Fintech – Open Banking APIs

Open Banking and GDPR

Your apps are your bank

Open Banking

What is Open Banking?

Open banking refers to the practice of providing open, consumer-permissioned access to financial data held at financial institutions through the use of standardised APIs.

API in Open Banking:
in open banking (small O and small B) open access to financial accounts is provided through API, these APIs help the customers to login securely to their accounts and connect them to the apps and services they want, this allows consumers to more easily share financial data to obtain the products and services they want and to better manage their money.

Venmo Banking

Open Banking Participants:

1. Account Information Service Provider (AISP):

  1. a- authorised to retrieve account data provided by banks and financial institutions
    b- provide details on transactions
    c- balances and access account information based on consent
    d- A customer holding accounts in different banks across different countries can use an AISP to get consolidated reports, detialed analysis
    e- Readonly access – no update no delete no edit
    f- SSO view on all bank accounts
  2. Payment Initiation Service Provider (PISP):
    a- authorised to initiate payments into or out of a user’s account
    b- Payment Initiation Service Provider
    c- Will be able to initiate payments on behalf of a customer from the customers account with a bank
    d- Someone managing a purchase online can initiate a credit transfer via a PISP instead of using a debit or credit card
    e- Cannot hold the payer’s funds at any time, but only initiate payments in connection with the provision of the payment initiation service
    f- Ensure that the personalised security credentials of the customer are not accessible to any other party
    g- Ensure that any other information about the customer obtained when providing payment initiation service
    h- Ensure secure communication between all parties,
    i- Cannot store sensitive payment data of the customer, can not modify recipient data for the transaction
  3. PIISP: Payment Instrument Issuing service Provider:
    a- credit card
    b- mobile application
    c- smart watch, also knows as CISP (Card Issuing Service Provider) service that checked with your bank if the payment is available or not
    d- answer can only be positive or negative
    e- never be able to get the balance or store any information for which its not authorised for

    ASPSP: Account Servicing Payment Service Provider:
    a- Your Bank
    b- obliged to receive and manage payment orders initiated by its customers through PISP
  4. Access to Account/XS2A service:
    a- Provision of secure access
    b- Multi factor authentication
    c- biometric
  5. New Age Personal Finance Tools:
    a- Paypal/Siri/Cortana/Chatbot – Helping in personal finance management and transactions
    b- Facbook messenger payment – can transfer money to friends without leaving the service through, Stripe, Paypal, Braintree, Visa, MasterCard, American Express, Whatsapp
    c- Invoice and accounting software: uses banking apis to connect to a user’s bank, empowering its clients with full control of their business financing

3 Types of Banks:
Types of Banks

Open banking api banks use the full potential of technology advancements, they apply predictive analysis on their customers data, have chatbots to scale the onboarding jobs, and smart automation to support the large clientele.

Fintech and Microsevices:

Perhaps the most important part of any modern fintech app would be the architecture based on microservices.

Banking Microservices
Modern architectures revolves around microservices, fintech apps are no exceptions, services like Login, Accounts, Customer Profile, Deposits, Transactions, Payments, Standing Orders etc are the building blocks of any fintech app.

What it means to be GDPR Compliant:

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). There are 7 GDPR principles

  • 1- Lawfulness, fairness and transparency. Processed, lawfully, with fairness and transparency
  • 2- Purpose limitation, Collected for specified, explicit and legitimate purposes
  • 3- Data minimisation, Shouldn’t collect more personal information than required
  • 4- Accuracy, Accurate and where necessary kept up to date
  • 5- Storage limitation, Data storage time should be defined and communicated
  • 6- Integrity and confidentiality (security), Data must be protected against “unauthorised or unlawful processing”
  • 7- Accountability, Controller should be responsible for the data

Reference Architecture of Open Banking System on AWS

Open Banking Architecture


Here at Lycore Pvt Ltd, we can help you setup your Open Banking APIs and create open banking solutions for you, if interested you can email us


payment app/APIs


Search and social

Machine Learning

Predictive analytics
/machine learning

Payment APIs

payment app/APIs