative products, services, and experiences for customers.

In spite of the above, financial institutions in countries like the US have been opening up their APIs to other providers for a while. Open banking was formally made a regulation in 2017 for Europe and the UK. This required providers of banking services to open up their customer data to authorized third-party providers via APIs. As a result, an ecosystem of APIs is created with various third parties integrating with banks to reinvent financial services by using customer data.

The immediate perceptions of open banking were negative. Banks had concerns that their identity would be lost and they would be reduced to being a commodity. As more education around open banking was created, customers are seeing its advantages and banks are looking at it in a more positive light. Banks now view open banking as the best way to initiate their journey towards digital banking.

Since its inception, open banking is now on its way towards global adoption with countries like Australia, Hong Kong and Mexico having moved towards regulation and with banks in several other countries looking to adopt open banking even without regulation.

2. WSO2 Open Banking Solution: Purpose-Built for Compliance and More

WSO2 Open Banking is purpose-built to align technology infrastructure and regulatory needs with domain expertise to fully satisfy technology requirements for open banking.

It has a componentized architecture that enables banks to choose and integrate specific technology components to meet unique open banking needs. And, since the WSO2 solution is built on a unified integration platform, it helps banks become integration agile for any future digital initiative beyond compliance.

WSO2 Open Banking comprises of the following components:

• APIs to expose account and/or payment initiation services: Depending on the regulatory or business requirement, WSO2 Open Banking provides READ/WRITE APIs to expose data/services to regulated third parties. These APIs adhere to the Open Banking Standard in the UK, the Berlin Group NextGenPSD2 XS2A framework and the Australian Consumer Data Standards. They can also be customized to adhere to any specific requirements of a bank. The APIs also support common API security standards such as OAuth2/Certificate-based API authentication, FAPI, mTLS, SAML2, and OpenID Connect.
• Strong Customer Authentication (SCA): Security is a critical component of open banking hence extensive security measures should be in place. Any bank that implements open banking requires strong customer authentication mechanisms. Apart from the basic username and password authentication, WSO2 Open Banking enables multi-factor authentication capabilities for third parties via multiple authenticators such as SMS OTP, Email OTP, VASCO, FIDO, DUO and MePIN. These authenticators remain independent so that the breach of one does not compromise the others.
• Transaction Risk Analysis (TRA): Although SCA ensures maximum data security, it can hinder user experience especially when it is mandated for low-risk transactions. WSO2 Open Banking provides TRA capabilities that identify low-risk transactions through a rule-based system and exempts SCA for them.
• Consent management: This ensures that the third parties are provided access to customer data only when customer consent is given. The WSO2 Open Banking consent management module provides a portal that allows customers to manage and revoke consent if needed together with a portal for bank officers to perform those functions on behalf of customers upon request. This module also supports handling multiple consent types such as per transaction consent, consents for scheduled payments and consent over a long period of time for recurring payments.
• Third-party onboarding: Third parties are a critical part of the open banking ecosystem and a bank must ensure that they have positive experiences when consuming the bank’s APIs. WSO2 Open Banking ensures a thorough but user-friendly verification process for third-party accreditation. The solution supports customizable workflows for onboarding and lifecycle management based on the bank’s preferred processes. The developer portal can be branded according to the bank’s branding guidelines and themes. Dynamic client registration is also supported in the onboarding process, meaning accreditation may be processed dynamically via an API doing away with the need for third parties to access the developer portal.
• Fraud detection: As more third parties start consuming your data, the risk of fraudulent activity increases significantly. The solution is equipped with fraud detection modules that can be customized out of the box or according to a set of predefined rules. It also provides customized dashboards with insights on API usage trends to proactively identify abnormal behavior and prevent fraudulent transactions.
• Integration with legacy banking systems: A fundamental part of a successful open banking implementation is how well it integrates with your existing IT infrastructure. WSO2 Open Banking comes with integration points to core banking systems, legacy and otherwise.
• Security incident detection and reporting: WSO2 Open Banking is capable of identifying incidents and issuing all alerts supported by WSO2 API Manager, so that corrective measures can be taken effectively to reduce the damage done. It can also effectively identify any possible data breaches and compromise and provide effective resolutions.
• Regulatory reporting: WSO2 Open Banking enables banks to comply with regulatory reporting requirements for open banking based on the API invocations, third-party provider adoption statistics and performance statistics of the open banking solution.
• APIs to expose custom services beyond regulation: WSO2 Open Banking goes beyond enabling banks to deploy pre-configured APIs subject to the regulatory specifications alone. The solution allows banks to publish custom APIs and applications to explore the full potential of open APIs to connect with the external ecosystem and build new revenue channels, and to use API technology to streamline internal processes.

3. How to Excel at Open Banking and Beyond

It comes with no surprise that banks who take on open banking will come across some challenges while doing so. We recommend that banks follow 4 key steps to simplify and expedite the process of opening up their APIs

4. The WSO2 Advantage for Open Banking

By choosing WSO2 Open Banking, your bank can enjoy more than a smooth implementation of Open APIs. Our subject-matter experts and technology ensure that the entire process, from the conversation with your account manager all the way to the deployment of the solution happens in alignment with your open banking vision. Here are a few reasons why you should choose WSO2 Open Banking.

5. Customers Who Trust WSO2 Open Banking