standisation efforts for psd2 - bankid · pdf filemade specification for ... caps interface...
TRANSCRIPT
STANDISATION EFFORTS FOR PSD2- and Nets contributions to utilisation of these standards in practice
Lars Lolk Hauge, March 2017
2
Standardisation in Europe on PSD2
2
Working on API specifications
for the AS-PSP towards TPPs
Open Banking
- backed by CMA in UK
Making open banking
framework for UK & PSD2
Hosting an open
banking forum
Payment Initiation WG
STET (France)
Made specification for
he AS-PSP API for TPP
- exclude SCA
Working on
recommendations and
specifications for identity
3
The CAPS Open Framework
3
and many more …
Multi-national and multi-stakeholder: banks, processors, corporates, TPPs, MNOs, …
4
Harmonisation is a key issue for CASP
4
5
CAPS identify and address the gaps
5
6
CAPS contributions on standardisation
6
The CAPS Open Framework ambition
CAPS NETWORK• Connecting TTPs and banks
CAPS TOOLBOX• Reducing the effort to go live
CAPS INFRASTRUCTURE SERVICES• making the framework
operational
CAPS COMMON LANGUAGE• ensuring unambiguous
understanding
CAPS GOVERNANCE
CAPS Interface Work Group
● Follow ERPB Interface WG via members
● Review and provide feedback on BG & STET specifications
● Write recommendations on PIS and AIS process flows for CAPS Handbook
● Including handling of varying SCA methods acros Europe
● Identifying need for additional services to enable PSD2 in practice
● PIS Business flows are open for review – BG first to comment.
CAPS Identity Work Group
● Chair ERPB Identity WG and drive work on final reports
● Liase with BG (& STET) on indentity infrastructure including passporting
● Write recommendations on identity managementfor CAPS Handbook
● PSD2 Directory services
● PSD2 Certificat usage – eIDAS and ETSI standards
● Disupte services planned for later
CAPS Plenary
● Members : Core, Contributing and observer
● Core members organise and drive forwards CAPS initiative
● Physical plenary meetings once a month and ad-hoc knowledge sharing
CAPS Communications Work Group
● Present and promote CAPS views on collaboration to forster innovation
● Produce and distribute CAPS white paper and documents
● Maintain CAPS website
Visit us at … www.caps-services.com
7
CAPS WG on identification
7
CAPS Identity Work Group
• FSA Authorisation process
• FSA Authorisation
• QTSP Certificate issuing
• EBA Register
• eIDAS cerificates – seal and web
• ETSI Standards for certificats
• Feeding recommendations to ERPB
for ERPB WG final report
• Dialog with eIDAS cerificates
• ETSI Standards for certificats
8
European Retail Payment Board
8
Three ERPB PIS WG, Subgroups
● Identification (including Directories/registry, certificates)
Chairs: Broxis (Preta/MyBank), Kong (CAPS/Icon)
● Interfaces (including API, direct/indirect access, aggregation, B2B
authentication, formats e.g. JSON, data definitions/standardisation, HBCI,
ISO, …)
Chairs: Schardt (Sofort), Olivie Bieser (EPC/Deutsche Bank)
● Operational & technical support (including dispute resolution, fraud
prevention, risk management, availability, developer tools, testing, sandbox,
app store, advanced authentication, … )
Chairs: Spittler (EuroCommerce/IKEA), TBC: Mawaad (ESBG/Caixa)
- to cover from technical, operational, governance and other dimensions
(and get clarification on any legal/regulatory issues)
Mandate:
“which practical elements, in
addition to the legal
requirements of the PSD2 and
the EBA RTS, might be needed
to ensure a smooth and efficient
provision of pan-European
payment initiation services … the
working group shall focus on the
business processes related to
the smooth functioning of the
payment services as well as the
technical solutions”
9
The Berlin Group specification
9
German Banks
• Bundesverband Öffentlicher Banken Deutschlands
• Finanzgruppe Deutscher Sparkassen-und
Giroverband
• Bundesverband der Deutschen Volksbanken und
Raiffeisenbanken
• Die Deutsche Kreditwirtschaft Bankenverband
• Deutsche Bank
• DZ Bank
Others representing ASPSP side
• Redsys
• Pan-Nordic card association
• Dutch Payments Association
• PaymentsUK
• SIA
• equensWorldline
• VISA
• Preta
• Unicredit
10
STET has finalised first version of API
10
STET made a PSD2 API
● API for TPP and AS-PSP interaction
● Strong Customer Authentication method is out of
scope for STET API specification
● Re-direction of PSU for SCA is assumed
A few examples
● List of PSUs accounts available for TPP
Via GET / accounts – PSU specified which data
elements is available for TPP
● Based on ISO 20022 structures
”The PISP sends a ISO20022 pain.013 based
structure”
● HTTP Elements are used as well
“The ASPSP answers with a HTTP201 and a link to
the created payment request.”
● The PISP can asks for the execution of the
transaction from a payment initiation.
Contact
● Hervé Robache from STET
STÉT is owner by the major French banks
11
eID Service Provider
The Nets PSD2 pilot will facilitate exploration of different PSD2 roles and user
experiences to drive innovation in a PSD2 context
Provide result messages for third party as PISP or AISP
Consider permission tokens for recurrent access
What data will be provided about the third
party to the bank?
How will dynamic linking take place?
How to prevent any credential sharing with third
parties?
How to ensure convenience in strong customer
authentication and authorisation?How can banks avoid
transmission of account numbers?How is acceptance established for
payment initiation and instrument?
How can a single click payment
experience be enabled for regular
end-users?
Acceptance Account data
Consent & Credentials
Checking and responseResult and recurrence
1 2
3
4
5
Shop: News website PISP
Bank
eID Service Provider
Nets PSD2 Pilot Scope
What payment account data will
be accessible and returned?
Data feedback6AISP
Financial
Service Provider
Shop
AISP Bank
NAAS
THIS DOCUMENT AND ALL INFORMATION HEREIN IS CONFIDENTIAL AND PROPRIETARY INFORMATION OF NETS. SUCH INFORMATION SHALL NOT BE
DISCLOSED TO ANY THIRD PARTIES WITHOUT NETS’ PRIOR WRITTEN CONSENT.
13
The pilot shows how smooth and secure user journeys can be created
under PSD2, enabling winning customer experiences
Nets PSD2 Pilot Scope
THIS DOCUMENT AND ALL INFORMATION HEREIN IS CONFIDENTIAL AND PROPRIETARY INFORMATION OF NETS. SUCH INFORMATION SHALL NOT BE
DISCLOSED TO ANY THIRD PARTIES WITHOUT NETS’ PRIOR WRITTEN CONSENT.
Customer wants access
to paid news content
Customer does check-
out and makes
acceptance of purchase.
Customer visits PISP
(Nets – for the demo)
and selects preferred
bank
Customer’s bank issues
a token to merchant
which can be revoked or
restricted with expiry
date, frequency of
approval etc.
Strong customer
authentication takes
place through BankID or
other solution – consent
is signed
NordeaNN
Bank
1 2 3 4 5
Snapshots of account access user journey