Open Banking Glossary - Terms & Definitions

Account Information Services allow third-party providers to access account data (such as balances and transaction history) with customer consent. AIS enables use cases like account aggregation, person...

An Account Information Service Provider provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user wi...

An Application Programming Interface is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. In Open Banking, APIs enab...

An API Aggregator is a service provider that consolidates multiple bank APIs into a single, unified interface. Aggregators simplify integration for TPPs by providing standardized access to multiple ba...

API Data is data made available to an API User or a TPP through the APIs. This includes account information, transaction history, and balance data that can be accessed with proper authorization and cu...

An API provider is a service provider implementing an Open Data API. An API provider provides Open Data via an API gateway. In Open Banking, banks and financial institutions act as API providers, expo...

An API User is any person or organisation who develops web or mobile apps which access data from an API Provider. API Users include fintech companies, software developers, and third-party providers bu...

APP fraud is where victims are tricked into sending funds from their bank account to a fake or fraudulent account by someone posing as a genuine payee such as a friend or family member, or a trusted o...

Account Servicing Payment Service Providers provide and maintain payment accounts for payers as defined by the Payment Services Regulations. In the context of the Open Banking Ecosystem, ASPSPs are en...

A Business Current Account is a bank account held by a business entity. BCAs for SMEs are included in Open Banking mandates, enabling business financial management tools and lending products based on ...

A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with ano...

The Consumer Data Right is Australia's economy-wide data portability framework. It started with Open Banking and is expanding to other sectors including energy and telecommunications. CDR gives consum...

The Consumer Financial Protection Bureau is a U.S. government agency responsible for consumer protection in the financial sector. The CFPB issued the Personal Financial Data Rights rule (implementing ...

Client Initiated Backchannel Authentication (CIBA) is an authentication flow that enables a client application to obtain an ID token, access token, and optionally a refresh token through a backchannel...

The Competition and Markets Authority is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive ...

The Retail Banking Market Investigation Order 2017. This order required the CMA9 banks to implement Open Banking standards, creating a framework for secure data sharing and payment initiation through ...

Remedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail banking market considered to be having an adverse effect on competition. These remedies inclu...

The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. They are: AIB Group (UK) plc trading as First Trust ...

Confirmation of Funds is a service that allows a CBPII to request confirmation from an ASPSP that sufficient funds are available in a customer's account to cover a specific payment amount. This enable...

A Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subjec...

Customer consent is the explicit permission given by a payment service user to allow a third-party provider to access their account data or initiate payments on their behalf. Consent is fundamental to...

A Consent Dashboard is a user interface provided by ASPSPs or TPPs that allows customers to view, manage, and revoke consents they have given for data sharing or payment initiation. It provides transp...

The data standards issued by Open Banking from time to time in compliance with the CMA Order. These standards define the format, structure, and content of data exchanged through Open Banking APIs, ens...

A Dedicated Interface is an API specifically designed and built by an ASPSP for third-party provider access, as required by PSD2. It is the preferred method for TPP access and must meet performance, a...

A Developer Portal is a website provided by an ASPSP or API aggregator that gives developers access to API documentation, sandbox environments, registration tools, and support resources needed to buil...

The Open Banking Directory is the core infrastructure of the Open Banking ecosystem – enabling participants to request and grant access to customers' financial data in a secure, permissioned way via O...

The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open ...

The Digital Operational Resilience Act is an EU regulation that sets ICT security standards for financial entities. DORA impacts Open Banking API security and incident reporting requirements, ensuring...

The Data Protection and Digital Information Bill is a piece of UK legislation that makes changes to the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations....

The European Banking Authority is an independent EU Authority which works to ensure effective and consistent prudential regulation and supervision across the European banking sector. The EBA develops ...

The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance c...

eIDAS is an EU regulation on electronic identification and trust services for electronic transactions. eIDAS 2.0 introduces digital identity wallets that will enable secure identification and authenti...

A Fallback Mechanism allows TPPs to access customer accounts through the customer-facing interface (like online banking) when the dedicated API is unavailable or not performing adequately. This ensure...

Financial-grade API (FAPI) is a technical security specification that provides guidelines for securing APIs in the financial services industry. FAPI profiles build on top of OAuth 2.0 and OpenID Conne...

The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms. The FCA author...

FIDA is an upcoming EU regulation that will extend Open Finance beyond payments to cover savings, investments, mortgages, pensions, and insurance. FIDA represents the evolution from Open Banking to co...

The General Data Protection Regulation is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals...

Instant Payments are electronic payments that are processed, cleared, and settled within seconds, 24/7/365. The EU Instant Payments Regulation requires banks to offer instant euro transfers, enhancing...

The Joint Regulatory Oversight Committee was established in April 2023 and is responsible for overseeing the next phase of Open Banking in the UK. The committee is co-chaired by the Financial Conduct ...

Mandatory Account Servicing Payment Service Providers are entities that are required by the CMA Order to enrol with Open Banking. These are typically the CMA9 banks that were mandated to implement Ope...

A National Competent Authority is the regulatory body in each country responsible for authorizing and supervising payment service providers under PSD2 and Open Banking regulations. Each EU member stat...

OAuth 2.0 is an industry-standard protocol for authorization that enables third-party applications to obtain limited access to user accounts. In Open Banking, OAuth 2.0 is used as the foundation for s...

The Open Banking Implementation Entity was the original name for Open Banking Limited (OBL). It was the delivery organisation working with the CMA9 and other stakeholders to define and develop the req...

Open Banking Limited (formerly the Open Banking Implementation Entity - OBIE) is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, securit...

An Open API or Public API is a free-to-use, publicly available application programming interface that provides developers with programmatic access to a proprietary software application. In Open Bankin...

The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used t...

The Open Banking services provided by Open Banking Limited to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory. These services enable the se...

Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards. Open...

Open Finance is the extension of Open Banking-like data sharing and third party access to a wider range of financial sectors and products, such as savings, investments, pensions and insurance. It repr...

OpenID Connect is an identity layer built on top of OAuth 2.0. It allows clients to verify the identity of the end-user and obtain basic profile information. In Open Banking, it's used alongside OAuth...

An API Provider, API User, ASPSP, or TPP that currently participates in the Open Banking Ecosystem. Participants must meet certain regulatory and technical requirements to operate within the ecosystem...

A Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point o...

A Personal Current Account is a bank account held by an individual for personal use. PCAs are a primary focus of Open Banking regulations, with mandated API access for account information and payment ...

Payment Initiation Services are services that allow a third-party provider to initiate payments from a customer's bank account on their behalf. PIS enables use cases like direct bank payments for e-co...

A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment servi...

Premium APIs are value-added API services offered by ASPSPs or API providers beyond the mandated Open Banking requirements. These may include enhanced data, better performance, additional functionalit...

The Payment Services Directive 2015/2366, as amended or updated from time to time, including the associated Regulatory Technical Standards developed by the EBA. PSD2 is the EU regulation that mandated...

PSD3 is the upcoming revision of the Payment Services Directive that will update and enhance the regulatory framework for Open Banking and payment services in the European Union. It aims to address sh...

A Payment Services Provider is an entity which carries out regulated payment services, including AISPs, PISPs, CBPIIs and ASPSPs. PSPs must be authorized by the relevant competent authority to operate...

The Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA. The...

A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both. PSUs are the customers whose data is being accessed or whose payments are being initiate...

A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contac...

Read/Write APIs enable third party providers, with the end customer's consent, to request account information, such as the transaction history, of personal and business current accounts and/or initiat...

Read/Write Data includes personal current account and business current account transaction data sets made available by ASPSPs in accordance with the Read/Write Data Standard. This is the customer-spec...

An API Sandbox is a testing environment that allows developers to experiment with Open Banking APIs without affecting live systems or real customer data. Sandboxes typically provide mock data and simu...

Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows, l...

Screen scraping is a technique where software extracts data from the display output of another application. In financial services, it was historically used to access account data by mimicking user log...

Section 1033 of the Dodd-Frank Act, implemented by the CFPB's Personal Financial Data Rights rule, establishes Open Banking in the United States. It gives consumers the right to access their financial...

The Single Euro Payments Area is a payment integration initiative of the European Union for simplification of bank transfers denominated in euro. SEPA enables standardized payments across 36 European ...

Smart data is the secure sharing of customer data with authorised third-party providers (TPPs), at the customer's request. These providers then use the data to provide innovative services for personal...

The Department for Business and Trade has set up a Smart Data Council to work on smart data schemes such as helping consumers and small businesses switch utility providers more easily. The council com...

Small and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover less than £6.5m per annum. SMEs are a key beneficiary of Open Banking, gaining access to better financia...

The Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available. These standards ensure interoperability and security acr...

Sweeping is the automated movement of a customer's funds between two accounts in their name, such as a current and savings account. It is commonly used to help the customer avoid overdraft charges, re...

Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer's accounts, in order to provide account information services and/or to initiate payme...

Technical Service Providers are companies which work with regulated providers to deliver Open Banking products and services. TSPs provide technical infrastructure, software, and support services to he...

Voluntary Account Servicing Payment Service Providers are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their ...

Variable Recurring Payments let customers safely connect authorised payments providers to their bank account so that they can make payments on the customer's behalf, in line with agreed limits. VRPs o...