Open Space

WSO2 Open Banking solution [ https://wso2.com/solutions/financial/open-banking/ ] is a purpose built solution for regulatory compliance in global regions including EU,UK [ https://openbanking.wso2.com/ ], Australia [ https://wso2.com/solutions/financial/open-banking/australia/ ]and new emerging countries. It helps banks to align with the regulatory needs while catering technical requirements with regulatory expertise.We have been closely working with EU/UK PSD2 compliance effort during past year and have improved the solution to cater a set of emerging specification in UK/EU for open banking as; OpenBanking UK [ https://openbanking.atlassian.net/wiki/spaces/DZ/pages/16385802/Specifications ] Berlin NextgenPSD2 [ https://www.berlin-group.org/nextgenpsd2-downloads ] STET [ https://www.stet.eu/en/psd2/ ] While we are working on supporting above three specifications from WSO2 Open Banking solution,interestingly there are some common factors which have been defined from each of

Introduction 2018 is all set to be a game-changing year for European banking. The Revised Payment Services Directive (PSD2) has opened the door to new third party providers [TPPs] to connect with banks and manage finances of bank customers on behalf of them. The PSD2 regulation has mandated banks to expose their core-banking account data and payment services to authorized TPPs to consume. Thus as a bank it’s essential to have a solution which will securely expose their internal banking services to third party providers in a trusted manner. WSO2 Open Banking solution provides all required components to expose bank APIs in a well secured manner in order to become PSD2 compliant. This article explains about the importance of the TPP role in PSD2 domain, the requirements set that banks need to provide for TPPs by PSD2 regulations and how WSO2 Open Banking solution supports these requirements.  From my last blog ,I have given an introduction for PSD2 and WSO2 Open Banking solution w

Overview of PSD2 The Revised Payment Services Directive (PSD2) of the European Union, seeks to improve the existing European rules for electronic payments. PSD2 deadline is already elapsed and being compliant of PSD2 has become top in the priority list of majority of EU banks and financial institutions. In short, PSD2 enables bank customers, both consumers and businesses, to allow third-party providers to manage their finances. PSD2 sets out rules concerning: Strict security requirements for electronic payments and the protection of consumers' financial data, guaranteeing safe authentication and reducing the risk of fraud; The transparency of conditions and information requirements for payment services; The rights and obligations of users and providers of payment services. The core of the directive is the requirement for banks to open bank data as APIs to third parties under the XS2A (access to account) rule. With the adoption of PSD2, the playing field is final

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources  on a web page to be requested from another domain outside the domain from which the first restricted resource was served. For example, an HTML page of a web application served from http://domain-a.com makes an <img src >  request for a different domain as 'domain-b.com' to get an image via an API request.  For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts as in above example and only allows to make HTTP requests to its own domain. To avoid this limitation modern browsers have been used CORS standard to allow cross domain requests. Modern browsers use CORS in an API container - such as  XMLHttpRequest  or Fetch - to mitigate risks of cross-origin HTTP requests.Thing to  note is it's not only sufficient that the browsers handle client side of cross-origin sharing,but also the servers from which these resources getting need to handl