Softwarepakketten.nl

Bijdrage van Bloggers (blogs)

Dutch PSD2 Bank API’s: diversity in rules and standardization

Plaatsingsdatum 02-04-2019
Berichtdatum Maart 2019

Steven Schouten, Business Consultant at Visma Connect

The revised European Payment Services Directive (PSD2) has finally been implemented in the Netherlands. The bank API sandboxes are now live and licensed Third Party Providers (TPPs) should be able to start using PSD2 APIs from September onwards. A first assessment of the API documentation published by the four largest Dutch banks show a multitude of differences, it is clear that the banks have not (yet) chosen for standardization.

Below we give our first findings of the PSD2 API sandbox documentation for Payment Initiation service (PIS) and Account Information service (AIS) that the four largest Dutch banks, ABN AMRO, ING, Rabobank and Volksbank have published. In this overview we do not aim to provide all details, but want to give insight in main aspects and differences that we have uncovered so far. We have not yet focused on the PSD2 API service for the Confirmation of Available Funds (CAF) nor on other services that are also offered through bank APIs. Further updates will follow.

General aspects
Geographically ING offers standardized APIs for 16 European countries for current accounts as well as card accounts (for AIS), however API availability, type of accounts, means of authentication, transaction history (beyond 90 days), etc. can differ per country. ABN AMRO offers the API services for current accounts in the Netherlands, Belgium, Germany and the United Kingdom. In Belgium private accounts and accounts for independent asset managers are also included. The Rabobank and Volksbank offer API’s for their Dutch accounts. Volksbank APIs pertain to ASN bank, RegioBank and SNS.

For authentication, all banks use the OAuth 2.0 Payment Service Users (PSUs) authentication. PSU authentication seems based on existing internet banking authentication mechanism.

Payment Initiation Services
Banks (obviously) all offer the possibility to initiate a single SEPA Credit Transfer. However, none of the banks give any information regarding using Instant payments (that will go live in May 2019 in the Netherlands).

ING and ABN AMRO Bank also offer international credit transfers to countries outside SEPA and currencies other than the Euro. ING also makes it possible to initiate domestic transfers within Europe with non-Euro currencies.

Volksbank offers the TPP a possibility to initiate recurring payments. After a one-time consent by the account holder the TPP can initiate the same SEPA Credit Transfer multiple times (not more than once a week), allowing TPPs for instance to collect subscription payments. The Rabobank offers a possibility to initiate a (one time initiated) Standing Order.

All banks allow the initiation of future dated payments, but with de Volksbank PIS API, the TPP will need to trigger the execution of the payment on the execution date itself.

All banks (except Volksbank) offer a means to request the payment status (after initiation), ING allows a TPP to retrieve (a copy of) the instruction details.

The actual flows of initiation and consent differ per bank. The API request and response formats differ per bank, e.g. required headers, path, body (some only in JSON others also XML), error codes, required payment information.

Account information Services
All banks offer API services (as mandated) to retrieve information regarding consented account details, balances and transactions. Furthermore, all banks offer the possibility to request the accounts for which the account holder has given the TPP consent.

ING and ABN AMRO Bank allow multiple balances depending on currency (for some countries). ING allows Account Information requests for Card Accounts.

Typically, the banks allow TPPs to retrieve up to 90 days of transaction details. With additional PSU consent ING will provide more transaction history. Rabobank states that a full transaction history of the PSU can be retrieved once by a TPP after the PSU has provided consent for the one-time access. Volksbank does not have a restriction on the transaction history.

The API request and response formats differs per bank, e.g. required headers, path, body (some only in JSON others also XML), error codes, required and provided information.

Conclusion
This initial assessment shows that the four largest Dutch Banks differ quite substantially in API standards, (detailed) services and flows, geographic scope of the services as well as the extent of the information provided on the developer websites. TPPs aiming to use the PSD2 API services will need to invest substantially to adopt for all the variations. On the other side the differences will certainly stimulate innovation!

What can Visma Connect do for you?
Visma Connect (formerly EBPI, now part of Visma group) supports companies in reaping the benefits of PSD2 XS2A services, by offering companies to be their Technical Service Provider (TSP) and offer standard service interface for Payment Initiation and Account Information services. VISMA Connect delivers services on its payments SaaS platform. VISMA Connect is engaged with market parties (some in the process of TPP license application) and regulators.

VISMA Connect’s vast experience and knowledge of business critical transaction processing and secure data integrations between different organizations in a business network both financial and non-financial industries can bring a unique role in the successful implementation of PSD2 XS2A. VISMA Connect helps to co-create an XS2A eco-system where TPPS and banks can communicate in a standard and secure way compliant with the comprehensive requirements from the regulator.

 

Categorie(n) Branche > ICT bedrijven, Standaardisatie, (open)standaarden, Branche > Financials, ICT Innovatie, PSD2
Bronvermelding Visma Connect / Steven Schouten

Automatisch op de hoogte blijven?
Schrijf u in voor onze gratis periodieke nieuwsbrief.

Terug


Onerzoeksbureau GBNED