On 13th January 2018, the second Payment Services Directive (PSD2) came into force, defining a new chapter in the European payments market. It requires banks to open their systems to third parties and provide interfaces to them to initiate payments on accounts, retrieve account information and a confirmation of availability of funds on accounts. Application programming interfaces (APIs) play a vital role and standardized APIs are required to avoid fragmentation in the European market, and promote the digital ecosystem. PSD2 does not come with an API standardization. To help fill this gap, the Berlin Group—consisting of almost 40 banks, associations and PSPs from across the EU—has defined a common API standard called “NextGenPSD2”, which provides guidelines to reduces XS2A complexity. It is ready to be used by banks and TPPs for implementing PSD2-required bank account access.
Berlin Group’s NextGenPSD2 is the leading API framework that helps banks to build API standards. Since NextGenPSD2 does not specify one single API standard, banks should follow basic principles of API design and build API standards that are state of the art:
- RESTful JSON (full JSON format) for payments and account information by using standardized ISO20022 attribute naming conventions
- Only a minimum set of data fields for the most relevant customer segments—such as retail, and small- and medium-sized enterprises (SMEs)
- Single payment mode with all relevant payment products (such as SEPA Credit Transfer)
- Embedded SCA approach (customer enters credentials at TPP side) and with full OAuth2-based SCA procedure
Time is short. By 14th September 2019, banks are mandated to be RTS-compliant and even make APIs available for testing and piloting six months before the market launch. Having the optimal APIs in place that follow best practice principles will be crucial for banks’ “Beyond PSD2” open banking strategy.
Have a look at my complete blog and share your views.