Convenient solution for PSD2-compliant APIs that provide access to bank accounts and making payments
X2SA Core offers an open source implementation of the Berlin Group NextGenPSD2 framework which can be connected to your middleware services or your core banking system.
The challenge
The Payment Services Directive 2 (PSD2) signals a new market opportunity for third party payment providers (TPPs). Registered and authorized TPPs must be able to access customer accounts at the account-holding bank via APIs.
As a bank, you’re obliged to provide TPPs with X2SA interfaces to access payment transactions. However, becoming PSD2 compliant can be complex.
Do you lack the time and resources to implement or develop an Open API interface for your financial institution?
The solution
X2SA Core provides an open source implementation of the Berlin Group NextGenPSD2 framework that can be connected to your middleware services or core banking system. We’ll help you meet the directive’s requirements with our proven solution.
The X2SA solution component includes a consent management system to store and manage the consent commands issued by the PSU to the relevant TPPs. A logging system then logically tracks all associated system calls.
X2SA is fully compliant with the NextGenPSD2 Implementation Support Program (NISP), which not only defines processes, recommendations, and test cases, but also ensures that you implement them correctly to meet regulatory requirements.
Our solution provides Swagger documentation for all REST API modules for all possible configurations of mandatory XS2A functionality.
We support all defined Strong Customer Authentication (SCA) alternatives (REDIRECT, EMBEDDED, DECOUPLED, OAUTH), as well as multi-level SCA, multi-currency accounts, all required payment product types and account information.
Additional features such as Account Owner Data, Standing Order Lists, TPP Stop List, Funds Confirmation Consent provide banks with individual optional enhancements.
The benefits
- Strong customer authentication (SCA) and enhanced data protection in line with PSD2 requirements
- Implementation of all Berlin Group mandated API endpoints as well as various optional endpoints
- Swagger documentation of all REST API modules
- Preserved internal resources for rigorous implementation and maintenance of PSD2 requirements
- New digital service offerings enable new business models