1.1 API and PSD2
The API (Application Programming Interfaces) are standard interfaces that enable software components to interact and exchange data. Widely used in the web, APIs enable various applications to interact without the need for human input, encouraging:
- greater scalability in services;
- reliable performance levels;
- security of data transmission thanks to the use of open standards and protocols (SAML, Oauth, TLS);
- interoperability between services and products made by the various players involved;
- Greater UX (User Experience).
They have become the framework de facto for sharing data and have enabled organisations that manage large amounts of data to offer development platforms for third parties.
APIs are key to access accounts (access to accounts - XS2A) defined in the PSD2, although the legislation does not indicate in detail the technology that banks will have to use to dialogue with third parties, allowing free space to market initiatives.
In Europe, some cooperative initiatives for the establishment of common standards have been conducted, in order to optimise the energies and make the investments in the sector efficient. The definition of shared APIs will lead to the reduction of European internal fragmentation and of the complexity in accessing the accounts according to the PSD2.
In Europe, among the many active initiatives aimed at harmonising the payment market, particular relevance is given by the work of the Berlin Group, an initiative that aims to harmonise and standardise pan-European payment solutions. The Group includes banks, banking associations, Payment Institutions and interbank market participants in the SEPA area. The Berlin Group has created an ad hoc group on APIs, which also includes Consorzio CBI, with the main purpose of defining an open communication scheme in the PSD2 compliant interbank domain.
To fully understand the potential of APIs, Financial Institutions must reflect firstly on what data may be shared with third parties.