Open Banking Sets the Standard for Secure Directory
Listen as Chris Michael, Head of Technology for Open Banking, describes how his organization uses Ping Identity to provide a trust framework for bank and third party interactions.
Open Banking Limited, the trading name of the Open Banking Implementation Entity (OBIE), is a private, non-profit company established in 2016 by the UK’s Competition and Markets Authority (CMA) to create software standards and industry guidelines for United Kingdom retail banking. Open Banking works with the UK’s largest banks and building societies as well as challenger banks, financial technology companies, third-party providers (TPPs) and consumer groups, with the mission of driving competition and innovation in the banking industry.
As part of that mission, Open Banking creates standards and acts as an implementation services entity for open banking in the UK, helping to enforce these standards and making sure that financial institutions are implementing them correctly while ensuring that third parties can build out their propositions as effectively as possible.
Open Banking realized early on that they would need to create a whitelist to ensure that these banks and third parties know at all times who can access what APIs. This whitelist would provide a trust framework so that third parties and banks can trust one another and trade securely.
The whitelist, now known as the Open Banking Directory, had to provide three key functions. One, the trust framework would enable effortless confirmation of an entity’s regulated status, supporting real-time updates from a central source. Two, the identity component of the platform would contain a searchable directory of all third parties and banks, allowing for transparency and discovery as new players enter the market. And three, the directory would support dynamic client registration, facilitating the automation of the on-boarding process between third parties and banks and further reducing barriers, especially for smaller players.
Open Banking considered building the framework internally, but ultimately chose Ping Identity technology as a core part of their stack. Under Open Banking, entities must have absolute certainty about the identity of regulated parties; banks need to know who third parties are and third parties need to know who banks are so they can securely conduct transactions with and communicate with one another.
“We could have decided to manually build a lot of the functionality ourselves, but why reinvent the wheel when there's a product out there like Ping that does what you need?” asked Chris Michael, Head of Technology for Open Banking.
Another consideration in Open Banking’s selection of Ping Identity revolved around the fact that many of the banks in the UK and globally are already using Ping as a core IAM vendor. Ping meets the rigors of financial-grade security that banks require, while providing a consistent user experience. Ping’s comprehensive, standards-based identity and access management (IAM) platform also meets PSD2 and Open Banking’s broad set of requirements for banks themselves, providing secure access to accounts (XS2A) through open APIs, strong customer authentication (SCA) and consent management.
“It's also useful that we are using the same core technology as many other banks," Michael added.
As a direct result of using Ping Identity technology to underpin the the UK’s open banking framework, Open Banking was able to set up the Open Banking Directory. They also worked with the banks and third parties to get them on board to the directory in a very short period of time, with 22 registered Account Servicing Payment Service Providers (ASPSPs) and 28 TPPs as of July 2018. “The fact that we went live on time, and we enabled the industry to start to go live from January this year, I think is no mean feat,” Michael said.
Now all UK banks, financial services organizations and third-party providers who want to participate in the open banking ecosystem go through an enrollment and verification process before becoming trusted identities stored in a central Ping repository. Organizations not only meet Open Banking requirements, but they deliver a secure, seamless and personalized experience for customers.
more stories you'll love
Ping Identity helped Equinix provide easy employee access to dozens of applications.
GSK delivers a secure user experience that their employees love with a seamless rollout of SSO and MFA..
Learn how Ping Identity helped New South Wales provide citizens an easy to use, one stop dashboard for online government service transactions.
Ping helps Intuit secure standards-based approach to authorization, authentication, provisioning and directory services with the ability to automate new applications.