Why use ACP for enabling Open Banking
Description of ACP features that makes it an optimal tool for enabling Open Banking
In this article you’ll learn what is the value of ACP for individuals or entities, such as banks or other financial institutions, that need to get compatible with Open Banking (OB) requirements. Check how ACP capabilities and features solve OB-related technical issues and help meet requirements of OB standards. Finally, have a tour of a few key use cases for OB that ACP covers.
Concept of Open Banking
Open Banking is a solution aggregating multiple financial services for providing a controlled access to financial information, exchanging data securely, and protecting privacy while performing financial operations. OB is a practice of granting access to financial information in a secure manner.
Open Banking relies on
Using safe standardized mechanisms (for example, OAuth) for building and operating financial environments, which allows for open and easy integrations within multiple financial entities and a greater financial transparency. For example, with a common set of APIs and authentication-authorization rules, there’s no longer a need to integrate with each and every bank individually.
Protecting user privacy understood as an individual’s indispensable right to decide on how, when, to whom, and within what scope their data is shared outside.
Open Banking standards
To avoid confusion and simplify the integration in the area of OB, a few entities decided to standardize rules and requirements for introducing and using OB. Particular countries and institutions released sets of unified guidelines on how OB needs to work within their specific areas of governance or jurisdiction.
Open Banking specifications defines
- How banks need to expose their APIs (to make their assets available accordingly)
- What security requirements need to be met by specific OB actors
- How to integrate applications
- And more.
OB specifications have developed into reliable guidelines on how to use Open Banking in a safe and efficient way.
There are a few prominent OB standards around:
Open Banking standards cover multiple areas:
API specifications for all APIs of the bank, for example, the read-write API (on how to acquire a list of accounts or transactions and similar) or the DCR specification (on how an external Fintech application can register to exchange data with the bank)
Security profiles covering, for example, the Financial-grade API (FAPI) profile focusing on the security of connecting clients to the bank and requirements they have to meet, such as an authentication method that they need to support
Customer experience guidelines designed for UX/UI specialists to explain how the Fintech application needs to be built to work according to the standards.
Where ACP gets in
With OB standards around and a growing amount of privacy breaches and cyber attacks, individuals and institutions have to start focusing on financial security. They need tools both for enabling OB in their projects or businesses and for supporting their compatibility with OB standards. Here’s where ACP gets in: the use of the ACP features for OB by individuals and institutions ensures
- Compatibility with OB standards (applications built, methods used, and so on)
- Security of their data privacy and the privacy of their users' data.
ACP offers features for banks that need an authentication server or a tool for providing the compatibility with OB specifications.
How ACP enables Open Banking
ACP is an authorization server that offers a set of features that enables OB for individuals and institutions. The OB-enabling features support the execution of multiple actions initiated by different OB actors, for example, the Fintech application user and the bank administrator.
Open Banking participants
For more details on OB actors, see Open Banking personas.
The actions performed by the OB personas are often focused around the communication and data exchange between OB personas involved. For the OB environment to work, the parties included need to be properly integrated, which usually requires multiple processes for redirection, synchronization, and so on. All the mentioned actions and processes, which together constitute the OB flow, are supported and controlled by ACP, for example the rich consent management.
Custom consent in Open Banking
For information on the process of managing consents according to Open Banking standards, see How consents are managed in Open Banking.
For information on how the custom consent page works and how to build to your own consent page using ACP, see Building the Open-Banking-compliant consent page.
ACP offers workspaces dedicated for OB, which makes your life easier by simplifying the process of creating a third party provider (TPP) application. If you use an OB workspace, all the security requirements for the TPP application to integrate properly are preconfigured for you.
For details on how ACP enables OB and required integrations between different entities, see Process of integration for OB enabled in ACP.
Try the Open Banking sandbox
The ACP OB Quickstart is a mock bank environment where you can find fake banking-Fintech scenarios. It shows features that ACP offers to support OB use cases. In the project, there are several applications, such as a bank, Fintech applications, and ACP itself.
The OB Quickstart is an open-source GitHub repository so you can trigger it on your PC easily and quickly. In the quickstart, you can see how things work and integrate. You can also play with the applications to get a hands-on knowledge of what technical problems regarding OB ACP can solve for you.
Open Banking use cases with ACP
The user has a number of bank accounts. He/She wants to have the data from all the account collected and displayed in one location so that they have their financial information at hand.
OB standards allow Fintech applications for connecting to multiple financial institutions using the same secure APIs defined in OB specifications.
ACP allows the bank to expose OB-compliant APIs securely. Using ACP assures that only trusted secure clients can access APIs of the bank.
The users want to check what data they’ve shared so far with particular Fintech applications. They need to revoke specific consents that they’ve given to particular applications.
ACP allows banks to expose the information on consents in the customer portal of the bank. The consent-self-service application contains a sample bank customer portal. It lists all third party providers (TPPs) with access to the user’s data. It allows revoking individual consents as well as all consents for a selected TPP.
Revoke TPP consents
The administrator needs to revoke all consents given to TPP due to, for example, the client being compromised.
ACP allows the administrator to manage consents given to TPP by the users. The consent-admin application contains a sample bank administration portal. It lists all TPPs and allows to revoke all consents given to a particular TPP.