These businesses, companies, and customers use, or offer, fintech services linked to open banking.
ASPSPs and PASPs
Short forAccount Servicing Payment Service Provider. ASPSPs are organisations that open and maintain payment accounts for customers. In other words, a bank. But there are other ASPSPs as well. Electronic money institutions (EMIs) that allow customers to open a mobile money account through which they can make payments are ASPSPs as well.
PASP is short forPayment Account Service Provider.A PASP is the same as an ASPSP in that it maintains payment accounts for customers. The only difference between the two is who uses them. In Saudi Arabia, PASP is the go-to term whereas in the UK, EU, and Bahrain, regulators and industry insiders have adopted ASPSP.
Short for Account Information Services Provider. AISPs are intermediaries that use open banking to enable sharing of customers’ transaction data (think of transactions that are initiated when you buy a product through a checking or savings account, for example) between the customers’ bank and other financial institutions and fintechs. And this data transfer takes place with the customers’ permission. They authorise it. The AISP connects the fintechs or FIs with the bank in real time, and they collect the required account transaction data instantly. But that’s it - AISPs cannot initiate payments and only access transactional information.
Short for Payment Initiation Services Provider. PISPs are the payment intermediary customers can use to pay a seller directly through their bank account or any other ASPSP. PISPs allow customers to initiate online payments without having to use a credit or debit card.
Short for Payment Service Provider. A PSP is a third-party company that provides the infrastructure for all types of online payment methods. In several places, to be a PSP, one needs a license. In KSA, for example, the Saudi Central Bank (SAMA) defines a PSP as ‘any entity licensed by SAMA to provide one or more payment services in the Kingdom.’ But what exactly does a PSP do?
Let’s say a customer wants to pay for a purchase on Amazon with their debit card. Between them entering the card details and receiving payment confirmation, several things happen at the back end. The PSP manages these processes, including the authentication of the card details and communicating with the issuing bank to confirm if the customer has enough money. All this happens within seconds, and the PSP is the magician behind the curtain.
It’s easy to confuse PSPs with PISPs. The latter uses open banking tools to deduct money from a customer’s bank account directly and pay the seller with the customer’s permission. A PSP can do that and/or enable payments through other methods and rails as well, such as debit and credit cards. This means, all PISPs are PSPs but not all PSPs are PISPs.
Short for Third-Party Provider is perhaps the most common out of all open banking-related terms. TPPs are primarily licensed organisations or people that use open banking APIs (we’ll get to that in the next section) to provide account information or payment initiation services. As we’ve learnt above, these are our AISPs and PISPs. We are a SAMA-licensed TPP providing AIS services in KSA and a CBB-licensed TPP providing AIS and PIS services in Bahrain!
Short for Technical Service Provider. TSPs are TPPs with a regulatory licence to build, manage, and provide open banking tools and services. They can use these tools to provide AIS and PIS services (we’ll cover these in a bit) themselves or power other AISPs and PISPs. TSPs are essentially open banking technology providers.
Short for Payment Service User. They’re the natural and/or legal person that make a purchase online and pay for it through a Payment Service Provider (PSP). They can either use a PSP that facilitates card payments or a PISP that uses open banking APIs to enable direct payments from the bank account. In short, a PSU is a customer of PSPs.
Services & Technology
The acronyms highlighted here are used to refer to different open banking tools, related processes, and services that use open banking.
Short for Open Banking. In very simple terms, it’s a new way of banking where the customer owns and controls all of their financial information and data. And through secure open banking APIs, whomever the customer provides permission to, can access this data freely. Banks will have to share the data. This way of banking is highly regulated – who uses customer data and how they use it is clearly governed. We’ve unpacked what open banking is and how it works in a separate article.
Short for Application Programming Interface. APIs are communication protocols that connect two parties virtually to enable data transfers between them. APIs are the holy grail of OB. Built and provided by TSPs, APIs allow TPPs to connect with ASPSPs, such as a customer’s bank, to access their account information. And because you now know what these acronyms mean, you can understand what we are saying!
Short for Account Information Services. Remember AISPs? The services they provide are categorised under AIS. AIS allows for sharing and collection of account information and transaction data. They don’t enable payments.
Short for Payment Initiation Services. Recall PISPs? The services they provide come under the PIS umbrella. It’s simply a payments initiation – a way for PSUs to make payments directly from their bank account using an open banking API tool.
Short for Personal Finance Management. This is an umbrella term for fintech tools and services that give customers visibility into their transactions across all their bank accounts. People can use these applications to manage their finances, budget, save, and invest smarter. Open banking-enabled Account Information Services or AIS have reinvented PFM services – Here’s how they do it!
Short for Strong Customer Authentication. Data security is a key feature of open banking. Several regulatory standards, protocols, and practices make open banking technology safe. SCA is one of them. It’s an authentication system that uses a combination of two or more protection elements. There are three main types of elements.
Knowledge – something only the user knows. For example, a password.
Possession – something only the user has and can access. For example, a phone device or number.
Inherence – something that’s part of the user’s physical body. For example, their fingerprint or iris pattern.
In line with SCA, if one of these elements is compromised, the others remain intact. This authentication protocol is used in open banking whenever a TPP asks the customer for consent to access their account information and transaction data and/or initiate payments.
Short for Software Statement Assertion. These are items that TPPs need to provide banks as verification to be onboarded as a participant in the bank’s open banking ecosystem. As a verified participant, the TPP can then onboard and gain access to the bank’s APIs.
Short for Single Domestic Payment. This is an open banking use case for PISPs. It’s a one-time-only direct domestic bank-to-bank payment in the local currency authorised by the PSU.
Short for Variable Recurring Payments. This is another PISP use case. As opposed to SDPs, VRPs allow PSUs to authorise a PISP to initiate recurring payments from their bank account. It’s more transparent and safer than a direct debit.
The Regulatory Ecosystem
Open banking is highly regulated worldwide. There are several regulatory frameworks and authorities governing the use of OB tools and services by different market participants. Naturally, there are several acronyms that we use to refer to these frameworks, directives, and authorities. Take a look:
Short for Personal Data Protection Law. PDPL is the data law in Bahrain, applicable to any company that processes and uses the personal data of customers. How the data is collected, stored, and used is regulated under PDPL.
Short for Open Banking Implementation Entity. OBIE is a regulatory organisation set up by the UK’s nine largest banks to oversee the implementation of the open-data standards outlined in PSD2.
Short for Payment Services Directive 2. PSD2 is the second edition of the EU directive that regulates payment services and PSPs across the EU and EEA. PSD2 is the EU’s main open banking regulation.
Short forFinancial Sector Development Programme.As part of the Saudi Vision 2030, FSDP aims to develop and diversify the Saudi financial sector. Open banking is essential to the success of the programme.
Perhaps our favourite acronym of all – used widely (and very generically) across multiple use cases. Short forKnow-Your-Customer.KYC is a security protocol that verifies the ID of the customer. Any ASPSP must carry out a KYC as part of the anti-money laundering (AML) regulations before opening an account for a customer. KYC is also completed in other instances, including when initiating payment transfers.
Kickstart your open banking journey and start integrating with us!
Well, there you have it – a detailed understanding of the acronyms that hold up our industry. The next step is to sign up to our Developer Portal to access a wealth of tools, resources, and guides that will help you get started with your open banking journey.
Whether you’re an experienced developer or just starting out, our platform provides you with all you need to create and test impactful financial solutions that will set your business apart.