Open Banking Glossary

Open banking terminology made simple: from AISP to the Developer Zone.

A

Account Information Service Provider
Account Information Service Provider
(AISP)
An Account Information Service provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).
Account Servicing Payment Service Provider
Account Servicing Payment Service Provider
(ASPSP)
Account Servicing Payment Service Providers provide and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points.
API Data
API Data
API Data is data made available to an API User or a TPP through the APIs.
API Provider
API Provider
An API Provider is a service provider implementing an Open Data API. An API Provider provides Open Data via an API gateway.
API User
API User
An API User is any person or organisation who develops web or mobile apps which access data from an API Provider.
Application Programming Interface
Application Programming Interface
(API)
An Application Programming Interface is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.
ASPSP Brand
ASPSP Brand
An ASPSP brand is any registered or unregistered trade mark or other Intellectual Property Right provided by an ASPSP.

C

Card Based Payment Instrument Issuer
Card Based Payment Instrument Issuer
(CBPII)
A Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.
CMA 9
CMA 9
The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland).
CMA Order
CMA Order
The Retail Banking Market Investigation Order 2017.
CMA Remedies
CMA Remedies
Remedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail banking market considered to be having an adverse effect on competition. These remedies included a requirement for the UK banking industry to adopt a subset of HMT’s proposals for Open Banking.
Competent Authority
Competent Authority
A Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subject matter of Participants.
Competition and Markets Authority
Competition and Markets Authority
(CMA)
The Competition and Markets Authority (CMA) is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive activities.

D

Data Standard
Data Standard
The data standards issued by Open Banking from time to time in compliance with the CMA Order.
Directory
Directory

A trust framework of regulated providers

The open banking Directory is the core infrastructure of our ecosystem – enabling participants to request and grant access to customers’ financial data in a secure, permissioned way via open banking APIs.  

Play video

Directory Sandbox
Directory Sandbox
The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open Banking Directory.

E

European Banking Authority Regulatory Technical Standards
European Banking Authority Regulatory Technical Standards
(EBA RTS)
The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes.

F

Financial Conduct Authority
Financial Conduct Authority
(FCA)
The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.

G

General Data Protection Regulation
General Data Protection Regulation
(GDPR)
A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).

M

Mandatory ASPSP
Mandatory ASPSP
Mandatory ASPSPs are entities that are required by the CMA Order to enrol with Open Banking.

O

Open API
Open API
An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.
Open Banking Ecosystem
Open Banking Ecosystem
The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants.
Open Banking Implementation Entity
Open Banking Implementation Entity
(OBIE)
The Open Banking Implementation Entity is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Otherwise known as Open Banking Limited.
Open Banking Services
Open Banking Services
The open banking services to be provided by Open Banking to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory.
Open Data
Open Data
Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards. Open Data is data that anyone can access, use or share.

P

Participant
Participant
An API Provider, API User, ASPSP, or TPP that currently participates in the Open Banking Ecosystem.
Payment Initiation Services Provider
Payment Initiation Services Provider
(PISP)
A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
Payment Services Provider
Payment Services Provider
(PSP)
A Payment Services Provider is an entity which carries out regulated payment services, including AISPs, PISPs, CBPIIs and ASPSPs.
Payment Services Regulations
Payment Services Regulations
(PSR)
The Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.
Payment Services User
Payment Services User
(PSU)
A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.
Primary Business Contact
Primary Business Contact
(PBC)
A Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls related to Open Banking.
Primary Technical Contact
Primary Technical Contact
(PTC)
A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.

R

Read/Write API
Read/Write API
Read/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of Personal and Business Current Accounts and/or initiate payments from those accounts.
Read/Write Data
Read/Write Data
Read/Write Data includes personal current account and business current account transaction data sets made available by ASPSPs in accordance with the Read/Write Data Standard.
Revised Payment Services Directive
Revised Payment Services Directive
(PSD2)
The Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.

S

Small and Medium-sized Enterprises
Small and Medium-sized Enterprises
(SMEs)
Small and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover <£6.5m p.a.
Standards
Standards
The Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available.
Strong Customer Authentication
Strong Customer Authentication
(SCA)
Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.

T

Third Party Provider
Third Party Provider
(TPP)
Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).

V

Voluntary ASPSP
Voluntary ASPSP
Voluntary ASPSPs are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their own APIs, to enrol onto the Open Banking Directory, and to use the associated operational support services.