Irish and UK banks who wish to comply with the CMA and EU Directives must make APIs available to access their customer account information and to make payments.
This is an inherently risky prospect for the complex and expensive back office systems that the banks must open up when on boarding TPPs. In addition, a shared testing environment that TPPs must share has the potential for TPPs to step on each others toes and bring down the entire environment.
Ostia solutions can address these issues today in a totally risk-free manor with our sandbox which implements and integrates all 4 parts of the OBIE V3.1 read/write standards namely:
-
Account and Transaction API Specification - v3.1
-
Payment Initiation API Specification - v3.1
-
Confirmation of Funds API Specification - v3.1
-
Event Notification API Specification - v3.1
This runs in a Cloud environment and a seperate environment for each TPP can be provided in a cost effective way.
The functionality is as follows:
-
We can supply a fully functional Open ID server for identity and consent management _or_ we can integrate with your identity management stack if you prefer.
-
We can create multiple accounts based on synthetic but realistic data using common names, surnames and addresses but which represents no real people so is 100% GDPR compliant.
-
In addition, we can create persona-based transaction data which reflects different persona types (e.g. transaction profile of a single person in their 20s, married couple with 2 children in their 30s, married couple with no children in their 50s etc.)
-
We provide a GUI that enables the viewing, creation, deletion and updating of this data.
-
We provide a GUI that demonstrates:
-
How an AISP connects and gets consent to access account details on behalf of a PSU.
-
Shows all the available data associated with a PSU once permission is granted.
-
Shows the payments process in action including the full consent management process.
-
This GUI uses :
-
the Accounts APIs made available from our sandbox which is protected by our (or your) Open ID Connect Oauth server.
-
the Payments APIs made available from our sandbox. Payments using these APIs are only possible if the account balances allow for the debit and reflect in the accounts balances of the accounts impacted by a payment. In addition, appropriate transactions records are written for each account.
-
The CBPII funds available APIs which also check the appropriate account record and return a true/false positive based on whether these accounts are available.
-
The TPP notification API for a TPP to register a URL for a callback from the ASPSP under appropriate circumstances.
-
These APIs are ultimately published as a swagger file from the sandbox such that they can be used directly by a TPP – our GUI is simply a demo of what is possible.
