Access to Accounts (XS2A) – Integrated interface for Open Banking

The simple and secure way to provide an Open Banking Channel

The dynamics of the current market place ensure that delivering Open Banking solutions is a trend which is set to grow in the coming years. Already many third-party providers are offering services based on accessing multiple banks. In Europe, the regulator has stepped in and defined in PSD2 a strict set of rules with which each bank must comply:

• Provide at least one Access to Accounts (XS2A) interface for account information and payment initiation
   
• Deliver a Strong Customer Authentication solution for this interface, compliant with regulations
   
• Ensure the functionality, performance and availability matches that of the bank’s own internet banking
   
• Document, publish and ensure a test capability for regulators and third-parties
   

Fully Integrated, Standardized and Scalable – Omikron’s Approach

Within the omni-channel design of the MultiCash Communication Platform, the new XS2A Connector is seamlessly integrated alongside other channels (e.g. EBICS, MCFT, online banking). In order to ensure rapid market maturity and implement new standards quickly, Omikron’s design is closely aligned with the specification standards of the Berlin Group. Using the REST-API provided, ISO 20022-formats and JSON-formats are exchanged and processed using the existing internal workflow. For authorization, users can work with the existing familiar signature method.

The XS2A Connector module consists of two components:

• The Service Catalogue consists of REST-APIs for external use. This service catalogue is documented and publicly available.
   
• The Authentication Server handles the authentication in the third-party scenario. Each Third Party Provider owns a qualified certificate as defined in the PSD2 requirements. The Omikron Authentication Server is responsible for the identification of third parties based on the established Public-Key-Infrastructure with qualified certificates. These certificates will be issued to registered third parties by approved certificate authorities. The Omikron Authentication Server verifies the validity of the certificates.

In addition, we have enhanced the internet banking application with an integrated Consent Management. For Secure Customer Authentication, your bank can use the same authentication/authorization procedures as used for internet banking.