STANDISATION EFFORTS FOR PSD2- and Nets contributions to utilisation of these standards in practice

Lars Lolk Hauge, March 2017

2

Standardisation in Europe on PSD2

2

Working on API specifications

for the AS-PSP towards TPPs

Open Banking

- backed by CMA in UK

Making open banking

framework for UK & PSD2

Hosting an open

banking forum

Payment Initiation WG

STET (France)

Made specification for

he AS-PSP API for TPP

- exclude SCA

Working on

recommendations and

specifications for identity

3

The CAPS Open Framework

3

and many more …

Multi-national and multi-stakeholder: banks, processors, corporates, TPPs, MNOs, …

4

Harmonisation is a key issue for CASP

4

5

CAPS identify and address the gaps

5

6

CAPS contributions on standardisation

6

The CAPS Open Framework ambition

CAPS NETWORK• Connecting TTPs and banks

CAPS TOOLBOX• Reducing the effort to go live

CAPS INFRASTRUCTURE SERVICES• making the framework

operational

CAPS COMMON LANGUAGE• ensuring unambiguous

understanding

CAPS GOVERNANCE

CAPS Interface Work Group

● Follow ERPB Interface WG via members

● Review and provide feedback on BG & STET specifications

● Write recommendations on PIS and AIS process flows for CAPS Handbook

● Including handling of varying SCA methods acros Europe

● Identifying need for additional services to enable PSD2 in practice

● PIS Business flows are open for review – BG first to comment.

CAPS Identity Work Group

● Chair ERPB Identity WG and drive work on final reports

● Liase with BG (& STET) on indentity infrastructure including passporting

● Write recommendations on identity managementfor CAPS Handbook

● PSD2 Directory services

● PSD2 Certificat usage – eIDAS and ETSI standards

● Disupte services planned for later

CAPS Plenary

● Members : Core, Contributing and observer

● Core members organise and drive forwards CAPS initiative

● Physical plenary meetings once a month and ad-hoc knowledge sharing

CAPS Communications Work Group

● Present and promote CAPS views on collaboration to forster innovation

● Produce and distribute CAPS white paper and documents

● Maintain CAPS website

Visit us at … www.caps-services.com

7

CAPS WG on identification

7

CAPS Identity Work Group

• FSA Authorisation process

• FSA Authorisation

• QTSP Certificate issuing

• EBA Register

• eIDAS cerificates – seal and web

• ETSI Standards for certificats

• Feeding recommendations to ERPB

for ERPB WG final report

• Dialog with eIDAS cerificates

• ETSI Standards for certificats

8

European Retail Payment Board

8

Three ERPB PIS WG, Subgroups

● Identification (including Directories/registry, certificates)

Chairs: Broxis (Preta/MyBank), Kong (CAPS/Icon)

● Interfaces (including API, direct/indirect access, aggregation, B2B

authentication, formats e.g. JSON, data definitions/standardisation, HBCI,

ISO, …)

Chairs: Schardt (Sofort), Olivie Bieser (EPC/Deutsche Bank)

● Operational & technical support (including dispute resolution, fraud

prevention, risk management, availability, developer tools, testing, sandbox,

app store, advanced authentication, … )

Chairs: Spittler (EuroCommerce/IKEA), TBC: Mawaad (ESBG/Caixa)

- to cover from technical, operational, governance and other dimensions

(and get clarification on any legal/regulatory issues)

Mandate:

“which practical elements, in

addition to the legal

requirements of the PSD2 and

the EBA RTS, might be needed

to ensure a smooth and efficient

provision of pan-European

payment initiation services … the

working group shall focus on the

business processes related to

the smooth functioning of the

payment services as well as the

technical solutions”

9

The Berlin Group specification

9

German Banks

• Bundesverband Öffentlicher Banken Deutschlands

• Finanzgruppe Deutscher Sparkassen-und

Giroverband

• Bundesverband der Deutschen Volksbanken und

Raiffeisenbanken

• Die Deutsche Kreditwirtschaft Bankenverband

• Deutsche Bank

• DZ Bank

Others representing ASPSP side

• Redsys

• Pan-Nordic card association

• Dutch Payments Association

• PaymentsUK

• SIA

• equensWorldline

• VISA

• Preta

• Unicredit

10

STET has finalised first version of API

10

STET made a PSD2 API

● API for TPP and AS-PSP interaction

● Strong Customer Authentication method is out of

scope for STET API specification

● Re-direction of PSU for SCA is assumed

A few examples

● List of PSUs accounts available for TPP

Via GET / accounts – PSU specified which data

elements is available for TPP

● Based on ISO 20022 structures

”The PISP sends a ISO20022 pain.013 based

structure”

● HTTP Elements are used as well

“The ASPSP answers with a HTTP201 and a link to

the created payment request.”

● The PISP can asks for the execution of the

transaction from a payment initiation.

Contact

● Hervé Robache from STET

STÉT is owner by the major French banks

11

eID Service Provider

The Nets PSD2 pilot will facilitate exploration of different PSD2 roles and user

experiences to drive innovation in a PSD2 context

Provide result messages for third party as PISP or AISP

Consider permission tokens for recurrent access

What data will be provided about the third

party to the bank?

How will dynamic linking take place?

How to prevent any credential sharing with third

parties?

How to ensure convenience in strong customer

authentication and authorisation?How can banks avoid

transmission of account numbers?How is acceptance established for

payment initiation and instrument?

How can a single click payment

experience be enabled for regular

end-users?

Acceptance Account data

Consent & Credentials

Checking and responseResult and recurrence

1 2

3

4

5

Shop: News website PISP

Bank

eID Service Provider

Nets PSD2 Pilot Scope

What payment account data will

be accessible and returned?

Data feedback6AISP

Financial

Service Provider

Shop

AISP Bank

NAAS

THIS DOCUMENT AND ALL INFORMATION HEREIN IS CONFIDENTIAL AND PROPRIETARY INFORMATION OF NETS. SUCH INFORMATION SHALL NOT BE

DISCLOSED TO ANY THIRD PARTIES WITHOUT NETS’ PRIOR WRITTEN CONSENT.

Tak !Lars Lolk Hauge

llhau@nets.eu

12

13

The pilot shows how smooth and secure user journeys can be created

under PSD2, enabling winning customer experiences

Nets PSD2 Pilot Scope

THIS DOCUMENT AND ALL INFORMATION HEREIN IS CONFIDENTIAL AND PROPRIETARY INFORMATION OF NETS. SUCH INFORMATION SHALL NOT BE

DISCLOSED TO ANY THIRD PARTIES WITHOUT NETS’ PRIOR WRITTEN CONSENT.

Customer wants access

to paid news content

Customer does check-

out and makes

acceptance of purchase.

Customer visits PISP

(Nets – for the demo)

and selects preferred

bank

Customer’s bank issues

a token to merchant

which can be revoked or

restricted with expiry

date, frequency of

approval etc.

Strong customer

authentication takes

place through BankID or

other solution – consent

is signed

NordeaNN

Bank

1 2 3 4 5

Snapshots of account access user journey