Guide

Important Terms

We've arranged this in a logic order that we think is most useful rather than alphabetically. If you prefer to view this page alphabetically, click on the next page.

Suggest Edits

PSD2

This refers to the Payment Services Directive 2015/2366 and associated Regulatory Technical Standards set out by the EBA and agreed by the European Commission, which has also been adopted (with minor alterations) by the Financial Conduct Authority in the UK. It is essentially the overarching framework within which open banking and customer authentication is governed.

Ecosystem

❯ Account Holder

The most important entity in the eco system is the end user - an account holder. In open banking this is sometimes referred to as a PSU, or Payment Service User and is defined as a natural or legal person making use of a payment service as a payee, payer or both. But we prefer to simply use the term account holder.

❯ Account Provider

An account holder is provided with an account by their account provider, which is typically, a bank or similar financial institution, but could also be a different type of organisation delivering account-based services to its customers.

Sometimes the role of account provider is delegated to an agent or client of the financial institution. If you’re operating a brand under the license of a financial institution then you probably take on the role of account provider, even if you’re not technically a bank.

In open banking terminology, this entity is referred to as an ASPSP, or Account Servicing Payment Service Provider, but we think that this is too long winded and doesn't properly capture the nature of these organisations.

❯ Third Party Provider

Often referred to with the acronym TPP, a third party provider is a regulated entity that is permitted (subject to account holder consent) to initiate a payment or access an account holder's account information.

Third party providers may be approved by their regulator to perform one or multiple roles

  • Account Information
  • Payment Initiation
  • Confirmation of Funds

These roles are described in more detail in this Glossary, but as a client of tell.gateway, you don't need to worry about the distinction. We ensure that third party requests are pre-qualified before they reach you, so they are only able to perform actions that match their regulatory status.

❯ Gateway Provider

For account providers, building an entire PSD2-compliant open banking infrastructure can be incredibly complex and costly. It can take a long time and requires full time oversight, support and continual updates. That's why many choose to outsource task this to us. By implementing tell.gateway, we become your fully managed gateway provider. Just plug in and we do the rest!

Standards

Although PSD2 is very detailed and prescriptive about its requirements in some ways, the regulations do not stipulate how open banking is to be implemented. As a result, different API standards and specifications have been developed across the industry and geographical regions.

There are two primary sets of standards which tell.gateway has adopted, ensuring that third party providers can interact with account providers (via our platform) in a manner that is as close to "standardised" as the ecosystem allows.

📘

As an account provider, you do not need to worry about which standard is used. You integrate with us using a single simplified specification, and we present the relevant PSD2 API to third party providers depending on the location in which you and they are operating.

❯ OBIE

Developed by the Open Banking Implementation Entity (often confusingly referred to simply as "Open Banking"!) the OBIE specification is the de facto accepted standard used in the UK.

For more information visit the Open Banking Implementation Entity ↗

❯ NextGenPSD2

Developed by the Berlin Group the NextGenPSD2 specification is a common standard used in many parts of the EU.

For more information visit the Berlin Group ↗

Other Definitions

❯ Developer Portal

A co-branded or white label website enabling third party providers to view, interact and register with a Dedicated Interface. A Developer Portal also includes support information, user guide, and realtime statistics showing uptime and availability of the Dedicated Interface.

❯ Payment Account

A payment account is defined as “an account held in the name of one or more payment service users which is used for the execution of payment transactions”. In other words, if an account has the ability to hold funds from which a payment can take place, it is designated a payment account.

There are numerous types of payments that are captured by PSD2, including;

  • "payment transactions executed through a payment card or a similar device"
  • "execution of direct debits, including one-off direct debits"
  • "execution of credit transfers, including standing orders"

❯ AISP

An Account Information Service Provider is a type of third party provider that is permitted to provide consolidated information on one or more payment accounts held by an account holder with one or more account providers.

❯ PISP

A Payment Initiation Service Provider is a type of third party provider that is permitted to initiate a payment order at the request of an account holder with respect to a payment account held at another account provider.

❯ PSU

A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.

❯ CBPII

A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.

❯ SCA

Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as:

  • knowledge - something only the account holder knows, for example, a password
  • possession - something only the account holder possesses, for example, a mobile phone
  • inherence - something the account holder is, for example as provided by a biometric validation of their face

The intention of SCA is to protect the confidentiality of account holder data.

❯ Dedicated Interface

A Dedicated Interface is the regulatory term for an interface such as an API, which provides secure server-based real time access to account provider systems and therefore to account holder data and payments, by a regulated third party provider. Such an interface needs to adhere to a strict set of standards as defined by the regulations, although the actual methods and implementation are not specified.

❯ Gateway

A Gateway is the term used for a Dedicated Interface on the tell.gateway platform. Depending on the edition subscribed to, a client can spin up one or multiple Gateways, each of which is a stand alone API with associated supporting features which allow you to comply with your open banking obligations under PSD2.

❯ NCA

NCAs, or National Competent Authorities, are regulatory or governmental bodies responsible for the supervision, registering and authorisation of financial service providers. They also publish registers for use by:

  • Qualified trust service providers, to make decisions on issuing certificates
  • Financial institutions, to check whether other parties are authorised.

Updated about 1 year ago