Bijdrage van Bloggers (blogs)
Dutch PSD2 Bank API’s: diversity in rules and standardization
Plaatsingsdatum | 02-04-2019 |
Berichtdatum | Maart 2019 |
Steven Schouten, Business Consultant at Visma Connect The revised European Payment Services Directive (PSD2) has finally been implemented in the Netherlands. The bank API sandboxes are now live and licensed Third Party Providers (TPPs) should be able to start using PSD2 APIs from September onwards. A first assessment of the API documentation published by the four largest Dutch banks show a multitude of differences, it is clear that the banks have not (yet) chosen for standardization. Below we give our first findings of the PSD2 API sandbox documentation for Payment Initiation service (PIS) and Account Information service (AIS) that the four largest Dutch banks, ABN AMRO, ING, Rabobank and Volksbank have published. In this overview we do not aim to provide all details, but want to give insight in main aspects and differences that we have uncovered so far. We have not yet focused on the PSD2 API service for the Confirmation of Available Funds (CAF) nor on other services that are also offered through bank APIs. Further updates will follow. General aspects For authentication, all banks use the OAuth 2.0 Payment Service Users (PSUs) authentication. PSU authentication seems based on existing internet banking authentication mechanism. Payment Initiation Services ING and ABN AMRO Bank also offer international credit transfers to countries outside SEPA and currencies other than the Euro. ING also makes it possible to initiate domestic transfers within Europe with non-Euro currencies. Volksbank offers the TPP a possibility to initiate recurring payments. After a one-time consent by the account holder the TPP can initiate the same SEPA Credit Transfer multiple times (not more than once a week), allowing TPPs for instance to collect subscription payments. The Rabobank offers a possibility to initiate a (one time initiated) Standing Order. All banks allow the initiation of future dated payments, but with de Volksbank PIS API, the TPP will need to trigger the execution of the payment on the execution date itself. All banks (except Volksbank) offer a means to request the payment status (after initiation), ING allows a TPP to retrieve (a copy of) the instruction details. The actual flows of initiation and consent differ per bank. The API request and response formats differ per bank, e.g. required headers, path, body (some only in JSON others also XML), error codes, required payment information. Account information Services ING and ABN AMRO Bank allow multiple balances depending on currency (for some countries). ING allows Account Information requests for Card Accounts. Typically, the banks allow TPPs to retrieve up to 90 days of transaction details. With additional PSU consent ING will provide more transaction history. Rabobank states that a full transaction history of the PSU can be retrieved once by a TPP after the PSU has provided consent for the one-time access. Volksbank does not have a restriction on the transaction history. The API request and response formats differs per bank, e.g. required headers, path, body (some only in JSON others also XML), error codes, required and provided information. Conclusion What can Visma Connect do for you? VISMA Connect’s vast experience and knowledge of business critical transaction processing and secure data integrations between different organizations in a business network both financial and non-financial industries can bring a unique role in the successful implementation of PSD2 XS2A. VISMA Connect helps to co-create an XS2A eco-system where TPPS and banks can communicate in a standard and secure way compliant with the comprehensive requirements from the regulator.
|
Categorie(n) | Branche > Financials, ICT Innovatie, Open banking met PSD2, PSD3 en PSR, Standaardisatie, (open)standaarden |
Bronvermelding | Visma Connect / Steven Schouten |
Automatisch op de hoogte blijven?
Schrijf u in voor onze gratis periodieke
nieuwsbrief.