[Openid-specs-fapi] Open Banking Gateway Security

Fri Jul 8 14:58:53 UTC 2022

Data doesn’t need to be signed - this isn’t mandated anywhere. 

Many of the aggregators or TSPs (the most common terms) are themselves authorised AISPs - to get round PSD2/RTS which does’t cater for them. 

The current main value they offer is connectivity - because of the lack of a common well implemented standard (esp outside UK). But really it should be data enrichment, categorisation and commercial models for premium APIs. 

Many of these aggregators also act as PISPs and work with merchants. 

Chris Michael
Co-Founder and CEO
Ozone Financial Technology Ltd
www.ozoneapi.com   
+44 (0)7767 372277

> On 8 Jul 2022, at 15:39, Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:
> 
> Hi FAPIers,
> According to some vendors, the only reasonable way using Open Banking, is through a gateway which offers a "unified" Open Banking API.  There are plenty of such gateways on the market.
> 
> What's not particularly apparent (to me at least), is how a gateway service can provide the same security as a "direct line", since adapted/reformatted data needs to be resigned, possible using the gateway's key as well.
> 
> Does the PSD2 RTS actually include support for OBGWs?
> 
> WDYT?
> 
> Cheers,
> Anders
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-fapi

-- 

The information in this email is confidential and solely for the use of 
the intended recipient(s). If you receive this email in error, please 
notify the sender and delete the email from your system immediately. In 
such circumstances, you must not make any use of the email or its contents.

Views expressed by an individual in this email do not necessarily reflect 
the views of Ozone.

Computer viruses may be transmitted by email. Ozone 
accepts no liability for any damage caused by any virus transmitted by this 
email. E-mail transmission cannot be guaranteed to be secure or error-free. 
It is possible that information may be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission.

Ozone Financial 
Technology Limited t/a Ozone. Registered office: 86-90 Paul Street, London, 
EC2A 4NE. Registered in England and Wales. Registered number: 10969115.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20220708/ab85f3b4/attachment.html>